I have re-kagiggered my ip range and netmask and re-setup my vpn and everything is working fine - with the exception of my firewall port-forwards (which I thought would be the easiest part!!)
I can successfully connect locally by sftp to the host (megabyte) or its IP address, but when I try to remotely connect the wan-side port (via the wan IP address), nothing happens (it eventually times out)
If I try to connect to the host via the FQDN from inside my network (which used to work) it times out also.
On the other hand, I am able to access the sftp server from inside my network by going to the WAN address like this:
sftp -p123 my.wan.ip.address
I have tried with and without NAT Loopback.
I just discovered that TWO of my port forwards (sprinklers and ted) are working here is one of them:
OK... I figured out that this:
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.13.0.1
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 10.13.0.1
has hosed this up. The problem is, without this, I cannot access my hosts locally by hostname.
Correct. I've tried something like this (both of which worked before I changed my address range):
sftp -p123 my.wan.ip.address
and
sftp -p123 my.domain.com
The wan is connected to my Spectrum provider's cable modem.
I am able to connect directly to the host from inside my network like this:
sftp -p22 megabyte
or:
sftp -p22 10.13.0.69
What aggravates me is this USED to work before I changed my address range (from 192.168.1.1/255.255.255.0 to 10.13.0.1/255.255.252.0
I just found another clue where a couple of my web pages are actually working (see the bottom of the original posting). The ones I am having problems with are the sftp connection and the http and https connections. ted.my.domain.com and sprinklers.my.domain.com are working from both inside and outside of my network(!) I don't see any difference between these working port-forwards and the ones that aren't working
