Dear All,
I am a newbie to linux of 4 weeks. I set up my first web server and it works flawlessly - when accessed from external network or from other computers on my lan. However, I cannot access it from the computer where the server is run on. I have found numerous people with similar problems but the flavour I am experiencing is somewhat different and no solutions I have found apply to it.
I have two network interfaces on my server, eth0 (public static IP connected to internet) and eth1 connected to LAN 192.168.1.0/24 range. The server is 192.168.1.1
I added "192.168.1.1 www.server.com" to the /etc/hosts on the server and also on the other machines on the LAN. All the other machines can open website without any problem.
HOwever, the server itself only opens website if the address is localhost. Internal IP, i.e. 192.168.1.1. gets a time out and so does
www.server.com.
Here is the firewall script I am using.
#!/bin/sh
#
# Example Firewall Script
###############################################################
### Define interfaces here
EXT_DEV=eth0
INT_DEV=eth1
INT_NET=192.168.1.0/24
### Remove all previous rules, and delete any user defined chains
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
### Set the default policies to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
### Loopback device OK
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
### Allow all ICMP Traffic (optional) - IN, OUT and THROUGH.
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT
### Allow all Internal traffic to Server
iptables -A INPUT -i $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
iptables -A OUTPUT -o $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
###############################################################
### OUTBOUND Rule: Allow ALL packets out the external device
iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT
###############################################################
### SNAT forwarding
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j SNAT --to-source XX.XX.XX.XX
###############################################################
### INBOUND Rule: Allow ALL EXT packets if a connection already exists (See "NEW" Inbound Rules)
iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
#
### INBOUND Rules: Allow ONLY NEW packets on these ports.
#
# New INBOUND Connection: Samba from eth1
iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 139 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 445 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
# New INBOUND Connection: SMTP and SMTPS (over TLS/SSL)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT
# New INBOUND Connection: POP3 (port 110) or POP3S (port 995)
#iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 110 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 995 -j ACCEPT
# New INBOUND Connection: IMAP (port 143) or IMAPS (port 993)
#iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 143 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 993 -j ACCEPT
# New INBOUND Connection: HTTP (Plain and SSL)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT
I do not understand why the record in etc/hosts doesn't point it in the right direction. It seems that when I open address 192.168.1.1 it still gets routed to the external network. I have seen using DNAT to deal with the problem but it didn't work in my case (maybe I didn't do it correctly). I have spent whole evening/night trying to sort it out, it's 4AM now, going to bed frustrated and angry (at myself hahaha). Still like linux very much, won't be going to windows anymore. Please help