static route

[ed123]

Hi,

I have a public server that needs to communicate with my loca IP. The local IP/host can ping the public but the server cannot ping the local. I think ther is a way in my public server(centos 6.5) like statically route all connections going to any local IP's will be route to my router(pfsense) .

Newbie

 

[firedrow]

We would need more information about your setup, preferably a network diagram. If the server and local IP are on different subnets, then yes the router should be taking care of that interconnection.

 

[TCM2]

Are you pinging the server from behind NAT? Are you expecting to reach your local hosts behind NAT from the server directly? How should that work?

 

[ed123]

all i need is the command like any connections going to our local IP's(192.168.x.x) from our public server(y.y.y.y) the route should be forcely route to my router public IP(x.x.x.x). I think we can set in my public server(y.y.y.y) centos.


No need to worry about my routers end i can do rest and only in my public servers i much need the help.

 

[TCM2]

It doesn't work that way.

You need a tunnel between your server and your LAN.

 

[ed123]

so no other way from my public centos if the destination is 192.168.x.x it will be forwarded to my router public ip?

 

[Haven]

Does the Public Server need to initiate the connection? Or does one of the Private machines initiate the connection? If the Public server is doing the initiation, then you need to open a hole in your firewall to allow a connection to the Private machine that needs to be accessed. Your Public machine will connect to your Firewall on its outside address, which will then allow the connection through.

If the private device is initiating the connection then you just need to make sure your firewall isn't blocking the conneciton.

Depending on the firewall you might be able to lock down the connection. For example, if you are using a Sonicwall, Juniper, Cisco ASA, Palo Alto, Meraki, etc can do this. Home/Consumer Grade equipment will not allow for locking the connection down.

However, you can't route 192.168.x.x across the internet as it is in RFC1918. These are non-Internet routable IP address spaces. So you will have to do NAT translation on your firewall.

Without knowing any specifics, it is not possible to talk specifics, and only in generalities.

(Private Device) 192.168.186.5 <--------> 192.168.186.1 (Firewall) 68.250.11.186 <--------> 12.2.250.198 (Public Server)

 

[Nicklebon]

so no other way from my public centos if the destination is 192.168.x.x it will be forwarded to my router public ip?

Most ISPs will have an ACL on their routers that would drop any packet with a RFC1918 destinations address. This is a textbook case for a VPN link.