Linksys Port Forwarding Loopback problem

[sirlindsey]

I currently have a Linksys BEFSR11 Cable/DSL router and have setup port-forwarding successfully for HTTP, FTP, SMTP, and DNS. I have my domain name pointing to the public side of the Linksys router using port forwarding to forward the request to a server on the private side of the Linksys router.

If I am using a web browser on a computer on the public side of my router I can hit my web server through the Linksys router just fine. However, if I am using a web browser on a computer inside the private side of my router I get the Linksys router Administration login. It appears to me that the Linksys router is not handling a port forward loopback from the private side of the router to the public side port-forwarding back to the private side of the router.

I have the latest firmware from Linksys on the router. Has anyone else seen this problem?

 

[TheOldMan346]

sirlindsey,

The only port forward/loopback condition I am aware of is this

http://www.dslreports.com/faq/4808.

It sounds like it could be relate but it is not a direct match to what you describe. I use the public address to access my private web site frequently and have not run into this before. It successfully gets out to the DNS and gets routed back in and forwarded properly. Maybe someone else has seen it.

Good luck.
What goes around - comes around.
The Old Man

If you feel that this post can help others, please indicate it with a star.

 

[sirlindsey]

TheOldMan346,

Thanks for your response. I found the article you referenced before I posted on this site and didn't consider it relevant because it was referring to a problem which would happen if I assign port-forwarding numbers above the reserved ports (i.e. HTTP-80, SMTP-25, DNS-53, etc.). In my case I'm using port 80 for HTTP and am still seeing the problem.

I'm curious if you are hosting your own DNS server inside the private side of your router. If so, are your clients pointing directly to the internal DNS server or are they pointing to a DNS server on the public side?

In my case, all of the clients on my private network point to the DNS server on the private LAN of the Linksys Router. Also, any DNS requests to my domain name from the internet DNS root servers are port-forwarded through my Linksys router (WAN IP address on port 53) to my DNS server (private IP address). Whether the DNS request comes from the internet WAN or from clients on the internal private LAN, the DNS server resolves my domain name to the public IP address of the Linksys Router. Is this how you are setup?

Steve

 

[TheOldMan346]

sirlindsey,

Yes, I agree it is not a direct match but I thought it might trigger a thought process if you had not seen it.

No, I am not hosting my own DNS server. It's my own small network and I'm using my ISP's DNS. In a past life we had set up our internal DNS server to resolve directly to the server's internal address. External requests were resolved by external servers to the public address.
What goes around - comes around.
The Old Man

If you feel that this post can help others, please indicate it with a star.

 

[sirlindsey]

TheOldMan346,

I wonder if the problem I am having has anything to do with multiple subnet routing. I have multiple subnets behind the Linksys router in a configuration that looks something like this:

Internet Modem
|
|
(Public Static IP Address)
Linksys Router
(192.168.1.253)
|
|
}------ Hub with Clients
|
|
(192.168.1.2)
Web Server acting as a Router
(192.168.2.1)
|
|
Hub with more Clients

The Linksys Router port forwards all traffic to the Web Server at address 192.168.1.2. This same Web Server is also routing between the 192.168.1.x and 192.168.2.x subnets (All networks are Subnet Masked to a Class C 255.255.255.0 network).

Do you think the Linksys router is having problems port-forwarding a client request originating on the 192.168.2.x segment sent to the Public Static IP Address of Linksys router and back to the client on the 192.168.2.x segment?

Steve

 

[smah]

I am hosting a web server and ftp server and am not seeing this problem. But...my dns server is outside the lan. Does the local client pc configuration have the private address to your dns server or the public address?

 

[sirlindsey]

It has the Private Address for the DNS server.

 

[smah]

What happens if you give it the public address of the dns server

 

[sirlindsey]

The public address didn't work. However, I think I know what is going on. Evidently, the Linksys router is not capable of doing a port-forward loopback on any segment other than 192.168.1.x. If I'm using a computer on the 192.168.1.x subnet it works fine. However, if I use a computer on the 192.168.2.x subnet it doesn't. What do you think the chances are of Linksys fixing this problem? If you think my chances are "never", then do you know of a decent router that will do multi-subnet port-forward routing?

Steve

 

[alexpoptown]

From the pix you submited you need to add a static route to your linksys for network segment 192.168.2.x to be sent to interface 192.168.1.2, since that box is your GATEWAY between 2 segments or move all your devices to the same segment and block them off using the Netmask of =/- 128.
Regards
Alex

 

[sirlindsey]

I am currently using RIPII protocol to discover routes between the subnets on my LAN. This is working correctly proven by the fact that a workstation on the 192.168.2.x subnet can browse the internet through the Linksys router. This would not be possible if the Linksys router did not know how to return packets from the internet to the 192.168.2.x subnet.

Unless someone can prove to me otherwise, I feel this problem is a limitation in the Linksys router performing a port-forward loopback across subnets on the private LAN.

 

[TheOldMan346]

sirlindsey,

Why don't you try posting this problem on

http://www.dslreports.com.

There is a Linksys hardware forum where some excellent Linksys techs "hang out". You may get some insight there into whether it is a recognized problem or not.

http://www.dslreports.com/forum/equip,16

Good luck.
What goes around - comes around.
The Old Man

If you feel that this post can help others, please indicate it with a star.