0

I am administering a SSH server and trying to configure port forwarding through my router for access outside of the subnet. The server is located at subnet IP address 192.168.86.97 however, when I try to configure the router to port forward to this IP or any IP other than 192.168.0.X, I get the error

Internal IP Address is not in LAN.

To solve this, I have tried assigning the device a static IP within the range 192.168.0.X using:

sudo ip address add 192.168.0.97/24 dev eno1

However, this IP address assignment does not appear to be reflected on any other machine but the server itself. That is, the server may ping itself at 192.168.0.97, but no other device on the subnet can ping 192.168.0.97. I want to solve this, and my questions are

  1. What does it mean that the Internal IP address 192.168.86.97 is not in LAN?
  2. How can I assign this machine an IP address in the range 192.168.0.X so that the port forwarding works correctly?

I tried changing the router's LAN to 192.168.86.X, but that just made all of the IP addresses on the network jump to 192.168.87.X. After doing that, here are the results from these commands

ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 30:9c:23:df:3a:f9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.97/24 brd 192.168.0.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet 192.168.87.32/24 brd 192.168.87.255 scope global noprefixroute eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::d97d:409f:4793:c98e/64 scope link
       valid_lft forever preferred_lft forever
3: wlp26s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 30:24:32:b8:4d:6d brd ff:ff:ff:ff:ff:ff

ip route show

default via 192.168.87.1 dev eno1 proto dhcp src 192.168.87.32 metric 202
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.97
192.168.87.0/24 dev eno1 proto dhcp scope link src 192.168.87.32 metric 202
Jon Deaton
  • 101
  • 4
  • What is this "router"? – Michael Hampton Jan 19 '19 at 21:11
  • It's a Netgear C3000-100NAS router. – Jon Deaton Jan 19 '19 at 21:12
  • 1
    Setting aside for the moment that it's home networking equipment, the message means what it says: It won't port forward to an address not in its subnet. You'll probably have to forward it to your other router and port forward it again from there. Or, of course, replace the equipment with something more appropriate for business use. – Michael Hampton Jan 19 '19 at 21:43
  • 1
    @JonDeaton Could you please update the question with the output of `ip addr show` and `ip route show` for a better understanding? – Manuel Florian Jan 19 '19 at 22:17
  • @ManuelFlorian okay, I updated the question with those results! – Jon Deaton Jan 19 '19 at 22:31
  • 1
    @JonDeaton Let me see if I get it right. ArchLinux `192.168.87.32` is wired connected to a Netgear `192.168.87.1` and you want to reach `192.168.0.X/24` network from your ArchLinux? – Manuel Florian Jan 19 '19 at 22:51
  • Yes, they are connected as you describe. I want to port-forward through Netgear to `192.168.87.X`, but it only allows port-forwarding to `192.168.86.x` – Jon Deaton Jan 19 '19 at 22:55
  • I see you just changed the ip address and now the Netgear will only allow to forward to that particular network, in this case `192.168.86.X` because is the only network it recognizes or it's attached to. – Manuel Florian Jan 19 '19 at 23:10
  • @ManuelFlorian yes exactly. However, now I can't get the ArchLinux to have a static IP address in the range `192.168.86.X` – Jon Deaton Jan 19 '19 at 23:11
  • Why not? What have tried? – Manuel Florian Jan 19 '19 at 23:53
  • I have tried assigning it static ip addresses in the range `192.168.86.X`. I use `sudo ip address add 192.168.86.7/24 dev eno1` but I can't ping that IP address from any other machine on the network. Nor, does the port forwarding work after I do that. I have also tried assigning a static IP by editing `/etc/netctl/eno1`. – Jon Deaton Jan 19 '19 at 23:54
  • I'm not a user of Arch Linux so try [this](https://www.ostechnix.com/configure-static-dynamic-ip-address-arch-linux/). – Manuel Florian Jan 20 '19 at 00:51
  • That was one of the first things that I tried. – Jon Deaton Jan 20 '19 at 01:32
  • Any errors while setting up your IP? – Manuel Florian Jan 21 '19 at 16:52

1 Answers1

0

Check if there is another device between your router and server.

It turned out that there was a wireless signal extender between the router and server. The router was assigning IP addresses in the range 192.168.0.X, but the signal extender was assigning IPs in the range 192.168.86.X. Thats why device IPs weren't getting assigned into the router's LAN.

To solve the problem in it's entirety, I just configured the router to forward a port to the signal extender, then configure the signal extender to forward that port again to the server.

Jon Deaton
  • 101
  • 4