Score:1

Can I utilize cisco router features during local to local data transmission?

us flag
Ino

Cisco router is reachable from the internet, external ports are being forwarded to different inside hosts. From external connection on port 1234, it is being forwarded to a internal host 10.0.0.1 running an app on port 443. This whole can be reached from the internet via mydomain.com:1234.

What I need: Be able to reach this host from the inside on port 1234, preferably on the internal IP of the host and not on the external (isp) ip of the router. Currently neither one works.

(this works)
internet --> mydomain.com:1234 --> router --> host 10.0.0.1:443

(that does not works) hairpining?! no idea how to set it up
local    --> mydomain.com:1234 --> router --> host 10.0.0.1:443

(is this possible some how???? preferred solution)
local    --> 10.0.0.1:1234 --> router --> host 10.0.0.1:443

(works but its not really a solution)
local    --> 10.0.0.1:443 --> router --> host 10.0.0.1:443

I'm using cisco isr ois xe 16.09.

Score:0
br flag

You have multiple questions hidden in your post, I'll try to answer them all. But first look at current "solution" and how it works.

  1. External host tries to reach mydomain.com:1234.
  2. Host asks DNS server for IP address of mydomain.com, DNS reply external IP address of the router.
  3. Host send data to external IP address:1234, router receives that and
    • forwards data to host 10.0.0.1:443
    • NAT used (changed IP address from external IP to local IP 10.0.0.1)
    • port-forwarding used (changed port 1234 into 443)

You are trying to achieve 3 different things, let split them:

  1. Connect from local IP address to local IP address. Because they are both in local network in same subnet - you can use how to check, the request will not go to the default gateway (to the router) and instead the host will be contacted directly.

    • To clearly clarify: With mask 255.255.255.0 (/24), You won't be able to send from local IP (e.g. 10.0.0.100) to local IP (10.0.0.1) VIA ROUTER unless you move either of host to different IP range/subnet.
  2. Translate mydomain.com into local IP address for local host(s). There are more solutions, one of them is to configure your local DNS server and create type A entry for mydomain.com->local IP. If you don't have one, on your host (PC?), you can edit hosts file.

  3. Last thing is to translate port 1234 into 443. Normally you would do this thing on the router (when going from different subnets). However in this case you are on same local network for both source/destination and this won't help you. There are workarounds, e.g. using Proxy app on your machine.

    • Also there is workaround for Linux machines, you can modify IP table of that machine:
      • iptables -t nat -A OUTPUT -p udp --dport 1234 -j DNAT --to-destination 10.0.0.1:443
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.