Access public IP from NAT.

Fri Jun 5 08:13:10 EDT 2020

I think that's the problem.  Check your DNS and see which IP you're getting when you put the external name in.

On June 5, 2020 8:04:19 AM EDT, Lloyd Kvam <lkvam at venix.com> wrote:
>My approach has been to provide the external names to dnsmasq so that
>the names are attached to
>the correct IP address at home and away.
>
>I'm using an IQrouter (runs openWRT) which makes this pretty painless
>to setup.
>
>To be clear:
>from outside my office on the net
>   $ host www.venix.com
>www.venix.com has address 68.238.56.186
>
>from in my office (I'm using the 172.x.x.x private address space as a
>holdover from running
>Lede and the buffer bloat software)
>
>   $ host www.lan
>www.lan has address 172.30.42.28
>
>$ host www.venix.com
>www.venix.com has address 172.30.42.28
>
>That's not what you asked for, but it might fit your needs. With my
>openWRT based router, the
>advanced menu provide Network / Hostnames which supplements the DHCP
>name/address resolution in
>dnsmasq. You can figure out the setup on your RasPi to add the required
>host entries.
>
>(For those hosts that need to be visible to the broader Internet, I use
>port forwarding through
>the firewall.)
>
>On Fri, 2020-06-05 at 00:16 -0400, Ken D'Ambrosio wrote:
>> Hey, all.  So I finally yanked my Comcast modem ("for reasons,"
>largely
>> having to do with lack of static routes), and put in my own cable
>modem,
>> a WAP, and a RasPi-4 that's doing routing/NAT.  It all works great. 
>> But... I have services exposed that I want to access on the public
>IP. 
>> It works *great* from out there, but if I try to access the public IP
>> from my NATted network, no dice.  And, sadly, if there's one Linux
>place
>> where there's a truck-sized hole in my knowledge, it's IP Tables. 
>I've
>> googled the Interwebs to no avail on what magic IPTables stuff would
>be
>> needed to make it work.  Here's my current script:
>> 
>> root at ubuntu:/usr/local/bin# cat start-NAT.sh 
>> #!/bin/bash
>> export PUBLIC=eth1
>> export PRIVATE=eth0
>> 
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>> iptables -t nat -A POSTROUTING -o $PUBLIC -j MASQUERADE
>> iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m state --state
>> RELATED,ESTABLISHED -j ACCEPT
>> iptables -A FORWARD -i $PRIVATE -o $PUBLIC -j ACCEPT
>> 
>>
>=============================================================================================
>> ========
>> root at ubuntu:/usr/local/bin# cat start-port-forwarding.sh 
>> #!/bin/bash
>> 
>> export PRIVATE=eth0
>> export PRIV_IP=192.168.10.1
>> export PUBLIC=eth1 
>> export JELLYFIN=192.168.10.12 
>> 
>> iptables -A FORWARD -i $PUBLIC -o $PRIVATE -p tcp --syn --dport 8096
>-m
>> conntrack --ctstate NEW -j ACCEPT
>> iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m conntrack --ctstate
>> ESTABLISHED,RELATED -j ACCEPT
>> iptables -A FORWARD -i $PRIVATE -o $PUBLIC -m conntrack --ctstate
>> ESTABLISHED,RELATED -j ACCEPT
>> iptables -P FORWARD DROP
>> iptables -t nat -A PREROUTING -i $PUBLIC -p tcp --dport 8096 -j DNAT
>> --to-destination $JELLYFIN
>> iptables -t nat -A POSTROUTING -o $PRIVATE -p tcp --dport 8096 -d
>> $JELLYFIN -j SNAT --to-source $PRIV_IP
>>
>=============================================================================================
>> ========
>> If anyone could be kind enough to let me know what extra magic(tm) I
>> need to employ to get at my public IP from inside, I'd be most
>> interested to hear. 
>> 
>> Thanks! 
>> 
>> -Ken
>> _______________________________________________
>> gnhlug-discuss mailing list
>> gnhlug-discuss at mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>-- 
>Lloyd Kvam
>5 Foliage View
>Lebanon, NH 03766
>802-448-0836
>
>
>_______________________________________________
>gnhlug-discuss mailing list
>gnhlug-discuss at mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20200605/53620367/attachment.html 