1) I have a router with wan IP 62.117.93.14 and local net 192.168.0.0/16. NAT enabled, working.
2) in local net I have ngnix web site with IP 192.168.0.27 for domain is.some_domain.ru.
When I try to access to is.some_domain.ru from outside local net it works fine. But when I try to access to that site from localnet I've got
as I see, no packets come to ngnix server, so resetting packets I received from a router, but I can't understand why
2) in local net I have ngnix web site with IP 192.168.0.27 for domain is.some_domain.ru.
When I try to access to is.some_domain.ru from outside local net it works fine. But when I try to access to that site from localnet I've got
ERR_CONNECTION_REFUSED
Code:
#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add"
wan="re0"
wan_ip="62.117.93.14"
lan="vr0"
ks="keep-state"
ipfw -q nat 1 config if $wan same_ports unreg_only reset \
redirect_port tcp 192.168.0.27:80 80 \
redirect_port tcp 192.168.0.27:443 443
$cmd 5 allow all from any to any via $lan
$cmd 10 allow all from any to any via lo0
$cmd 105 reass all from any to any in
$cmd 110 check-state
$cmd 120 allow tcp from any to $wan_ip 4322 in via $wan $ks
$cmd 130 allow all from $wan_ip to 8.8.8.8 53 out via $wan $ks
$cmd 1000 nat 1 ip from any to any via $wan
ipfw show
Code:
00005 5560098 4784045774 allow ip from any to any via vr0
00010 4 160 allow ip from any to any via lo0
00105 2968474 2748258948 reass ip from any to any in
00110 0 0 check-state :default
00120 6816 582784 allow tcp from any to 62.117.93.14 4322 in via re0 keep-state :default
00130 87 8203 allow ip from 62.117.93.14 to 8.8.8.8 53 out via re0 keep-state :default
01000 5593058 4786264615 nat 1 ip from any to any via re0
65535 7 392 deny ip from any to any
tcpdump -i vr0 src 62.117.93.14 or dst 62.117.93.14
Code:
16:00:45.868292 IP 192.168.2.135.1718 > 62.117.93.14.http: Flags [S], seq 3722626669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:00:45.868331 IP 62.117.93.14.http > 192.168.2.135.1718: Flags [R.], seq 0, ack 3722626670, win 0, length 0
16:00:46.372893 IP 192.168.2.135.1718 > 62.117.93.14.http: Flags [S], seq 3722626669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:00:46.372930 IP 62.117.93.14.http > 192.168.2.135.1718: Flags [R.], seq 0, ack 1, win 0, length 0
16:00:46.873407 IP 192.168.2.135.1718 > 62.117.93.14.http: Flags [S], seq 3722626669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:00:46.873448 IP 62.117.93.14.http > 192.168.2.135.1718: Flags [R.], seq 0, ack 1, win 0, length 0
16:00:47.376647 IP 192.168.2.135.1718 > 62.117.93.14.http: Flags [S], seq 3722626669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:00:47.376685 IP 62.117.93.14.http > 192.168.2.135.1718: Flags [R.], seq 0, ack 1, win 0, length 0
16:00:47.878100 IP 192.168.2.135.1718 > 62.117.93.14.http: Flags [S], seq 3722626669, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:00:47.878119 IP 62.117.93.14.http > 192.168.2.135.1718: Flags [R.], seq 0, ack 1, win 0, length 0