LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-30-2003, 04:57 AM   #1
eicherlist
LQ Newbie
 
Registered: Dec 2003
Posts: 11

Rep: Reputation: 0
Connection Refused network porblem


Hi Experts

I have the following porblem. A firewall with 3 nics does the routing and filtering.


INTERNET
|---------------|
|----------| |----------|
|eth0 ISP_1| |eth1 ISP_2|
|----------| |----------|

routing iptables nat DNS

|----------|
|eth2 local|
|----------|
|
|
|-------------------|
|----------| |----------|
|eth0 www01| |eth0 www02|
|via ISP_1 | |via ISP_2 |
|----------| |----------|

Everything is working, expect the connections from www01 to www02 over the firewall. From the Internet can I access all

servicses.
If a user want to access a service (telnet mydomain 25) running on www02 is an error saying: Connection Refused

Whats wrong does anybody have suggestions..

Sorry for my english...

Regards Rene


 
Old 12-30-2003, 08:16 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Looks like you need split routing in the firewall, supplied by the iproute2 package..
(which you probably have installed already..)

The Advanced Routing HOWTO explains more in chapter 4
 
Old 12-30-2003, 09:22 AM   #3
eicherlist
LQ Newbie
 
Registered: Dec 2003
Posts: 11

Original Poster
Rep: Reputation: 0
Thank you Peter for respond...

I already configured the spliting. Should I post my scripts. So maybe you can see more?

Thx again
Rene
 
Old 12-30-2003, 10:05 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
So, is the problem with internal users trying to talk to www01 & www02 using the external url names or ip addresses?
 
Old 12-30-2003, 10:26 AM   #5
eicherlist
LQ Newbie
 
Registered: Dec 2003
Posts: 11

Original Poster
Rep: Reputation: 0
not exactly...
for example a user on www01 want to send an email to an other user on www02. Then gives in the log a messages "Connection Refused".
So I tried to connect via console form www01 to www02 with the following string " telnet mydomain 25" (mydomain is for the real DNS Name). Then also gets an error "Connection Refused"
Both servers are webserver the users can acces, with a webmail tool.
BTW "telnet mydomain 80" results the same error

Regards
Rene
Thx for helping
 
Old 12-30-2003, 11:27 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
That's what I needed to hear!

If you use the full domain name of a server behind a router/firewall that has a local address, there is a routing loop...
You send to mail.domain.biz (eg 123.456.789.111), the firewall finds the server and routes you to www01 at eg 10.x.x.1
www01 sees an incoming mail request from www002's local ip 10.x.x.2, knows it is local and sends it's reply locally, directly...
Problem occurs when www02 gets a reply from 10.x.x.1 rather than 123.456.789.111 & drops it...

I have tried various iptables snat/dnat rules to get around this, but found the easiest was to install dnsmasq.
This uses the firewall/router's /etc/hosts file to help resolve names.
In there I place all the used url names against the local ip number of each www~ machine.
Then place a redirect rule for dns requests from local connections to use dnsmasq on 127.0.0.1
dnsmasq will use the dns nameservers listed in /etc/resolv.conf
 
Old 12-30-2003, 11:41 AM   #7
eicherlist
LQ Newbie
 
Registered: Dec 2003
Posts: 11

Original Poster
Rep: Reputation: 0
I will give that solution a try

thx again
Rene
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RHN - Network error 111: Connection refused Adam555 Linux - Newbie 1 05-25-2004 12:23 PM
Connection Refused network porblem eicherlist Linux - Wireless Networking 1 12-30-2003 08:09 AM
Connection Refused - site specific network problems Laptop running debian 2.6.0-test7 bjarvis829 Linux - Laptop and Netbook 1 10-11-2003 01:10 PM
Connection Refused - site specific network problems Laptop running debian 2.6.0-test7 bjarvis829 Linux - Networking 2 10-11-2003 12:24 PM
Connection Refused and network path not found adeline_AhMei Linux - Networking 5 07-02-2001 06:42 PM


All times are GMT -5. The time now is 10:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration