LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-11-2005, 06:51 PM   #1
Dalvinio
LQ Newbie
 
Registered: Mar 2005
Posts: 1

Rep: Reputation: 0
Question Connection to external hostname from outside ok but rejected from inside network


First of all: the host- and domainnames used here aren't the actual names I used but are used to make it a bit more convenient to discuss the problem I've been facing for the past few days.

My setup:
- Private network (IP's 192.168.1.x, subnet 255.255.255.0)

- 1 router; internal hostname router.domain.lan; internal IP 192.168.1.250; external hostname is mail.domain.nl; the router is running DNS forwarding and a DHCP service; the reverse DNS is set to something else (I've been trying to get that changed, but my provider keeps me waiting)

- 4 desktop PC; 1 running Linux; 3 running Windows XP SP2; IP's 192.168.1.101~104 assigned by DHCP from the router

- 1 Linux system (Fedora 2) acting as a file/print/mail server; IP 192.168.1.1, hostname aqua.domain.lan; for the 'outside' world it runs ssh, imap, pop3 and smtp services on the regular ports and those ports are being forwarded by the router; additionally it runs samba and cups for the internal network.

I've been using this setup for about 6 months, without any problems. When accessing the server (aqua.domain.lan) from the private network, I use it's 'internal' hostname and when accessing it from elsewhere (outside my private network) I use the mail.domain.nl hostname. This all works fine.

So much for backgroundinformation. Here comes the problemdescription: I'm the proud owner of a laptop for about 4 days now. It's IP on my private network is 192.168.1.105 and is assigned by DHCP from the router. I want to use this latop to access my server (aqua.domain.lan) through imap from the private network as well as from everywhere else. I thought I'd just use the external hostname (mail.domain.nl) so I don't have to change hostnames when I'm at home or at the office for example.

The problem is that when I use the EXTERNAL hostname (mail.domain.nl) for the server (aqua.domain.lan) when I'm on the PRIVATE network I can't get a connection. When I use it's internal hostname the things works like a charm. This situation is the same on ALL my desktops and the laptop. At first I thought it was a problem with Microsofts implementation of the TCP/IP stack, but even the Linux desktop has this problem. Also, the problem rises with every service I try to use in this way (ssh, imap, pop3, smtp).

This is the set of firewall rules on the server:

========Firewall Rules==============================
*** [ root @ aqua ] 01:01
~ > iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
================================================

I included the tcpdump output for a session where I tried to connect through pop3 (with hostnames replaced by the ones used in my problem description of course). The command I issued from the system using the IP 192.168.1.105 was "telnet mail.domain.nl 110".

========TCPDump Output============================
*** [ root @ aqua ] 00:59
~ > tcpdump host 192.168.1.105 and port 110
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:59:26.752664 IP 192.168.1.105.32771 > external.host.name.dsl.provider.nl.pop3: S 1614669079:1614669079(0) win 5840 <mss 1460,sackOK,timestamp 27062 0,nop,wscale 0>
00:59:26.753762 IP 192.168.1.105.32771 > aqua.domain.lan.pop3: S 1614669079:1614669079(0) win 5840 <mss 1460,sackOK,timestamp 27062 0,nop,wscale 0>
00:59:26.753840 IP aqua.domain.lan.pop3 > 192.168.1.105.32771: S 1131741603:1131741603(0) ack 1614669080 win 5792 <mss 1460,sackOK,timestamp 960306615 27062,nop,wscale 0>
00:59:26.753895 IP 192.168.1.105.32771 > aqua.domain.lan.pop3: R 1614669080:1614669080(0) win 0
================================================

As you can see in the last line, the host at 192.168.1.105 issues the connection reset. That's another thing I really can't explain.

The server has a set of hostnames configured that it is supposed to react to. Here are the contents of the /etc/hosts file:

========/etc/hosts=================================
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 aqua.domain.lan aqua mail.domain.lan mail home.domain.lan home mail.domain.nl smtp.domain.nl home.domain.nl localhost.localdomain localhost
================================================

The /etc/hosts.allow and /etc/hosts.deny files are blank (well, apart from some comments). I don't have any specific firewall settings on the router. All internal network traffic is routed fine. There are no other problems when using the services and, once again, when connecting from outside my private network, I don't have this problem.

Can anyone shed some light on this situation? Any hints, tips, solutions?

Last edited by Dalvinio; 03-11-2005 at 07:06 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP connection rejected fabrice Linux - Networking 3 02-24-2014 05:11 AM
Improoving net connection inside LAN. Palula Linux - Networking 2 08-28-2005 11:59 AM
dual boot: linux inside, XP in external USB? rastavideo Linux - Hardware 6 06-14-2005 09:32 PM
Postfix error: Client host rejected: cannot find your hostname. olegarr Linux - Networking 2 06-28-2003 03:38 PM
Rejected Connection vcheah Linux - Security 6 04-12-2002 01:19 PM


All times are GMT -5. The time now is 03:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration