You are not logged in.
- Topics: Active | Unanswered
#1 2023-07-14 08:15:44
- Hacksign
- Member
- Registered: 2012-07-30
- Posts: 132
Access a LAN server with WAN ip in different vlan problem.
This is not a archlinux problem, it a problem about configuration of OpenWRT.
Let's start with my network topology:
The router which has an wan ip: 123.123.123.123 (with a dynamic dns domain xxx.ddns.com point to it)
And I have a port forward rule which is shown on top-right corner in above image: any access on 123.123.123.123:1234 will be forwarded to 192.168.2.100:4567.
The behavior of current network is:
1. I can access 192.168.2.100:4567 on 192.168.1.5 with LAN ip 192.168.2.100.
2. I can access xxx.ddns.com:1234 (with WAN ip) on host 192.168.2.20(in VLAN 2).
3. But with 192.168.1.5, which is in VLAN 1, I can not access the server with xxx.ddns.com:1234 (with WAN ip).
What I confirm is:
1. When access with xxx.ddns.com:1234 on host 192.168.2.20, dns got ip address 123.123.123.123, and I can get response from real server 192.168.2.100.
2. When access with xxx.ddns.com:1234 on host 192.168.1.5, dns got ip address 123.123.123.123, but router response a RST packet directly:
root@Router:~# tcpdump -i any port 1234
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
20:09:59.386877 IP 192.168.1.5.50628 > 123.123.123.123.1234: Flags [S], seq 2424362043, win 42340, options [mss 1460,sackOK,TS val 113935725 ecr 0,nop,wscale 8], length 0
20:09:59.386877 IP 192.168.1.5.50628 > 123.123.123.123.1234: Flags [S], seq 2424362043, win 42340, options [mss 1460,sackOK,TS val 113935725 ecr 0,nop,wscale 8], length 0
20:09:59.387967 IP 123.123.123.123.1234 > 192.168.1.5.50628: Flags [R.], seq 0, ack 2424362044, win 0, length 0
20:09:59.387984 IP 123.123.123.123.1234 > 192.168.1.5.50628: Flags [R.], seq 0, ack 1, win 0, length 0My router is running with OpenWRT.
My Question is:
* What should I do if I want access 192.168.2.100:4567 with WAN-IP:1234 in VLAN 1 ?
Last edited by Hacksign (2023-07-14 08:26:55)
Offline
#2 2023-07-17 12:14:04
- Koatao
- Member
- Registered: 2018-08-30
- Posts: 96
Re: Access a LAN server with WAN ip in different vlan problem.
Hi,
OpenWRT is another Linux distribution. There is barely no similirities between ArchLinux and OpenWRT besides the Linux Kernel. OpenWRT is made to be embedded into network hardware with very specifics constraints. OpenWRT does not share much with any other major Linux distribution. It's configuration is totally different than what you expect on common Linux distros. As such, you should not seek help on a forum dedicated to another Linux distros. Besides, it is against the simple rules of this forum...
So you don't waste time on an other forum :
LuCI is just a GUI (it is impossible to read you screen capture because of low quality anyway), provides the whole configuration from CLI with UCI instead.
Test with ICMP first you can communicate between VLAN1, VLAN2 and WAN. Make sure routing is working properly and that communication in the firewall (and maybe the switch) is configured properly to allow ICMP to go through from VLAN1 to WAN and VLAN2. Once you have that configuration right, apply the TCP layer to it.
Offline