[SOLVED] Trouble making site public

hudsonrecords · 01-24-2014, 05:18 PM

Hi,

I'm not really a "newbie" but it's been a while since I've been here. I forgot my password and abandoned the email address I was using when I was last here, so I registered with a new ID. Enough with the intro -- here's my problem.

I set up LAMP stack on my laptop and it's been working fine, internally. I finally got around to setting up port forwarding and I can see my sites from other devices on my network. One of the devices is my mobile phone. While connected to our wifi network, I can see my sites using both internal (192.x.x.x.) and external (204.x.x.x:8080) ip addresses (using 8080 per TWC rep's instructions). However, when I disconnect from wifi, I get 'HTTP ERROR: 504 Gateway Timeout RequestURI=http://204.x.x.x:8080'.

What did I miss? Any help making my site visible to the world outside my network would truly be appreciated.

Thanks!

Steve

Ser Olmy · 01-24-2014, 06:35 PM

(I think this is the first time I've heard about someone having problem accessing a forwarded port from the outside, while "hairpin NAT" from the inside works fine.)

The 504 error indicates that something is responding to your request, which again implies that the port forwarding is working, unless there's a reverse proxy somewhere in the path.

Just to rule out the latter, could you try running tcpdump on the server while you're trying to connect?

Code:

tcpdump -i eth0 -vv tcp port 80

should do the trick (assuming the interface name is eth0 and the local port is 80).

hudsonrecords · 01-24-2014, 08:25 PM

Thanks for the reply, Ser. Here's the output from tcpdump (using wlan0 instead of eth0). This is for 2 times trying to connect with my mobile device:

tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:42:24.434334 IP (tos 0x0, ttl 42, id 13911, offset 0, flags [DF], proto TCP (6), length 231)
snt-re1-8c.sjc.dropbox.com.http > sbrown-Satellite-L505D.local.49850: Flags [P.], cksum 0x9e7b (correct), seq 2009341331:2009341510, ack 1493220123, win 83, options [nop,nop,TS val 2025012891 ecr 67534649], length 179
20:42:24.437636 IP (tos 0x0, ttl 64, id 34824, offset 0, flags [DF], proto TCP (6), length 362)
sbrown-Satellite-L505D.local.49850 > snt-re1-8c.sjc.dropbox.com.http: Flags [P.], cksum 0xd50c (correct), seq 1:311, ack 179, win 2641, options [nop,nop,TS val 67549204 ecr 2025012891], length 310
20:42:24.546863 IP (tos 0x0, ttl 42, id 13912, offset 0, flags [DF], proto TCP (6), length 52)
snt-re1-8c.sjc.dropbox.com.http > sbrown-Satellite-L505D.local.49850: Flags [.], cksum 0xc4fe (correct), seq 179, ack 311, win 83, options [nop,nop,TS val 2025012919 ecr 67549204], length 0
20:43:20.391163 IP (tos 0x0, ttl 42, id 13913, offset 0, flags [DF], proto TCP (6), length 231)
snt-re1-8c.sjc.dropbox.com.http > sbrown-Satellite-L505D.local.49850: Flags [P.], cksum 0x2c14 (correct), seq 179:358, ack 311, win 83, options [nop,nop,TS val 2025026880 ecr 67549204], length 179
20:43:20.394419 IP (tos 0x0, ttl 64, id 34825, offset 0, flags [DF], proto TCP (6), length 362)
sbrown-Satellite-L505D.local.49850 > snt-re1-8c.sjc.dropbox.com.http: Flags [P.], cksum 0x68dd (correct), seq 311:621, ack 358, win 2641, options [nop,nop,TS val 67563193 ecr 2025026880], length 310
20:43:20.501593 IP (tos 0x0, ttl 42, id 13914, offset 0, flags [DF], proto TCP (6), length 52)
snt-re1-8c.sjc.dropbox.com.http > sbrown-Satellite-L505D.local.49850: Flags [.], cksum 0x55cb (correct), seq 358, ack 621, win 83, options [nop,nop,TS val 2025026908 ecr 67563193], length 0

I see something about dropbox, so I closed dropbox (running in system tray) and tried again but that didn't help.

When I quit with Ctrl-C:

9 packets captured
9 packets received by filter
0 packets dropped by kernel
9952 packets dropped by interface

Also, I changed the 8080 in port forwarding to 80.

Ser Olmy · 01-24-2014, 09:30 PM

The dump shows traffic from TCP port 48950 on your server to port 80 on a Dropbox server, but nothing to or from port 80 on the Linux server.

Let me see if I got this right:

The web server is running on port 80 on the Linux server
You can access this web site from a local computer or a smartphone using the URL http://<server_IP_address>
You forwarded port 8080 on the router to port 80 on the server
After setting up port forwarding, you could also access the site via http://<public_IP_of_router>:8080 while connected to the local network
You were/are unable to access the URL http://<public_IP_of_router>:8080 from the Internet, but got a 504 error message

I'd thought perhaps the 504 error had something to do with the client IP address, but since nothing showed up on tcpdump, something else must be responding and generating the 504 error page. It could be a reverse proxy somewhere, or it could be the router itself.

Have you tried changing the external port number to some other random, high port? Perhaps one commonly used by another service (1080, 1723, 3389, 5900), and as such unlikely to be filtered by the ISP?

To exclude traffic going to external http servers from the TCP capture, try this:

Code:

tcpdump -i wlan0 \(dst 192.168.1.2 and tcp dst port 80\) or \(src 192.168.1.2 and tcp src port 80\)

The backslashes are needed to excape the parentheses, as they would otherwise be interpreted by the shell. Replace both instances of 192.168.1.2 with the local IP address of the Linux server, and only packets to and from the local web server will be captured.

hudsonrecords · 01-25-2014, 11:42 AM

Quote:

Let me see if I got this right:

* The web server is running on port 80 on the Linux server
* You can access this web site from a local computer or a smartphone using the URL http://<server_IP_address>
* You forwarded port 8080 on the router to port 80 on the server
* After setting up port forwarding, you could also access the site via http://<public_IP_of_router>:8080 while connected to the local network

You were/are unable to access the URL http://<public_IP_of_router>:8080 from the Internet, but got a 504 error message

* Yes, the web server is running on port 80 on the Linux server, which is my notebook PC.
* I can access the site from a local PC or smartphone on the the same network using either the internal or external IP address. If I disable wifi on my smartphone to use the mobile carrier's internet service, I cannot connect, though the previously posted tcpdump shows some sort of connection activity. I was very surprised that I was able to use the external IP address on other PCs on the network because when I set up a server years ago, I had to use a site like proxify.com to test the server externally (from a PC on the network).
* I am now forwarding from port 80 on the router so I don't have to include the port in the URL.
* Yes, after setting up port forwarding, I could access the site while connected to the local network. Using port 80, I could simply use <server_IP_address> or <public_IP_of_router>. From outside the network, I tested using <public_IP_of_router> and http://<public_IP_of_router> and get the 504 error message.

Using your second tcpdump command, I didn't see any output when I tried to connect.

I uninstalled dropbox. Now tcpdump does not generate any output when I try to connect with my smartphone from outside the network.

I tried port 3389 with no luck. When I spoke to ISP yesterday, I was expecting the rep to tell me that port 80 was blocked, as it was with my previous ISP, Optimum Online.

Thanks for your help. I'm going to back and test with Windows/IIS. The last time I tried, it didn't work there, either.

Solution: don't include the external ip address in the port forwarding screen -- only the port number(s).

Steve