Accessing local LAN via Public IP address, Port Forwarding

Discussion in 'Cisco' started by Steve, May 26, 2004.

  1. Steve

    Steve Guest

    Apparently, I am finding out that this does not work with Linksys routers. I
    have a befsr81V3 broadband router.

    I have a device, 192.168.1.7, that needs to send a reply to 192.168.1.12,
    BUT, because of the way the 2 devices work (VOIP), the reply would go to the
    public IP address (static) of the router. These replies are *not* being port
    forwarded back to the LAN.

    I know some routers handle this. Apparently not this router, but, I get
    differing answers from Linksys "tech support". Please do not try and say try
    DMZ, that poses different issues and it not workable no matter what!

    So, having spent 1.5 hours on the phone, can anyone confirm that Linksys
    router(s) do not handle this (doc SEEMS to say they do not, but not clear),
    and, is there a nice broadband router for home use that has QOS, and 8
    ports, that I could use which DOES do this?

    I must have a router that supports a local device talking to a local device,
    over the public IP address.

    Steve
    Steve, May 26, 2004
    #1
    1. Advertising

  2. "Steve" <> wrote in message
    news:...
    > I have a device, 192.168.1.7, that needs to send a reply to 192.168.1.12,
    > BUT, because of the way the 2 devices work (VOIP), the reply would go to

    the
    > public IP address (static) of the router. These replies are *not* being

    port
    > forwarded back to the LAN.


    Well, this is not a routing issue, really. The if the destination is the
    public IP address of the router, you want it to translate BACK to
    192.168.1.12? Sounds like you are violating the principles of NAT here.
    Each device thinks it is talking to the outside, but in reality are talking
    to each other, except by getting translated by the outside address?

    Sounds like it is really a problem with DNS design.

    > I know some routers handle this.


    How? You'd have to do some serious policy routing gymnastics to make it
    work.

    > Apparently not this router, but, I get
    > differing answers from Linksys "tech support". Please do not try and say

    try
    > DMZ, that poses different issues and it not workable no matter what!


    Well, this is a pretty unusual situation.

    > So, having spent 1.5 hours on the phone, can anyone confirm that Linksys
    > router(s) do not handle this (doc SEEMS to say they do not, but not

    clear),
    > and, is there a nice broadband router for home use that has QOS, and 8
    > ports, that I could use which DOES do this?


    Why don't we clarify in a little more detail what "this" is?

    > I must have a router that supports a local device talking to a local

    device,
    > over the public IP address.


    I'm not sure if the Linsys supports it, since you are translating outbound
    and inbound at the same time. There has to be a more sensible way to run
    the application. Why is this system set up this way?
    Phillip Remaker, May 26, 2004
    #2
    1. Advertising

  3. Steve

    Steve Guest

    Some routers DO do this. SIP VOIP router and SIP server behind same NAT
    firewall is the specific application. Both need to be addressed from other
    sites around the world, and to each other. Yes, can make or use 2 static
    IPs, buy 2 routers, but most home office people do not wish to do this.

    To quote one sample web site (and I know some do by experience):

    "Note that many NAT implementations will not let you access things via the
    public IP from within the private network: that does not mean that they're
    not accessible from the outside."

    Find this on:

    http://www.dyndns.org/support/kb/nat.html

    Steve

    "Phillip Remaker" <> wrote in message
    news:_WRsc.3939$N%...
    >
    > "Steve" <> wrote in message
    > news:...
    > > I have a device, 192.168.1.7, that needs to send a reply to

    192.168.1.12,
    > > BUT, because of the way the 2 devices work (VOIP), the reply would go to

    > the
    > > public IP address (static) of the router. These replies are *not* being

    > port
    > > forwarded back to the LAN.

    >
    > Well, this is not a routing issue, really. The if the destination is the
    > public IP address of the router, you want it to translate BACK to
    > 192.168.1.12? Sounds like you are violating the principles of NAT here.
    > Each device thinks it is talking to the outside, but in reality are

    talking
    > to each other, except by getting translated by the outside address?
    >
    > Sounds like it is really a problem with DNS design.
    >
    > > I know some routers handle this.

    >
    > How? You'd have to do some serious policy routing gymnastics to make it
    > work.
    >
    > > Apparently not this router, but, I get
    > > differing answers from Linksys "tech support". Please do not try and say

    > try
    > > DMZ, that poses different issues and it not workable no matter what!

    >
    > Well, this is a pretty unusual situation.
    >
    > > So, having spent 1.5 hours on the phone, can anyone confirm that Linksys
    > > router(s) do not handle this (doc SEEMS to say they do not, but not

    > clear),
    > > and, is there a nice broadband router for home use that has QOS, and 8
    > > ports, that I could use which DOES do this?

    >
    > Why don't we clarify in a little more detail what "this" is?
    >
    > > I must have a router that supports a local device talking to a local

    > device,
    > > over the public IP address.

    >
    > I'm not sure if the Linsys supports it, since you are translating outbound
    > and inbound at the same time. There has to be a more sensible way to run
    > the application. Why is this system set up this way?
    >
    >
    Steve, May 26, 2004
    #3
  4. Steve

    Steve Guest

    Actually, just by mentioning DNS, Phillipp did give me an idea.

    Though all of the setup instructions mention IP addresses, why not use
    names?

    So, my solution was to use a CNAME out on the internet DNS server to point
    to my location. The VOIP router used the CNAME as the public address it
    presents itself as to the world. However, the SIP server, also behind the
    same NAT firewall in this case at this end, has it's own HOSTS table, and
    for the CNAME, points directly to the local address. Seems to work great!

    Steve
    Steve, May 26, 2004
    #4
  5. Steve

    News Account Guest

    "Steve" <> wrote in message
    news:...
    > Apparently, I am finding out that this does not work with Linksys routers.

    I
    > have a befsr81V3 broadband router.
    >
    > I have a device, 192.168.1.7, that needs to send a reply to 192.168.1.12,
    > BUT, because of the way the 2 devices work (VOIP), the reply would go to

    the
    > public IP address (static) of the router. These replies are *not* being

    port
    > forwarded back to the LAN.
    >

    <snip>


    Cisco PIX can do "this" with the ALIAS command however it just translates
    the DNS rather than being port forwarded back through the same interface it
    came from.

    Don Woodward
    News Account, May 26, 2004
    #5
  6. Glad the DNS hack worked. But your original question is still a good one:
    What you need is for the Linksys to allow access to its public IP address
    from the inside. I can envision scenarios where that could go very wrong,
    for example if the target of the public IP sends traffic to the public IP.
    Loop city! :cool: Well, what are TTLs for, anyway :cool:
    Phillip Remaker, May 26, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page