Static Routing Table For Lan Server

[simon43]

I'm having no success in configuring my ADSL router to allow inbound access to a Linux server on my LAN.

This server has an 'outbound' route ok, but the external server which is trying to connect to it is having no success.

- My server and router firewall is temporarily disabled

- I have set up a 'virtual server' entry on my router to pass the specific port traffic through to my Linux server.

I think I need to set up a static route entry on my router. The Linux server is on a fixed internal IP of 192.168.0.107 and my router internal IP is 192.168.0.1.

I set up 2 static route entries on my router, one from the router to the server and vice-versa. But still my external server cannot 'see' my internal LAN server!!!

Any ideas what tests I can do etc to resolve this frustrating problem?

Thanks

Simon

[monty]

Do you have a fixed public IP or are you using a dynamic IP service (such as dyndns)?

[simon43]

I have a dynamic IP, but my lan server application updates the IP address at every minute for the remote server. So the inbound connection from the remote server is reaching my router public, dynamic IP address but is the not being routed through to my LAN server - ev en though I have configured the correct port-forwading etc.

It's a problem that I have had with other ADSL routers. It's not a router fault, more the need to correctly implement/configure the correct static route...

Simon

[Prasert]

Any host on the internet will be unable to 'see' your server on private ip address 192.168.0.107, since this address space is not routed (google for RFC1918).

Your router uses NAT to modify packet headers, changing private IP addresses to it's own public IP address.

The routing table on your server should be:

192.168.0/24 to it's own interface

default to 192.168.0.1

The routing table on your routing should be:

192.168.0/24 to it's lan interface

default to it's wan interface

To test a correct translation in your router, telnet from the internet to your public IP address and specify the portnumber. It's the simplest way to test a tcp connection. Once the connection has been established, check the router (NAT table) and look for this translation. Same time, check the active tcp connections on your server.

If that's not clear enough, enable telnet on your linux server and passthrough port 23 on your router. Simply telnet to your public IP and you should login on your server.

[simon43]

I understand about private IP addresses, so that's why I've configured the virtual server on my router, and specified which ports are to forwarded.

The ports are 8000 and 8888..

But when I look at my router log, I see:

Sunday, September 16, 2007 9:51:16 PM Blocked access attempt from 125.27.167.168:8000 to TCP port 62969

Sunday, September 16, 2007 9:51:19 PM Blocked access attempt from 125.27.167.168:8000 to TCP port 62969

Sunday, September 16, 2007 9:51:25 PM Blocked access attempt from 125.27.167.168:8000 to TCP port 62969

Sunday, September 16, 2007 9:51:57 PM Blocked access attempt from 125.27.167.168:8888 to TCP port 62991

Sunday, September 16, 2007 9:52:00 PM Blocked access attempt from 125.27.167.168:8888 to TCP port 62991

Sunday, September 16, 2007 9:52:06 PM Blocked access attempt from 125.27.167.168:8888 to TCP port 62991

Ignoring the fact that my router clock is not set correctly, why on earth is thjis inbound traffic being sent to ports 62969 and 62991? I can understand that this is blocked! My router simply allows me to forward specified ports to a specified private ip address, which I have done! I have no idea why TCP port 62969 and 62991 appear in this router log.

The ip of 125.27.167.168 is my router dynmaic ip address

Simon

[monty]

It looks like your external server is trying to connect to ports 62969 and 62991, instead of to ports 8000 and 8888. Which are not translated since you didn't create virtual severs for them...

[simon43]

But why is it trying to connect to 62969 etc?? I have not set up any port-forwarding at all for these ports!! It's a mystery. Maybe I should reset the router to factory defaults and start again.,.

Simon

.

[BaDSaM]

Now that is the only thing written here that makes sense.

You don't need to mess with the routing table - your server and router are on the same subnet.

You haven't told us your router model and manufacturer. I suspect your router has a firewall that is configured seperately from port forwarding.

Let's start with the router - who makes it? What is it?

[simon43]

OK, router is a 'Level One' FBR-1407A ADSL firewall/VPN/print server...

As for the security settings for this router, they are currently 'wide open', (as far as I can tell). Yet the log clearly shows that incoming traffic is being rejected by the router firewall.

Simon