LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 10-19-2004, 10:25 PM   #1
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Rep: Reputation: 0
Unhappy Unable to connect to Website Once outside the network


Dear all experts,

I am now facing a problem with my web server. I have no problem connecting to my website within the company network but once I try to connect from outside, it will say "The requested URL could not be retrieved". But I have no problems with PING from inside and outside the network.

I have looked thru the forum and some of them is also facing this problem. I tried their methods and it still doesn't work. And also I have just configured the following, but still it doesn't work either.

<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks
Order deny,allow
AllowOverride None
Allow from all
</Directory>

My firewall is currently enabled, and WWW (http) is my trusted services, eth0 is my trusted device. As for iptables, I Accept connections coming for port 80.

No luck too when I turned off the firewall and iptables.

This is my site.. enterprise.ise.nus.edu.sg (if anyone can see this site, pls let me know =) )

I got a friend to do a tracert for me and this is the results. (but i don't if this can contribute to solving the problem)

At #15, it manages to reach nusnet-3-193.dynip.nus.edu.sg but after it got timeout . What does this mean?
-------------------------------------------------------------------------------------
1 2 ms 2 ms 1 ms host-203-92-100-167.lga.net.sg [x.x.x.x]

2 16 ms 16 ms 16 ms host-203-92-91-53.lga.net.sg [x.x.x.x]

3 21 ms 21 ms 19 ms host-203-92-90-226.lga.net.sg [x.x.x.x]

4 22 ms 20 ms 19 ms host-203-92-84-25.lga.net.sg [x.x.x.x]

5 19 ms 32 ms 24 ms host-203-92-84-18.lga.net.sg [x.x.x.x]

6 41 ms 229 ms 189 ms 61.8.233.173

7 22 ms 26 ms 25 ms ge-1-0-0.r00.sngpsi01.sg.bb.verio.net [x.x.x.x]

8 206 ms 187 ms 190 ms p1-0-1-2.r80.sttlwa01.us.bb.verio.net [x.x.x.x]

9 195 ms 204 ms 227 ms p16-1-1-1.r21.sttlwa01.us.bb.verio.net [x.x.x.x]

10 212 ms 195 ms 187 ms p16-2-0-0.r03.sttlwa01.us.bb.verio.net [x.x.x.x]

11 228 ms 224 ms 210 ms p1-0.usngp.sttlwa01.us.bb.verio.net [x.x.x.x]

12 178 ms 186 ms 186 ms pos1-0.pgp-cr1.singaren.net.sg [x.x.x.x]

13 192 ms 197 ms 194 ms ge3-9.pgp-dr1.singaren.net.sg [x.x.x.x]

14 204 ms 289 ms 258 ms nus-pgp-border.singaren.net.sg [x.x.x.x]

15 188 ms 186 ms 190 ms nusnet-3-193.dynip.nus.edu.sg [x.x.x.x]

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 182 ms 188 ms 190 ms enterprise.ise.nus.edu.sg [x.x.x.x]
 
Old 10-19-2004, 10:35 PM   #2
emailssent
Member
 
Registered: Sep 2004
Posts: 312

Rep: Reputation: 30
Check ur DNS ip address entry !


-jack
 
Old 10-19-2004, 11:01 PM   #3
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
How will I know that my entry is correct? Any guides?
 
Old 10-19-2004, 11:07 PM   #4
emailssent
Member
 
Registered: Sep 2004
Posts: 312

Rep: Reputation: 30
Which distro r u using ?

===============
For Mandrake 9.2

# cat /etc/resolv.conf

nameserver 192.168.1.2
------------------------------

above ip is the address my DNS.

Try finding the reolv.conf or related file as per ur distro and put ur DNS entry over there.


-jack
 
Old 10-19-2004, 11:15 PM   #5
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
I am using RHEL 3

my /etc/resolv.conf shows

nameserver 137.132.123.4
nameserver 137.132.5.2
; generated by /sbin/dhclient-script
domain enterprise.ise.nus.edu.sg
search nus.edu.sg
 
Old 10-19-2004, 11:26 PM   #6
darthtux
Senior Member
 
Registered: Dec 2001
Location: 35.7480 N, 95.3690 W
Distribution: Debian, Gentoo, Red Hat, Solaris
Posts: 2,070

Rep: Reputation: 45
Looks like to me the tracert hit your site. The three with * * * just mean those routers weren't returning those requests. But the last was was your web server.

Your DNS info is correct. I found it on http://www.dnsstuff.com/

May be a firewall issue.
 
Old 10-19-2004, 11:45 PM   #7
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
I ran the dnsreport and results is

[ERROR: The parent servers say that the domain enterprise.ise.nus.edu.sg does not have any NS records (although they may have some other information on that zone). I can not do a DNS report on a hostname (such as mail.example.com) or a domain name that does not have its own zone.]

Can someone explain to me, in layman terms.

I am rather bad with all these networking details.
 
