SVN over port 3690 failing over intranet
My company uses subversion (with the svn
protocol on port 3690, not over http
) with a local server on our intranet. Currently our developers have their SVN clients pointed to the local IP address of the server (192.168...). We are trying to open up access to the SVN server from the internet, so that developers away from the office can access the subversion services. We have a static IP address, and set our firewall and router to allow traffic on port 3690 and to forward to the correct computer. From outside the office, we can successfully connect to the server using svn://98.<...>:3690. Things are almost good.
Our problem:
Computers that are IN the office cannot access the subversion server using the public IP address; the connection just times out. When we ping our public IP address from inside the network, the response time is 1ms, and 'tracert' shows that the connection is getting only as far as the router before coming back. Attempting to telnet to our external IP address from outside the office shows a connection, but from inside the network we get nothing. Our firewall is not restricting outgoing traffic at all.
Can anyone help us out?
This is not an SVN problem, but rather a firewall feature. Knowing the firewall model would be nice here.
In any case, you should not and often cannot (in the case of Cisco PIX/ASA specifically, without major configuration tweaking) hit the outside IP of your firewall from the inside. Instead, you should configure DNS so that the same name (svn.yourcompany.com) would resolve to the outside IP for external clients and to the 192.168.x.x IP for internal clients. This can be done by using different DNS servers for outside and inside, or same DNS server with multiple views, or using DNS rewrite capabilities of your firewall. Please leave a comment with the firewall model and the description of your DNS setup, and I'll be able to be more specific.