Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-11-2005, 07:51 PM   #1
LQ Newbie
Registered: Mar 2005
Posts: 1

Rep: Reputation: 0
Question Connection to external hostname from outside ok but rejected from inside network

First of all: the host- and domainnames used here aren't the actual names I used but are used to make it a bit more convenient to discuss the problem I've been facing for the past few days.

My setup:
- Private network (IP's 192.168.1.x, subnet

- 1 router; internal hostname router.domain.lan; internal IP; external hostname is; the router is running DNS forwarding and a DHCP service; the reverse DNS is set to something else (I've been trying to get that changed, but my provider keeps me waiting)

- 4 desktop PC; 1 running Linux; 3 running Windows XP SP2; IP's assigned by DHCP from the router

- 1 Linux system (Fedora 2) acting as a file/print/mail server; IP, hostname aqua.domain.lan; for the 'outside' world it runs ssh, imap, pop3 and smtp services on the regular ports and those ports are being forwarded by the router; additionally it runs samba and cups for the internal network.

I've been using this setup for about 6 months, without any problems. When accessing the server (aqua.domain.lan) from the private network, I use it's 'internal' hostname and when accessing it from elsewhere (outside my private network) I use the hostname. This all works fine.

So much for backgroundinformation. Here comes the problemdescription: I'm the proud owner of a laptop for about 4 days now. It's IP on my private network is and is assigned by DHCP from the router. I want to use this latop to access my server (aqua.domain.lan) through imap from the private network as well as from everywhere else. I thought I'd just use the external hostname ( so I don't have to change hostnames when I'm at home or at the office for example.

The problem is that when I use the EXTERNAL hostname ( for the server (aqua.domain.lan) when I'm on the PRIVATE network I can't get a connection. When I use it's internal hostname the things works like a charm. This situation is the same on ALL my desktops and the laptop. At first I thought it was a problem with Microsofts implementation of the TCP/IP stack, but even the Linux desktop has this problem. Also, the problem rises with every service I try to use in this way (ssh, imap, pop3, smtp).

This is the set of firewall rules on the server:

========Firewall Rules==============================
*** [ root @ aqua ] 01:01
~ > iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

I included the tcpdump output for a session where I tried to connect through pop3 (with hostnames replaced by the ones used in my problem description of course). The command I issued from the system using the IP was "telnet 110".

========TCPDump Output============================
*** [ root @ aqua ] 00:59
~ > tcpdump host and port 110
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:59:26.752664 IP > S 1614669079:1614669079(0) win 5840 <mss 1460,sackOK,timestamp 27062 0,nop,wscale 0>
00:59:26.753762 IP > aqua.domain.lan.pop3: S 1614669079:1614669079(0) win 5840 <mss 1460,sackOK,timestamp 27062 0,nop,wscale 0>
00:59:26.753840 IP aqua.domain.lan.pop3 > S 1131741603:1131741603(0) ack 1614669080 win 5792 <mss 1460,sackOK,timestamp 960306615 27062,nop,wscale 0>
00:59:26.753895 IP > aqua.domain.lan.pop3: R 1614669080:1614669080(0) win 0

As you can see in the last line, the host at issues the connection reset. That's another thing I really can't explain.

The server has a set of hostnames configured that it is supposed to react to. Here are the contents of the /etc/hosts file:

# Do not remove the following line, or various programs
# that require network functionality will fail. aqua.domain.lan aqua mail.domain.lan mail home.domain.lan home localhost.localdomain localhost

The /etc/hosts.allow and /etc/hosts.deny files are blank (well, apart from some comments). I don't have any specific firewall settings on the router. All internal network traffic is routed fine. There are no other problems when using the services and, once again, when connecting from outside my private network, I don't have this problem.

Can anyone shed some light on this situation? Any hints, tips, solutions?

Last edited by Dalvinio; 03-11-2005 at 08:06 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP connection rejected fabrice Linux - Networking 3 02-24-2014 06:11 AM
Improoving net connection inside LAN. Palula Linux - Networking 2 08-28-2005 12:59 PM
dual boot: linux inside, XP in external USB? rastavideo Linux - Hardware 6 06-14-2005 10:32 PM
Postfix error: Client host rejected: cannot find your hostname. olegarr Linux - Networking 2 06-28-2003 04:38 PM
Rejected Connection vcheah Linux - Security 6 04-12-2002 02:19 PM

All times are GMT -5. The time now is 06:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration