LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Loopback Connections: conection refused to my domain on port (https://www.linuxquestions.org/questions/linux-networking-3/loopback-connections-conection-refused-to-my-domain-on-port-814299/)

f.sivas 06-15-2010 12:15 PM
Loopback Connections: conection refused to my domain on port
 
Hi to all.
Iīm facing a problem just like the one described in http://www.dyndns.com/support/kb/loo...nnections.html.
I have my domain configured correctly at dyndns.
I also have another virtual machine (using openvz) configured as a mail server. From outside the network i have all the serveices available via example.com.
From my internal network i can ping mydomain.com, but when i try to netcat to port 25, it give me "Connection refused", but from outside the network i can conect.
Code:
example.com [xxx.xxx.xxx.xxx] 143 (imap2) : Connection refused
This can be fixed with iptable rules?
this is the script that i use to initialize my iptables rules
Code:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sysctl -w net.ipv4.conf.all.forwarding=1
iptables-save

#=====EMAIL SERVICES=====================
#----SMTP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 25 -d 192.168.1.104 -j ACCEPT
#----POP3
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 110 -d 192.168.1.104 -j ACCEPT
#----POP3S
iptables -t nat -A PREROUTING -p tcp --destination-port 995 -j DNAT --to 192.168.1.104
#----IMAP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
#----IMAPS
iptables -t nat -A PREROUTING -p tcp --destination-port 993 -j DNAT --to 192.168.1.104
Thanks in advanced.

tsg 06-15-2010 01:28 PM
Try putting an entry in your /etc/hosts file for the domain and see if it resolves the problem. For example, if dyndns is set up to forward mail.mydomain.com to your router, which is port forwarding to 192.168.1.104 (as in your example above), put an entry in the hosts file on the client machine mapping mail.mydomain.com to 192.168.1.104.

f.sivas 06-15-2010 02:20 PM
I was wondering if it is possible to do that only using iptables rules.

tsg 06-15-2010 02:37 PM
It's not really an iptables function. DynDNS is reporting your external IP address, which is what anyone external to your network will need to access the server. Internally, you just need to know the internal IP address. As an analogy, it's like going from Philadelphia to New York by way of Alaska.

If you do:
Code:
nc 192.168.1.104 25
does it work?

f.sivas 06-15-2010 04:08 PM
Quote:
Originally Posted by tsg (Post 4004590)
If you do:
Code:
nc 192.168.1.104 25
Yes, that way works. But what i want is to get acess via my domain name.

Quote:
Originally Posted by tsg (Post 4004590)
Internally, you just need to know the internal IP address. As an analogy, it's like going from Philadelphia to New York by way of Alaska.
So you are telling me that the better way is using the /etc/hosts file or using a internal DNS server?
Because i have a mail server, web server, dhcp server and some dhcp clients. Itīs like a home network for my all family.

By the way, this rules works for some hosts and for other donīt:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 143 -j DNAT --to 192.168.1.104
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i venet0 --dport 143 -d 192.168.1.104 -j ACCEPT

tsg 06-16-2010 09:23 AM
Quote:
Originally Posted by f.sivas (Post 4004683)
Yes, that way works. But what i want is to get acess via my domain name.
So then you need a way to map your domain name to the local ip address for computers on your internal network

Quote:
So you are telling me that the better way is using the /etc/hosts file or using a internal DNS server?
Yes. Windows machines can use a hosts file as well.

Quote:
Because i have a mail server, web server, dhcp server and some dhcp clients. Itīs like a home network for my all family.
If you're doing dhcp anyway, I would run DNS. That way if anything changes you don't have to update all the machines. DNS is not hard to set up.

Quote:
By the way, this rules works for some hosts and for other donīt:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 143 -j DNAT --to 192.168.1.104
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i venet0 --dport 143 -d 192.168.1.104 -j ACCEPT
Without knowing more about your setup, I can't explain why it would work on some machines and not others. But either way, it would be more efficient to have the local machines access the server through the local IP address rather than going out through the gateway and coming back in. Plus, if DynDNS or your internet connection goes down, the clients will still be able to access the server.

It's like an office phone system where everyone has their own extension. People inside the office can talk to each other simply by dialing the extension directly, while people outside the office have to dial the main number and get transferred to the right extension. Using the DynDNS IP address for the local clients is like having the people inside the office dial out to the office main number and get transferred to the extension they want to call rather than just dialing the extension.


All times are GMT -5. The time now is 11:40 AM.