Routing issue with D-Link DIR-615

[tristanlee85]

I had to get a new router and I ended up getting a D-Link DIR-615 since it was cheap.

 

So, I am setting this up exactly like I had my Linksys. I have my server set as the DMZ host because I want any and all traffic going to that server. It's set, I update my DNS for the new IP I got, and it seems like everyone else can access my server (http://www.cfcoding.com), but when I access it it times out. Even by accessing it directly by IP (http://76.181.30.67) it times out. When accessing it by IP, you should get a page saying that the IP address is shared and the sites need accessed by domain name instead.

 

The weird thing is when I do a DNS lookup on it I get this (and this is correct):

 

[tristan@localhost ~]$ dig cfcoding.com

; <<>> DiG 9.5.1-P1 <<>> cfcoding.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21832
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;cfcoding.com.			IN	A

;; ANSWER SECTION:
cfcoding.com.		83099	IN	A	76.181.30.67

;; AUTHORITY SECTION:
cfcoding.com.		82390	IN	NS	ns2.cfcoding.com.
cfcoding.com.		82390	IN	NS	ns1.cfcoding.com.

;; Query time: 19 msec
;; SERVER: 65.24.7.10#53(65.24.7.10)
;; WHEN: Mon Jan 19 22:19:42 2009
;; MSG SIZE  rcvd: 82

 

When I ping it I get this:

 

[tristan@localhost ~]$ ping cfcoding.com
PING cfcoding.com (76.181.30.67) 56(84) bytes of data.
64 bytes from 192.168.1.150: icmp_seq=1 ttl=64 time=0.455 ms
64 bytes from 192.168.1.150: icmp_seq=2 ttl=64 time=0.450 ms
64 bytes from 192.168.1.150: icmp_seq=3 ttl=64 time=0.443 ms
^C
--- cfcoding.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2103ms
rtt min/avg/max/mdev = 0.443/0.449/0.455/0.018 ms

 

When it pings it, it's returning my local IP address and not my public one. I'm sure that is why everything is timing out for me and no one else, but what could be causing this? Again, I am not using port forwarding at all. It's the DMZ host just like on my Linksys router.

[Akula]

There isn't enough information here. I see you are on 192.168.1.x (assuming /24). Is there a route from 192.168 to the 76.181.x.y net? Is there a route back? What is the subnet on the 76. network?

[tristanlee85]

What do you mean by "is there a route?" I am assuming so. I can get outside of my network and view web pages. As for the subnet thing, is this enough information?

 

IP Address :  	  76.181.30.67
Subnet Mask : 	  255.255.248.0
Default Gateway : 	  76.181.24.1
Primary DNS Server : 	  65.24.7.10
Secondary DNS Server : 	  65.24.7.11

[Akula]

from your PC can you traceroute to the webserver?

 

from the webserver can you traceroute to your pc?

[tristanlee85]

From PC to web server's internal IP:

[tristan@localhost ~]$ traceroute 192.168.1.150
traceroute to 192.168.1.150 (192.168.1.150), 30 hops max, 60 byte packets
1  192.168.1.150 (192.168.1.150)  0.183 ms  0.168 ms  0.177 ms

 

From PC to web server's external IP using domain name:

[tristan@localhost ~]$ traceroute cfcoding.com
traceroute to cfcoding.com (76.181.30.67), 30 hops max, 60 byte packets
1  192.168.1.1 (192.168.1.1)  0.306 ms  0.371 ms  0.437 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

 

From web server to PC:

[tristan@ns1 ~]$ traceroute 192.168.1.110
traceroute to 192.168.1.110 (192.168.1.110), 30 hops max, 40 byte packets
1  192.168.1.110 (192.168.1.110)  0.135 ms  0.089 ms  0.119 ms

[Akula]

not sure what os you have, can you do a source ping from the external on the webserver to the pc?

 

it looks like 192.168.1.1 (assuming your router)

doesn't have a route to the external IP address on the webserver

or the webserver doesn't have a default gateway on the return via the external interface

could be firewalls

 

I can try to figure this out via webex if you like.

[tristanlee85]

Here is the best I can explain it lol

 

http://www.plastikhosting.net/uploads/tristanlee85/dlink.jpg

 

Both OS's are Fedora Core 9. As for firewalls, I don't have it enabled on the router. I just have my server set as the DMZ host and then I have a software firewall running on my server.

[Akula]

that makes sense. Packet leaves your PC destined for 76.181.30.67 from an inside interface. I assume you have a PAT setup to point all http traffic to 192.168.1.150? When the packet gets to the routing engine it will either pat your request or just forward it, or block it depending on FW rules. Now the webserver will reply to the request by sending the packet to 192.168.1.1. What should it do with it? forward it to 76.181.30.67? It depends on what is happening at the route engine.

 

can you open the web server address at 192.168.1.150 (intranet)?

[tristanlee85]

I can, yes, but because the way my web server is set up, if i try to access the site by http://192.168.1.150 I get:

 

This IP address is shared. For access to the web site which you look for, enter its address instead of its IP.

For questions or problems please contact the server administrator.

 

That's the same message you would get if you tried to access the site via the 76.181.30.67 IP.

 

It's just I haven't changed anything at all except went from a Linksys router with .150 as the DMZ to this D-link with .150 as the DMZ. Maybe my Linksys was doing is wrong the whole time and I configured it weird to work right. I don't know.

[Akula]

maybe the dlink has different forwarding rules.

 

I use a regular commercial router, public IPs, and private IPs. My web stuff has a real public IP on it and I don't pat. Not sure.

[tristanlee85]

Must be it. I returned it and got a $40 Netgear and it all works perfect now...

 

Thanks for the help though!