LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-15-2010, 12:15 PM   #1
f.sivas
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Rep: Reputation: 0
Loopback Connections: conection refused to my domain on port


Hi to all.
Iīm facing a problem just like the one described in http://www.dyndns.com/support/kb/loo...nnections.html.
I have my domain configured correctly at dyndns.
I also have another virtual machine (using openvz) configured as a mail server. From outside the network i have all the serveices available via example.com.
From my internal network i can ping mydomain.com, but when i try to netcat to port 25, it give me "Connection refused", but from outside the network i can conect.
Code:
example.com [xxx.xxx.xxx.xxx] 143 (imap2) : Connection refused
This can be fixed with iptable rules?
this is the script that i use to initialize my iptables rules
Code:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sysctl -w net.ipv4.conf.all.forwarding=1
iptables-save

#=====EMAIL SERVICES=====================
#----SMTP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 25 -d 192.168.1.104 -j ACCEPT
#----POP3
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 110 -d 192.168.1.104 -j ACCEPT
#----POP3S
iptables -t nat -A PREROUTING -p tcp --destination-port 995 -j DNAT --to 192.168.1.104
#----IMAP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
#----IMAPS
iptables -t nat -A PREROUTING -p tcp --destination-port 993 -j DNAT --to 192.168.1.104
Thanks in advanced.
 
Old 06-15-2010, 01:28 PM   #2
tsg
Member
 
Registered: Mar 2008
Posts: 155

Rep: Reputation: 30
Try putting an entry in your /etc/hosts file for the domain and see if it resolves the problem. For example, if dyndns is set up to forward mail.mydomain.com to your router, which is port forwarding to 192.168.1.104 (as in your example above), put an entry in the hosts file on the client machine mapping mail.mydomain.com to 192.168.1.104.
 
Old 06-15-2010, 02:20 PM   #3
f.sivas
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Original Poster
Rep: Reputation: 0
I was wondering if it is possible to do that only using iptables rules.
 
Old 06-15-2010, 02:37 PM   #4
tsg
Member
 
Registered: Mar 2008
Posts: 155

Rep: Reputation: 30
It's not really an iptables function. DynDNS is reporting your external IP address, which is what anyone external to your network will need to access the server. Internally, you just need to know the internal IP address. As an analogy, it's like going from Philadelphia to New York by way of Alaska.

If you do:
Code:
nc 192.168.1.104 25
does it work?

Last edited by tsg; 06-15-2010 at 02:38 PM.
 
Old 06-15-2010, 04:08 PM   #5
f.sivas
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by tsg View Post
If you do:
Code:
nc 192.168.1.104 25
Yes, that way works. But what i want is to get acess via my domain name.

Quote:
Originally Posted by tsg View Post
Internally, you just need to know the internal IP address. As an analogy, it's like going from Philadelphia to New York by way of Alaska.
So you are telling me that the better way is using the /etc/hosts file or using a internal DNS server?
Because i have a mail server, web server, dhcp server and some dhcp clients. Itīs like a home network for my all family.

By the way, this rules works for some hosts and for other donīt:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 143 -j DNAT --to 192.168.1.104
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i venet0 --dport 143 -d 192.168.1.104 -j ACCEPT
 
Old 06-16-2010, 09:23 AM   #6
tsg
Member
 
Registered: Mar 2008
Posts: 155

Rep: Reputation: 30
Quote:
Originally Posted by f.sivas View Post
Yes, that way works. But what i want is to get acess via my domain name.
So then you need a way to map your domain name to the local ip address for computers on your internal network

Quote:
So you are telling me that the better way is using the /etc/hosts file or using a internal DNS server?
Yes. Windows machines can use a hosts file as well.

Quote:
Because i have a mail server, web server, dhcp server and some dhcp clients. Itīs like a home network for my all family.
If you're doing dhcp anyway, I would run DNS. That way if anything changes you don't have to update all the machines. DNS is not hard to set up.

Quote:
By the way, this rules works for some hosts and for other donīt:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i eth0 --dport 143 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 143 -j DNAT --to 192.168.1.104
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 143 -j DNAT --to-dest 192.168.1.104
iptables -A FORWARD -p tcp -i venet0 --dport 143 -d 192.168.1.104 -j ACCEPT
Without knowing more about your setup, I can't explain why it would work on some machines and not others. But either way, it would be more efficient to have the local machines access the server through the local IP address rather than going out through the gateway and coming back in. Plus, if DynDNS or your internet connection goes down, the clients will still be able to access the server.

It's like an office phone system where everyone has their own extension. People inside the office can talk to each other simply by dialing the extension directly, while people outside the office have to dial the main number and get transferred to the right extension. Using the DynDNS IP address for the local clients is like having the people inside the office dial out to the office main number and get transferred to the extension they want to call rather than just dialing the extension.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora 8: loopback telnet -> connection refused Speed_Demon_X Linux - Newbie 3 06-08-2008 10:01 AM
ssh setting up port 22 conection refused TheBrick Linux - Networking 3 02-22-2007 08:57 AM
Outgoing connections on port 25 => refused, postfix? kingfisher Linux - Networking 8 01-25-2007 01:53 AM
Telnet connections refused drosen Linux - Networking 4 07-28-2006 01:13 PM
Ftp conection refused error NewtonIX Linux - General 4 11-02-2003 02:08 PM


All times are GMT -5. The time now is 02:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration