You are not logged in.

#1 2019-10-23 08:45:03

ChaManO
Member
Registered: 2015-09-22
Posts: 22

[Solved]Multiple IPs per host

Hello,

I'm setting up a private network where I have a file server and several other sychronization servers.
I'd like to be able to access them from both within the intranet (the 192.168... address family) and from the internet.
My /etc/hosts file has the following entries for the server :

192.168.1.2 pi.mydomain.com pi
80.35.80.103 pi.mydomain.com pi

So, two adresses per host. This is to avoid a round trip when I'm in the same network as the pi host.
I have read that this is valid, and that the applications would get both IPs and try to connect to each other before timing out. My problem is that this is not working correctly. Both SSH and TaskWarrior Sync time out when I'm for example at my university network.

My question is if there is a correct way of doing this before resorting to a DNS server or a VPN network.
Also this isn't directly related to Arch, so I don't know if I'm allowed to ask this here.

Thanks for your time.
Edit:Marked as solved.

Last edited by ChaManO (2019-10-24 17:39:53)

Offline

#2 2019-10-23 12:14:27

Zod
Member
Registered: 2019-03-10
Posts: 133

Re: [Solved]Multiple IPs per host

Do you own that routable address space you plan on using?

I can't really think of a worse idea then to give internet routable ip addresses to your internal hosts.

You might consider..
https://en.wikipedia.org/wiki/Network_a … ranslation

Or..
https://en.wikipedia.org/wiki/DMZ_(computing)

And/Or
https://en.wikipedia.org/wiki/Port_forwarding

Edited to add an option.

Last edited by Zod (2019-10-23 16:55:03)

Offline

#3 2019-10-23 19:04:25

ChaManO
Member
Registered: 2015-09-22
Posts: 22

Re: [Solved]Multiple IPs per host

Hi,
Thank you for your response.
I'm unsure on what routable means, but if I understood it correctly, the IP is routable meaning that I can SSH to it from the internet and I'm able to connect (I use exclusively publick key authentication, if you were worried).
About the NAT: my server has the ports that I use translated, so that for example 80.35.80.103:22 (from the outside) is redirected to 192.168.1.2:22 (within my network), and the same with the rest of the services. I'm not sure if this is exactly what you advise against or for.

To clarify, my goal is to be able to, for example do

 ssh pi.mydomain.com 

and have my laptop connect to 80.35.80.103:22 (and get NAT'd to 192.168.1.2:22) while I'm outside and connect directly to 192.168.1.2:22 when I'm home, to avoid the round trip.

If this is not doable at all without a DNS then I'll just go down that route.

Offline

#4 2019-10-23 20:56:31

Stellarator
Member
Registered: 2019-01-12
Posts: 21

Re: [Solved]Multiple IPs per host

ChaManO wrote:

To clarify, my goal is to be able to, for example do

 ssh pi.mydomain.com 

and have my laptop connect to 80.35.80.103:22 (and get NAT'd to 192.168.1.2:22) while I'm outside and connect directly to 192.168.1.2:22 when I'm home, to avoid the round trip.

If this is not doable at all without a DNS then I'll just go down that route.

And the actual (reverse) question here is what prevents you to configure DNS? Because the classic solution to this problem is split-horizon DNS.
I've never heard about two addresses per host name in /etc/hosts file. But I assume that resolver simply returns you the very first coincidence.

Offline

#5 2019-10-24 02:26:38

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 16,812

Re: [Solved]Multiple IPs per host

ChaManO wrote:

my goal is to be able to, for example do

 ssh pi.mydomain.com 

and have my laptop connect to 80.35.80.103:22 (and get NAT'd to 192.168.1.2:22) while I'm outside and connect directly to 192.168.1.2:22 when I'm home, to avoid the round trip..

This is properly done with NAT.    One can add multiple IPs to a NIC, but I usually do that when I need to access a different subnet in a private address space.   For example, a video encoder I use at $DAYJOB defaults to an IP address of 192.168.154.1 out of the box.  Then, you can assign it another address, say 192.168.1.10 which it will remember.  But, if you need to set that programmable address, you need to add an address in the 192.168.254.xxx/24 subnet. 

I strongly discourage trying to put public routable and private addresses on the same NIC;  I shudder and debugging what could happen.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#6 2019-10-24 07:18:14

Stellarator
Member
Registered: 2019-01-12
Posts: 21

Re: [Solved]Multiple IPs per host

Colleagues, as I understand it - the main question is NOT about NAT vs Public IP. It looks like ChaManO uses only private IPs at home and uses NAT to forward needed ports. And opponent just wants to be able to do:

ssh pi.mydomain.com

both from home and from any public place. But for some reasons ChaManO doesn't want to use split-horiz DNS / direct IP (I hope it is statically assigned by provider) to access home from public but tries to use /etc/hosts to achieve this. In other words - "I need to resolve pi.mydomain.com to 80.35.80.103 when I'm in public place but to 192.168.1.2 when I'm at home", right?

Offline

#7 2019-10-24 08:16:55

seth
Member
Registered: 2012-09-03
Posts: 12,895

Re: [Solved]Multiple IPs per host

tracepath 80.35.80.103

from your LAN. If your router doesn't immediately resolve that to itself, get a better router and write an angry letter (or phone transcript) to the vendor.

In order for the /etc/hosts stunt to work, you'll have to actively remove the LAN routing when not at home, eg.

sudo ip route add unreachable 192.168.1.0/24

and you have to remove that entry when back home. And when you're not home, the foreign subnet is better not 192.168.1.0/24 (because then you won't have a route there)

Otherwise the system has no idea what to do w/ the IP chain.
I mean, what do you expect? "Hmm, the host didn't respond for a few seconds, I'll just try a different IP"?
Given the unsteady nature of networks this could have all sorts of reasons, eg. the host might need some traffic to wake-up or so. And even if this was implemented this way: do you seriously want every DNS request on that host have a like 5-second timeout??

Offline

#8 2019-10-24 17:39:25

ChaManO
Member
Registered: 2015-09-22
Posts: 22

Re: [Solved]Multiple IPs per host

Thank you all for the help.

I did what seth proposed:

tracepath $(curl icanhazip.com)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    13  100    13    0     0    325      0 --:--:-- --:--:-- --:--:--   325
 1?: [LOCALHOST]                      pmtu 1500
 1:  172.red-81-32-56.dynamicip.rima-tde.net              11.368ms reached
 1:  172.red-81-32-56.dynamicip.rima-tde.net               8.116ms reached
     Resume: pmtu 1500 hops 1 back 1 

And since it only says 1 hop, then I guess that it is smart enough to recognize its own address. I had never heard of tracepath before, so I really thought that the packets went all the way to the ISP and back. I've quickly drawn a picture of what my network looks like (or at least what I believe it does) showing what was in my mind, for those who were wondering what type of jerryrigged network I was running.
Since the problem was really a non-issue, I'll mark this as solved. Many thanks again!

https://i.postimg.cc/xCCcBvHL/Network-svg.png

To answer some questions:

seth wrote:

I mean, what do you expect? "Hmm, the host didn't respond for a few seconds, I'll just try a different IP"?

That would be exactly what I was expecting I'm afraid. I now understand how that's not a good idea.

Stellarator wrote:

In other words - "I need to resolve pi.mydomain.com to 80.35.80.103 when I'm in public place but to 192.168.1.2 when I'm at home", right?

Yes, exactly that.

ewaller wrote:

I strongly discourage trying to put public routable and private addresses on the same NIC.

I'm unsure what this means. The router does have an IP "from outside" and another "from inside", but it's because it has several NICs, right? The server only has 192.168.1.2 as its IP, but outside requests to the right ports get translated.

Stellarator wrote:

And the actual (reverse) question here is what prevents you to configure DNS?

I actually have my own DNS, but its a PiHole that I feel I'm not qualified to configure myself. I understand that in the future I'll have to learn how, but in the meantime I have this "manual approach" of writing down my (yes, dynamic) IP when I go out and editing my /etc/hosts file every now and then.

Thanks again!


moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2019-10-24 17:43:28)

Offline

Board footer

Powered by FluxBB