cancel
Showing results for 
Search instead for 
Did you mean: 

Hub 1 Port forwarding curiosity

kjpetrie
Aspiring Pro
Posts: 221
Thanks: 35
Fixes: 5
Registered: ‎19-12-2010

Hub 1 Port forwarding curiosity

Yesterday morning the PSU fan on my web and mail server started making a dreadful noise - time to dismantle it and see whether it could be cleaned and lubricated or needs replacement, so I launched my backup VM and updated its keys and contents to match.

After tweaking /etc/hosts to test this was working as desired it was time to change the port forwarding in the router to send mail, http, and https packets to the desktop machine so the server could be taken out and serviced. It didn't work, and I have spent two days trying to sort out the iptables forwarding in the desktop before finally looking at the log of incoming packets. They were addressed to IP address 192.168.1.120, which is not the address of any machine on my LAN!

In Home Network, the name and IP address of my desktop were shown correctly, and in Port Forwarding the correct machine name was shown, but packets were being addressed incorrectly, and hence being dropped on receipt. I took out the machine name and entered the IP address literally, and finally everything worked.

Well, at least I've learnt a lesson - never assume the machine names in Port Forwarding and their IP addresses match the ones shown in Home Network. They can be different so shouldn't be relied on. Use the numerical IP instead.

 

7 REPLIES 7
greygit1
Aspiring Pro
Posts: 411
Thanks: 56
Fixes: 1
Registered: ‎26-06-2023

Re: Hub 1 Port forwarding curiosity

Out of interest, what model of router?

198kHz
Seasoned Hero
Posts: 5,758
Thanks: 2,822
Fixes: 41
Registered: ‎30-07-2008

Re: Hub 1 Port forwarding curiosity

@greygit1 

Thread title - Hub 1 Port forwarding curiosity  😉

A complex system that does not work is invariably found to have evolved from a simpler system that worked just fine
Zen SOGEA 40/10 + Digital Voice   FRITZ!Box 7530
BT technician (Retired)
MisterW
Superuser
Superuser
Posts: 16,350
Thanks: 6,282
Fixes: 451
Registered: ‎30-07-2007

Re: Hub 1 Port forwarding curiosity

It didn't work, and I have spent two days trying to sort out the iptables forwarding in the desktop before finally looking at the log of incoming packets. They were addressed to IP address 192.168.1.120, which is not the address of any machine on my LAN!

Most routers use a linux kernel  and the actual port forwarding is done by the addition of a DNAT rule to the iptables (or nftables ) firewall. Its a one-off operation, in that the rule is added when the port forward is created. The rule specifies an IP address to which packets are to be forwarded. If when you create the rule, you use the name or mac of the device, the port forward will establish the current IP address for that device and use that to create the DNAT rule. Should the IP address of the device change in future, the network display on the Hub may show the updated information but the port forward rule will have the old IP.

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

kjpetrie
Aspiring Pro
Posts: 221
Thanks: 35
Fixes: 5
Registered: ‎19-12-2010

Re: Hub 1 Port forwarding curiosity

Might well be true, but it doesn't explain my experience.

1. My desktop machine has a static LAN IP which has never been 192.168.1.120.

2. The rule will be added and removed every time I change the destination between the two machines. It's about a year since I last had to route the incoming packets to my desktop. I only have to do this if I have to service the "server" machine which normally receives the packets, so this happened when I changed the rule the day before yesterday. The router has always known the correct IP address to go with the machine name and was still showing that in Home Network, but not using that when I switched over to it in Firewall settings.

Dan_the_Van
Hero
Posts: 3,155
Thanks: 1,573
Fixes: 90
Registered: ‎25-06-2007

Re: Hub 1 Port forwarding curiosity

It is possible to have more than one device with the same name. The difference between them would be the MAC Address. So the 1.120 address could have been a second instance of the same device name but different hardware.
kjpetrie
Aspiring Pro
Posts: 221
Thanks: 35
Fixes: 5
Registered: ‎19-12-2010

Re: Hub 1 Port forwarding curiosity

Anything is possible, but there has never been such a device on my LAN. I suspect some sort of memory corruption could be responsible, though I'll never know.

All I do know is the machine name used in Home Network had a different IP address from the same machine name in Firewall->Port Forwarding and the IP address in the latter was one never used for any connected device.

The lesson remains - use the IP address for forwarding and don't rely on machine names.

 

greygit1
Aspiring Pro
Posts: 411
Thanks: 56
Fixes: 1
Registered: ‎26-06-2023

Re: Hub 1 Port forwarding curiosity

I can report that I have now found my reading glasses.

 

Smiley