Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a a VOIP PBX in a DMZ behind my firewall at home and I have been playing around with IPTABLES. I wanted certain ports like 80,443,5060-5065,and others to be open so that I can browse the net,have my VOIP phones work with my PBX and etc. Here is the strange part. From the CLI I can ping a domain via IP or name, download updates and install them via YUM and everythings works fine from the CLI. The minute I open up a web browser I cannot get to any website. I can see it making an attempt but I cannot get to any webpage for browsing! I can even dig umuc.edu or any other domain and get feedback! What could it be and can some one give me a sample iptable rule set for a SOHO DMZ setup?
Last edited by metallica1973; 03-20-2007 at 09:18 PM.
Yes, it could be a DNS issue. Can you point your browser at a site by IP address (i.e., resolve the name manually outside of the browser)?
I've run tcpdump on port 53 (UDP, but you can leave that unspecified) to see DNS requests and replies. (The issue I had to debug was that my router sometimes didn't pass the replies back in.)
I cannot get to a website via http. I do not understand how I can ping a website the name, ex. linuxquestions.org or google.com via the CLI and get a reply and when I go to the browser nothing. If DNS was the issue then how am I able to get a reply via the CLI by name:
[example@test ~]$ ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=235 time=44.8 ms
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=2 ttl=235 time=45.2 ms
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=3 ttl=235 time=45.3 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 44.844/45.156/45.356/0.283 ms
Sounds like ping can resolve names no problem. To confirm that DNS is not the issue with the browser, you could paste http://64.233.167.99/ into the browser.
Quote:
I wanted certain ports like 80,443,5060-5065,and others to be open so that I can browse the net,have my VOIP phones work with my PBX and etc.
In the usual lingo, you only need ports 80 and 443 open (i.e., accepting connections from the internet) if you run a web server. They don't need to be "open" to browse the net. The typical iptables setup accepts any connection initiated from inside, and the reply packets from the website are allowed in because they're related to the connection established by your browser. That's not to say that other configurations aren't possible -- some companies limit what outgoing connections their employees may establish.
Ironically my main firewall went down and I ended up replacing the machine and rebuilding my firewall and all is fine. I used the same firewall script that was on the other firewall and made some adjustments and it works fine. I must have had something on the VOIP server that wasnt routing correctly. Many thanks!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.