[ale] network question with a little linux

Fri Jan 3 22:08:47 EST 2003

Oh boy.. where to start

lets see, this may not be 100% accurate but i will do my best to explain
what is going on. 

	When you request to send data to an ip address you are actualy using a
network layer to send data to a MAC or Hardware address. What may make
this a bit more complicated is how the router deals with MAC addresses.
Cisco and high end hardware use one MAC address for all interfaces on a
router understanding that it is highly unlikely that more than one
interface will be used on the same broadcast domain at a time (but this
can be overriden by configuration changes). An ARP response will only
come from other network interfaces in the same broadcast domain. if the
ip address is outside the broadcast domain then it will send the traffic
to the default router to start the whole proccess over again on the next
hop up (this is streamlined by the fact that most routers and systems
keep a cache of known mac addresses in memory for a period of time, this
is where ARP poisoning is aimed at)
	In this situation, the next hop up will be the interface on the same
router and if they have the same MAC address then the router will not
know what interface to ship the packet out on. (a little trick, any
router you traverse through in a tracerout will only show the ip address
of the interface closest to you, try it sometime and look carefully at
the first router that you know both ip address on)
	This is where friday night and being out of practice takes its toll. I
dont remember exatly where the breakdown occurs, but what happens is a 3
way communication that confuses the networking stack in all the related
machines and it doesnt want to work as no one is exactly sure where the
traffic needs to go. 	
	As far as the ip level, you will probably need to refer to the internal
ip address for the communications to occur normaly. but as for domain
name resolution you have to host your own DNS server that hosts the
internal domain as authoritative and then is caching for the internet
with one difference, you make it authoritative for the hostname of the
external interface domain and the address of the web server you are
attemping to connect to and tell it to give the 192.168 address instead
of the 66. address. as for how this is accomplished I have not attempted
to do that.)

Drag0n
CCNA, RHCE
dragon at atlantacon.org

On Fri, 2003-01-03 at 21:07, Mark Walters wrote:
> I have a problem and thought you guys might be kind enough to help me out.  
> Problem:
> I've got a wireless router with an IP of 66.X.X.X , on the internal lan 
> 192.168.x.x .  Behind this router I have my linux box(192.168.x.x) with 
> the web server running.  I can reach this server from the internal lan 
> using 192.168.x.x and I can reach this server from a machine outside the
> lan(from work completely different network)with the IP(66.x.x.x) and 
> domain name. 
> However from the internal lan using the 66.x.x.x ip or the domain name 
> I can't reach the web sever. traceroute from inside the lan to  anything 
> outside the lan yields
> 
> traceroute to 66.x.x.x (66.x.x.x), 30 hops max, 38 byte packets
>  1  * * *
>  2  * * *
>  3  * * *
>  4  * * *
>  5  * * *
>  6  * * *
>  7  * * *
>  8  * *
> I can browse the web and reach external ip's and domains from within the 
> lan but like I said when I try to reach my public ip or domain or 
> traceroute to  an external source no luck.
> If it helps the router is a netgear mr814 wireless router an there are no 
> upgrades for it yet.  I also want the netgear wireless card to work with 
> my Redhat 8.0 laptop it doesn't now but we can work on that later.
> Thanks for the help guys.

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale