DSL Router doing something I didn't expect. Is this normal?

I ran into something recently that I’d never seen before, and I’m wondering if this is normal or if I’ve just gto a very strange dsl router. Normall I work with dsl modems or dsl PCI cards, so I’m not really sure just what is normal for a dsl router.

I set up a server for a small company here a while back, and since they are kind of far away I set up a remote access using ssh so that I can do maintenance on it with out driving over. That worked easily enough.

Since they had a DSL router, I set up port forwarding in the router to connect the ssh port to the server. As a test, I also forwarded port 80. I removed port 80 after testing. Port 80 showed me something that is really weird.

Using the dsl router and dyndns, I gave the server an address like this “whoever.dyndns.org.” Normally I can then connect from the server to itself using the address. That is, I enter “http://whoever.dyndns.org” into the address bar of a browser on the server and get the web server running on that machine.

Not so on this system. Anyone on the internet who puts the address “whoever.dyndns.org” into their browser would get the web server on our machine. The server can’t address itself by name, however.

After messing with it a while, I came to the conclusion that the browser from the server can connect to the router using the whoever address, but that the router will not route the request back to the server because the request is coming from the server. Addressing the server as “whoever.dyndns.org” works fine from any other pc in the network, so it would seem that the router is refusing to connect a source and a destination that have the same local address.

The router is one that the telekom here provides to their customers. It is an oem unit that has custom firmware from the telekom. I’ve had problems with this kind of equipment from the telekom before, and I wonder if this is one more example of telekom strangeness or if this is normal.

Horrid, shameless BUMP

Not sure if you tried these things:

  • Can you access the web page externally using the IP address (instead of whoever.dyndns.org)?
  • Can you ssh externally using whoever.dyndns.org? What about using the IP address?
  • What is the IP address getting associated with whoever.dyndns.org? Is it the DSL router’s address or the server’s NAT address?
  • Does the DSL router have built-in support for dynamic DNS?

Assuming DNS is working OK, it is likely a router weirdness. If you do an nslookup of the dyndn.org domain name, does it resolve? My guess is that it does. It must be a weirdness of the router’s network address translation where it is refusing to rebuild the packets because the source is equal to the destination.

A workaround is you could edit the /etc/hosts (unix) or LMHOSTS (windows) file on that machine to make your dyndns.org address resolve to the loopback address (127.0.0.1). That’s easy enough if you really need it to work that way, since the mahcine will try the local hosts file before querying a DNS server to resolve hostnames.

DNS is fine, and I can ssh into the server using the dyndns address from anywhere outside of the local network. During the time I had allowed external access to our local web server, I could reach it from anywhere on the Internet using the dyndns address.

It is just so weird that I can’t access our server using our dyndns address from inside our LAN.

It isn’t like this causes a real problem. When we need to access our web server from inside the LAN we just use the local IP address or name. That works just fine. Other systems that I’ve set up, though, (including the one I’m posting from) have no problem accessing a local server through the dyndns address.

I did end up putting the dyndns name in the /etc/hosts because I like to use the external server address in the port forwarding on ssh. It makes it a little easier to read.

What the router is doing strikes me as strange. I’m just wondering if it is normal strange, or if I’m just dealing with the one model of router out of a zillion that is strange this way.

BTW:
The router itself doesn’t know about dyndns. I have a dyndns update program running on the server. The German Telekom doesn’t really encourage you to run private servers on the internet, and this router is a Telekom oem model. They (the Telekom, not the router) force a disconnect every twenty four hours, and drop the connection regardless if there’s been no activity for a while (like twenty minutes or so.) All the servers that I run this way have a cron job to ping their own dyndns address every five minutes. Since the Telekom also provides the last mile for nearly all service in the country every provider’s service does the same.

It’s quite normal that you can’t access the external IP from the internal LAN, that is just how the NAT works in the router.

Either solve it by adding the name to hosts files on the LAN or run a local nameserver that is queried first and resolves the name to the IP on the internal net.

I guess all the Linux servers I’ve set up this way are the weird ones, then. They have no trouble connecting an internal user to the server over the external IP address.