FREESCO Support

[jbmbhs]

I need to setup port forward so i can reach destination machine from both sides (LAN and WAN)

Internet----------Cablemodem------(eth0)Freesco(eth1)---Switch- - -WiFi AP+several PC's

tcp port 6000 forward to 192.168.54.200

I need to hit port forwarding rule from public and from private router IP

Is firewall related?

FREESCO v0.4.2 System Report.
Generated - Wed May 6 21:13:43 CEST 2009
System language: spanish


----- clock -----
Wed May 6 21:13:45 2009


----- cat /etc/system.cfg -----
# [Sistema]
ROUTER=ethernet # dialup/leased/ethernet/bridge
HOSTNAME=router #nombre del ruteador
DOMAIN=inet #Local de dominio
ENAMSQ=y #NAT/firewall
STLTH=r #Stealth o Rechazar=
NPNG=s #respuestas ICMP
NBRG=n #Reducción de modo
# [HTTP/control]
LGDHCP=n #Servidor DHCP
DHCPLG=n #cliente DHCP
LGDNS=n #DNS
LOGHTTP=y #HTTP/control
LGCHT=n #Charla
LGDLD=n #Diald
LGDLP=y #Dialup
LGNT=0 #Netmeeting [0-4]
LGPPPD=s #pppd
LGDNT=s #Ident
LGFTP=s #FTP
LGLP=s #Impresora
LGFR=s #cortafuegos
# [Servicios/servidores]
NPFWD=y #Redireccionado de puertos
# [Seguridad]
TRSTN0=y #red de confianza0
TRSTN1=n #red de confianza1
TRSTN2=y #red de confianza2
TRSTMD=n #Marcado dial de confianza

----- cat /etc/portfw.cfg | sed s/\#.*//g -----

tcp,6000,6000,192.168.54.200

[dilberts_left_nut]

I don't think you can do port forwarding on the internal interface.
Why not just go direct to port 6000 on 192.168.54.200 from the internal machine?

[jbmbhs]

Yes, but i want to have only one configuration. I don't want to change between xxxxx.com and localserver.inet.

[dilberts_left_nut]

You can setup a subdomain like myapp.yourdomain.com
In external DNS this points to the same IP as yourdomain.com and connections are port forwarded.
In your internal DNS you point it directly at the target machine.

You could also do the same without the subdomain, as long as you don't mind the target machine (rather than FREESCO) being resolved as your external domain name for all internal clients.

[mattch]

Dont know if this is relative. Basically dilberts_left_nut siggestion

When i run to the inconvienance of having to remeber two address, one for external and one for local then thats when i setup what they call split dns. i dont know if they call it that but it sounds good.

Local DNS is something like

mattch.local
webserver.mattch.local
email.mattch.local
etc....


External dns is something like

mattch.com
mail.mattch.com
dev.mattch.com
etc......




So being a puny host on the same (local) network as the webserver i cant use the external domain name due to some rule of the network gods that i cant think of way to explain, loops or something.

Like myself and so many im use to using the FQDN, mattch.com, i hated email.mattch.local or ip blah

So of course i go to my internal dns server, everyone has one right? lol

the internal DNS has one zone (shown above) mattch.local
so on the same dns server add a second zone, and call it mattch.com or your FQDN,
add records for the FQDN that corresponding local hosts addresses, ie

Internal DNS:

Zone1: mattch.local
AAA: email.mattch.local > 10.1.1.2
AAA: webserver.match.local > 10.1.1.3
AAA: you get the picture!

Zone2: mattch.com
AAA mail.mattch.com > 10.1.1.2
AAA (same as parent folder, MS DNS ) > 10.1.1.3
etcetcetc

so know when you want mail.mattch.com on the same local network your local DNS serves you the webservers local IP

:devil: Alternativly you could change your FQDN dns to a local ip but forget about anyone outside accessing it (dont really do that its my attempt to create some humor)

the network gods sent me a internal pm to talk about why you cant use external names in the same local network.

your webserver sits at home with you and your local PC's. You have port forwarding enabled for the webserver so the world can see it.. of course you can use internal IP to access the webserver from home, but the hell wants to do that since we pay 10$ for a FQDN?! so now we have a FQDN and when we are showing the website off at a friends house it looks awesome! but when we go home (where webserver is) and try that FQDN is doesnt work... hmm. wtf you might ask, as i once did.

You query your fav DNS server for your new FQDN to view your website from the same local network the website resides on. the query is sent out yer router to the dns server, the dns server says HEY! that FQDN IP is 1.1.1.1, you say ok thats cool i know address is my WAN interface on my router. so now your request is leaving the LAN and then comming back to the LAN, most NAT implementations dont allow this, before you say that i am a liar, the cheapo linksys and soho routers know about this and do something unknown to me to make it work, has somethign to do with IP and Port numbers and some intelligence. i lack all 3

Workaround setup local dns server with FQDN zone pointing to local ip's

Im sure my explaination is unorganized and confusing but hopefully it will shed a ray of light.

[Lightning]

Yes, but i want to have only one configuration. I don't want to change between xxxxx.com and localserver.inet.

As Mattch suggested just custome configure the DNS server on FREESCO so that it points the external URL to that machines internal IP address and it will work fine.

setup -> Configure servers -> DNS server -> .... Edit your DNS file "y"

Add a line like this

192.168.1.10 <TAB> external.domain.url <TAB> external.domain

The IP is the internal IP of the port forwarded machine and the various URL's are any combination that the URL can be called. Once you have finished make sure to restart the DNS server with

rc_dns restart