Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not really a "newbie" but it's been a while since I've been here. I forgot my password and abandoned the email address I was using when I was last here, so I registered with a new ID. Enough with the intro -- here's my problem.
I set up LAMP stack on my laptop and it's been working fine, internally. I finally got around to setting up port forwarding and I can see my sites from other devices on my network. One of the devices is my mobile phone. While connected to our wifi network, I can see my sites using both internal (192.x.x.x.) and external (204.x.x.x:8080) ip addresses (using 8080 per TWC rep's instructions). However, when I disconnect from wifi, I get 'HTTP ERROR: 504 Gateway Timeout RequestURI=http://204.x.x.x:8080'.
What did I miss? Any help making my site visible to the world outside my network would truly be appreciated.
(I think this is the first time I've heard about someone having problem accessing a forwarded port from the outside, while "hairpin NAT" from the inside works fine.)
The 504 error indicates that something is responding to your request, which again implies that the port forwarding is working, unless there's a reverse proxy somewhere in the path.
Just to rule out the latter, could you try running tcpdump on the server while you're trying to connect?
Code:
tcpdump -i eth0 -vv tcp port 80
should do the trick (assuming the interface name is eth0 and the local port is 80).
The dump shows traffic from TCP port 48950 on your server to port 80 on a Dropbox server, but nothing to or from port 80 on the Linux server.
Let me see if I got this right:
The web server is running on port 80 on the Linux server
You can access this web site from a local computer or a smartphone using the URL http://<server_IP_address>
You forwarded port 8080 on the router to port 80 on the server
After setting up port forwarding, you could also access the site via http://<public_IP_of_router>:8080 while connected to the local network
You were/are unable to access the URL http://<public_IP_of_router>:8080 from the Internet, but got a 504 error message
I'd thought perhaps the 504 error had something to do with the client IP address, but since nothing showed up on tcpdump, something else must be responding and generating the 504 error page. It could be a reverse proxy somewhere, or it could be the router itself.
Have you tried changing the external port number to some other random, high port? Perhaps one commonly used by another service (1080, 1723, 3389, 5900), and as such unlikely to be filtered by the ISP?
To exclude traffic going to external http servers from the TCP capture, try this:
Code:
tcpdump -i wlan0 \(dst 192.168.1.2 and tcp dst port 80\) or \(src 192.168.1.2 and tcp src port 80\)
The backslashes are needed to excape the parentheses, as they would otherwise be interpreted by the shell. Replace both instances of 192.168.1.2 with the local IP address of the Linux server, and only packets to and from the local web server will be captured.
* The web server is running on port 80 on the Linux server
* You can access this web site from a local computer or a smartphone using the URL http://<server_IP_address>
* You forwarded port 8080 on the router to port 80 on the server
* After setting up port forwarding, you could also access the site via http://<public_IP_of_router>:8080 while connected to the local network
You were/are unable to access the URL http://<public_IP_of_router>:8080 from the Internet, but got a 504 error message
* Yes, the web server is running on port 80 on the Linux server, which is my notebook PC.
* I can access the site from a local PC or smartphone on the the same network using either the internal or external IP address. If I disable wifi on my smartphone to use the mobile carrier's internet service, I cannot connect, though the previously posted tcpdump shows some sort of connection activity. I was very surprised that I was able to use the external IP address on other PCs on the network because when I set up a server years ago, I had to use a site like proxify.com to test the server externally (from a PC on the network).
* I am now forwarding from port 80 on the router so I don't have to include the port in the URL.
* Yes, after setting up port forwarding, I could access the site while connected to the local network. Using port 80, I could simply use <server_IP_address> or <public_IP_of_router>. From outside the network, I tested using <public_IP_of_router> and http://<public_IP_of_router> and get the 504 error message.
Using your second tcpdump command, I didn't see any output when I tried to connect.
I uninstalled dropbox. Now tcpdump does not generate any output when I try to connect with my smartphone from outside the network.
I tried port 3389 with no luck. When I spoke to ISP yesterday, I was expecting the rep to tell me that port 80 was blocked, as it was with my previous ISP, Optimum Online.
Thanks for your help. I'm going to back and test with Windows/IIS. The last time I tried, it didn't work there, either.
Solution: don't include the external ip address in the port forwarding screen -- only the port number(s).
Steve
Last edited by hudsonrecords; 01-29-2014 at 12:15 PM.
Reason: added solution
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.