LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-05-2009, 02:15 PM   #1
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Rep: Reputation: 0
Cannot access own public web and mail server from LAN addresses


I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem.

The symptoms of the one which does not work
1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.

2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.

I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.

Or perhaps the way DNS records are set up?

Could you point me to some debugging tools?
 
Old 08-05-2009, 02:23 PM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hello,

I assume that your router is set up to be the gateway in your LAN, right? So if your users try to go to their website do they use a http://website.domain.com or http://000.000.000.000 (ip-address)?

If they use domain name, how are your DNS settings? Do you have your own DNS server in house? Or does all naming services get provided by the ISP's DNS servers?

Is your router setup to accept traffic for http and mail and redirect it to the correct server?

Kind regards,

Eric
 
Old 08-05-2009, 03:24 PM   #3
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by EricTRA View Post
Hello,

I assume that your router is set up to be the gateway in your LAN, right? So if your users try to go to their website do they use a http://website.domain.com or http://000.000.000.000 (ip-address)?
Eric
Yes


Quote:
Originally Posted by EricTRA View Post
If they use domain name, how are your DNS settings? Do you have your own DNS server in house? Or does all naming services get provided by the ISP's DNS servers?

Is your router setup to accept traffic for http and mail and redirect it to the correct server?

Kind regards,

Eric
The simple answer to all your questions is that ALL works fine from outside the LAN. The router forwarding is fine - it works.
I have the DNS records at a registrar service which provides for DNS management.

The most simple way I can describe this: If I connect my laptop to the LAN at work, I have the described problems. The same laptop will work just fine from my home.

I am suspecting it has to do with NAT loopback - the router which works is Apple Airport Base Station, the one which does not is DLINK.
 
Old 08-06-2009, 01:01 AM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Can you perform a trace from a workstation to your smtp/pop server? Not using IP of course but the url you use from home to find out where the communication stops? I assume also it is your DLINK router that's causing the problem.

Also, do you have your mail server set up in DMZ or directly to the internet (which is pretty dangerous of course) and/or do you use a proxy server?

Is there a firewall configured on your router? Or separate firewall?

Kind regards,

Eric
 
Old 08-06-2009, 01:33 AM   #5
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Eric, thank you for your patience.

The router already provides a simple firewall by virtue of the way NAT works. By default NAT does not respond to unsolicited incoming requests on any port.

I never use DMZ, I forward the ports to the server.

I have only enabled SPI in the firewall. In ALG I have left enabled all
PPTP :
IPSec (VPN Passthrough) :
RTSP (Online Video Streaming) :
Windows/MSN Messenger :
FTP :
H.323 (Video Conferencing) :
SIP :
Wake-On-LAN :
MMS :

I will do the trace (excellent suggestion) when I get to the office but I think, that with the router-modem I have, I cannot achive the desired result. It is DLINK 2741B - I think DLINK is really a bad choice.
 
Old 08-06-2009, 02:02 AM   #6
settntrenz
Member
 
Registered: Aug 2009
Location: Orlando, Florida
Distribution: RHEL, Ubuntu
Posts: 49

Rep: Reputation: 19
Sounds like an IPtables/NAT issue. Try this http://www.netfilter.org/documentati...-HOWTO-10.html
 
Old 08-06-2009, 02:19 AM   #7
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hi,

No problem whatsoever

I've worked with DLINK in the past without any real problems, so I wouldn't say it was a bad choice. It just depends on what you need and what the DLINK model offers.

How did you configure access to your mail server in the router? Using port forwarding, ip rules, virtual server? Can you provide screenshots of those settings?

Kind regards,

Eric
 
Old 08-06-2009, 05:38 AM   #8
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Port forwarding
Attached Thumbnails
Click image for larger version

Name:	Screenshot.png
Views:	29
Size:	184.3 KB
ID:	1171  
 
Old 08-06-2009, 05:47 AM   #9
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by settntrenz View Post
Sounds like an IPtables/NAT issue. Try this http://www.netfilter.org/documentati...-HOWTO-10.html
I tried the suggestions for port 80 but the result was the same.
 
Old 08-06-2009, 05:50 AM   #10
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Where you able to do a trace from your LAN at work to your smtp/pop server? Please post the output.

Kind regards,

Eric
 
Old 08-06-2009, 06:56 AM   #11
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Our workstations are windows and they do not have full traceroute to trace to a port. Ordinary trace output is
Code:
traceroute to terezamaxovadetem.cz (88.208.66.6), 30 hops max, 40 byte packets

 1  88.208.66.6 (88.208.66.6)  0.698 ms  0.940 ms  1.166 ms
telnet 88.208.66.6 25 is
Code:
telnet: Unable to connect to remote host: Connection refused
 
Old 08-06-2009, 07:01 AM   #12
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
I might be mistaking about this but to me it seems that you only have port forwarding enabled from the outside to your mailserver, and by using domain (external DNS) you get bounced back to your own router. Don't know if it will work but try creating a port forwarding rule for your LAN network on the router so that it detects when communication is coming from inside LAN on port 25/110 that it doesn't have to throw it on the internet.

There probably is an easier way but I'm not sure how, maybe instead of using port forwarding you could use virtual server. Probably someone with more experience with those routers will kick in sooner or later.

Kind regards,

Eric
 
Old 08-06-2009, 07:32 AM   #13
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by EricTRA View Post
I might be mistaking about this but to me it seems that you only have port forwarding enabled from the outside to your mailserver, and by using domain (external DNS) you get bounced back to your own router. Don't know if it will work but try creating a port forwarding rule for your LAN network on the router so that it detects when communication is coming from inside LAN on port 25/110 that it doesn't have to throw it on the internet.
Eric
If I knew how to
Quote:
try creating a port forwarding rule for your LAN network
I would not be here trying you patience/

Could you post an example?
 
Old 08-06-2009, 07:46 AM   #14
910
LQ Newbie
 
Registered: Aug 2009
Posts: 9

Rep: Reputation: 1
To be able to communicate with devices inside your LAN from inside the LAN using the internet-routable address, you need to set up a feature called "NAT loopback" in your router. Whether this is possible or not depends on your router.

Another option is to use an internal DNS server and make the appropriate records point to the internal LAN IP-addresses.
 
Old 08-06-2009, 09:09 AM   #15
lannyr
LQ Newbie
 
Registered: Aug 2009
Location: Prague
Distribution: Debian
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks. My router does not show a NAT loopback feature anywhere. Is it known under a different name?

I will see if I can try to set up my own DNS server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to access a web server in LAN karthickannamalai Linux - Newbie 4 06-12-2008 12:31 PM
Setting up a public web/mail server gViscardi Linux - Server 7 03-20-2007 07:46 AM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 11:27 AM
cannot access web server from LAN puding Linux - Newbie 11 09-07-2004 12:06 AM
Can't access Linux web server web pages from LAN client jaydave Linux - Networking 4 03-16-2003 02:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration