Accessing local LAN via Public IP address, Port Forwarding

Discussion in 'Cisco' started by Steve, May 26, 2004.

  1. Steve

    Steve Guest

    Apparently, I am finding out that this does not work with Linksys routers. I
    have a befsr81V3 broadband router.

    I have a device, 192.168.1.7, that needs to send a reply to 192.168.1.12,
    BUT, because of the way the 2 devices work (VOIP), the reply would go to the
    public IP address (static) of the router. These replies are *not* being port
    forwarded back to the LAN.

    I know some routers handle this. Apparently not this router, but, I get
    differing answers from Linksys "tech support". Please do not try and say try
    DMZ, that poses different issues and it not workable no matter what!

    So, having spent 1.5 hours on the phone, can anyone confirm that Linksys
    router(s) do not handle this (doc SEEMS to say they do not, but not clear),
    and, is there a nice broadband router for home use that has QOS, and 8
    ports, that I could use which DOES do this?

    I must have a router that supports a local device talking to a local device,
    over the public IP address.

    Steve
     
    Steve, May 26, 2004
    #1
    1. Advertisements

  2. Well, this is not a routing issue, really. The if the destination is the
    public IP address of the router, you want it to translate BACK to
    192.168.1.12? Sounds like you are violating the principles of NAT here.
    Each device thinks it is talking to the outside, but in reality are talking
    to each other, except by getting translated by the outside address?

    Sounds like it is really a problem with DNS design.
    How? You'd have to do some serious policy routing gymnastics to make it
    work.
    Well, this is a pretty unusual situation.
    Why don't we clarify in a little more detail what "this" is?
    I'm not sure if the Linsys supports it, since you are translating outbound
    and inbound at the same time. There has to be a more sensible way to run
    the application. Why is this system set up this way?
     
    Phillip Remaker, May 26, 2004
    #2
    1. Advertisements

  3. Steve

    Steve Guest

    Some routers DO do this. SIP VOIP router and SIP server behind same NAT
    firewall is the specific application. Both need to be addressed from other
    sites around the world, and to each other. Yes, can make or use 2 static
    IPs, buy 2 routers, but most home office people do not wish to do this.

    To quote one sample web site (and I know some do by experience):

    "Note that many NAT implementations will not let you access things via the
    public IP from within the private network: that does not mean that they're
    not accessible from the outside."

    Find this on:

    http://www.dyndns.org/support/kb/nat.html

    Steve
     
    Steve, May 26, 2004
    #3
  4. Steve

    Steve Guest

    Actually, just by mentioning DNS, Phillipp did give me an idea.

    Though all of the setup instructions mention IP addresses, why not use
    names?

    So, my solution was to use a CNAME out on the internet DNS server to point
    to my location. The VOIP router used the CNAME as the public address it
    presents itself as to the world. However, the SIP server, also behind the
    same NAT firewall in this case at this end, has it's own HOSTS table, and
    for the CNAME, points directly to the local address. Seems to work great!

    Steve
     
    Steve, May 26, 2004
    #4
  5. Steve

    News Account Guest

    <snip>


    Cisco PIX can do "this" with the ALIAS command however it just translates
    the DNS rather than being port forwarded back through the same interface it
    came from.

    Don Woodward
     
    News Account, May 26, 2004
    #5
  6. Glad the DNS hack worked. But your original question is still a good one:
    What you need is for the Linksys to allow access to its public IP address
    from the inside. I can envision scenarios where that could go very wrong,
    for example if the target of the public IP sends traffic to the public IP.
    Loop city! :cool: Well, what are TTLs for, anyway :cool:
     
    Phillip Remaker, May 26, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.