[tclug-list] [OT] making connection despite cable modem and Linksys router

Sat Nov 12 13:43:36 CST 2005

On Saturday 12 November 2005 12:47, Mike Miller wrote:
> I'm calling this OT because it isn't a Linux question, but it is a
> computer question and there are some unixy elements to it.

Your Linksys (WRT54G/WRT54GS) runs linux and iptables - and is probably the 
barrier - so it's not that far off.

> I cannot connect to the PC via VNC, but I also cannot ping it.  On the
> other hand, traceroute from outside the network finds it OK.  On the PC I
> see this kind of info from ipconfig /all:

Are you talking about connecting to inside VNC from the outside world?  You 
_definitely_ shouldn't be able to do that without some configuring.  You have 
to go to Applications/Gaming, and open up your vnc port (often 5900/tcp) to 
the machine you want to use.  Off of that, the router sets up Destination 
NAT.

Your local PCs are set up with NAT which blocks them off from the outside 
world.  You have to use destination nat to connect back to them (then you 
connect to CPE-24-94-198-51.mn.res.rr.com and you'll get the local PC).

<snip>

> When I SSH from the PC to a Solaris box outside of my home network, the
> Solaris box says I'm connecting from CPE-24-94-198-51.mn.res.rr.com (I
> changed that number just a bit, but you get the idea).  Ping works to
> "localhost" or to 192.168.1.100 but not to 192.168.1.1 nor to
> CPE-24-94-198-51.mn.res.rr.com.

Your device runs under NAT (network address translation), which means that any 
computer in your local network appears to the outside as if it were your 
router - so appearing as CPE-* is correct.

Ping doesn't work from the world to the router by default.  It should work 
from the inside - if you can get to a web page from the inside, the ping is 
kind of moot.  I don't really have any advice for pinging from the inside, 
but the generic 'use the latest firewall and wipe out the settings and 
restore' advice.

My 'security -> firewall' setup has 

Block Anonymous Internet Requests
Filter Multicast 
Filter IDENT(Port 113) 
but not Filter Internet NAT Redirection

and I can get to SSH on an inside machine.

Dave Carlson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20051112/2ec86189/attachment.pgp