openSUSE 13.2 internet gateway/router issue

Greetings,

I lost my internet gateway/router this past week which was running openSUSE 12.3 due to a power surge. So I reconfigured a box I built that’s running openSUSE 13.2 to replace the failed machine. However I’ve again ran into a situation which we ran into configuring the 12.3 box when setting it up, and can’t remember how we solved it then.

The condition is this: Following the SDB for internet connection sharing, I configured the gateway box for masquerading including a segment of the LAN sub net for DHCP. I also configured a port forward from the public internet which has a static public ip and redirect port 80 to a web server that sits on the LAN, and opened the port on the external zone. This all works fine from the public internet. In other words these websites are visible to anyone outside of the LAN. My issue is that these same sites are not accessible from the LAN! Yes if I connect to the servers internal ip I get the default website in Apache2.

I know this is a simple fix as it was resolved in the past. I know it was a rule setup in YAST under the firewall (SuSEfirewall2). However what it was is alluding, presently.

Any help would be greatly appreciated.

Wil

From what you describe you may be having one of two different issues…

  • If your LAN hosts are supposed to connect to your website using the public IP address, then your NIC needs to support and be configured for hairpin routing. Not all NICs support this so if you changed hardware then this may be different than your original setup. The solution to this is to configure a special DNS zone <only> for your LAN(aka split DNS) that points to your website’s private IP address (from what you describe) instead of the public IP address public DNS is providing. Of course, if you are deploying multiple virtual websites on the same IP address or something similar, additional configuration may be necessary.

  • There could be a name resolution issue. From your LAN hosts, do an nslookup to verify the name is resolving and they are connecting to the correct IP address.

HTH,
TSU

  1. LAN hosts are
    to connect to the website/s using the pulic IP address. 1. No running name servers on the lan, and DNS resolution has been tested out and functioning.
  2. This worked on the previous machine with a firewall rule applied through YAST.
  3. I’m using the same nic that was in the failed machine.

Wil