Old 10-20-2004, 12:47 AM   #8
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
ise.nus.edu.sg is your domain name. A "registered" domain name must list the authoritative name servers that will answer DNS queries for that domain name. This is done using Name Server (NS) records.
...while
enterprise.ise.nus.edu.sg is a host within the above domain space. AKA: fully qualified domain name (fqdn) Host entries are referenced with address (A) records in DNS, not NS reocrds. This is why dnsreport gave you the error you posted. Try using dnsreport again using your domain name instead. The only error I saw was the lack of MX records.
 
Old 10-20-2004, 02:01 AM   #9
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
Actually, nus.edu.sg is our domain name

We got 2 servers, one is www.ise and the other is of course belongs to me, enterprise.ise

So am I right to say I must get the people at nus.edu.sg to add enterprise.ise to their DNS?
 
Old 10-20-2004, 09:56 AM   #10
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Quote:
Actually, nus.edu.sg is our domain name
nus.edu.sg is your Top Level Domain (TLD). There are other delegated domains below nus.edu.sg (like ise).

Currently, enterprise.ise.nus.edu.sg is listed as a host (address record) within the domain ise.nus.edu.sg, not a domain name. If your goal is to create a domain name enterprise.ise.nus.edu.sg, then you would need to contact the DNS admin at ise.nus.edu.sg. The DNS admin would then have to add the proper delegation records (NS records) that point to the authoritative name servers for enterprise.ise.nus.edu.sg. See below:
Code:
[scowles@excelsior scowles]$ dig +short enterprise.ise.nus.edu.sg a             
137.132.166.170
[scowles@excelsior scowles]$ dig +short enterprise.ise.nus.edu.sg ns
[scowles@excelsior scowles]$
[scowles@excelsior scowles]$ dig +trace enterprise.ise.nus.edu.sg ns
 
; <<>> DiG 9.2.3 <<>> +trace enterprise.ise.nus.edu.sg ns
;; global options:  printcmd
.                       487422  IN      NS      K.ROOT-SERVERS.NET.
.                       487422  IN      NS      L.ROOT-SERVERS.NET.
.                       487422  IN      NS      M.ROOT-SERVERS.NET.
.                       487422  IN      NS      A.ROOT-SERVERS.NET.
.                       487422  IN      NS      B.ROOT-SERVERS.NET.
.                       487422  IN      NS      C.ROOT-SERVERS.NET.
.                       487422  IN      NS      D.ROOT-SERVERS.NET.
.                       487422  IN      NS      E.ROOT-SERVERS.NET.
.                       487422  IN      NS      F.ROOT-SERVERS.NET.
.                       487422  IN      NS      G.ROOT-SERVERS.NET.
.                       487422  IN      NS      H.ROOT-SERVERS.NET.
.                       487422  IN      NS      I.ROOT-SERVERS.NET.
.                       487422  IN      NS      J.ROOT-SERVERS.NET.
;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 53 ms
 
sg.                     172800  IN      NS      auth02.ns.uu.net.
sg.                     172800  IN      NS      ds.nic.net.sg.
sg.                     172800  IN      NS      ns.ripe.net.
sg.                     172800  IN      NS      ns1.pacific.net.sg.
sg.                     172800  IN      NS      dnssec5.singnet.com.sg.
;; Received 260 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 149 ms
 
edu.sg.                 86400   IN      NS      ds.nic.net.sg.
edu.sg.                 86400   IN      NS      ns1.pacific.net.sg.
edu.sg.                 86400   IN      NS      ns2.pacific.net.sg.
edu.sg.                 86400   IN      NS      pridns.cyberway.com.sg.
edu.sg.                 86400   IN      NS      secdns.cyberway.com.sg.
edu.sg.                 86400   IN      NS      dnssec5.singnet.com.sg.
edu.sg.                 86400   IN      NS      dnssec6.singnet.com.sg.
edu.sg.                 86400   IN      NS      ns1.cwasia.net.sg.
edu.sg.                 86400   IN      NS      ns2.cwasia.net.sg.
edu.sg.                 86400   IN      NS      sgsec.lga.net.sg.
;; Received 414 bytes from 198.6.1.82#53(auth02.ns.uu.net) in 91 ms
 
nus.edu.sg.             86400   IN      NS      dnssec1.singnet.com.sg.
nus.edu.sg.             86400   IN      NS      dnssec2.singnet.com.sg.
nus.edu.sg.             86400   IN      NS      dnssec3.singnet.com.sg.
nus.edu.sg.             86400   IN      NS      ns1.nus.edu.sg.
nus.edu.sg.             86400   IN      NS      ns2.nus.edu.sg.
;; Received 237 bytes from 202.42.194.205#53(ds.nic.net.sg) in 265 ms
 
ise.nus.edu.sg.         7200    IN      NS      nuscc.nus.edu.sg.
ise.nus.edu.sg.         7200    IN      NS      id4.nus.edu.sg.
;; Received 113 bytes from 165.21.83.11#53(dnssec1.singnet.com.sg) in 260 ms
 
ise.nus.edu.sg.         28800   IN      SOA     id4.nus.edu.sg. dnsadmin.id4.nus.edu.sg.
 2004091602 3600 1800 604800 28800
;; Received 92 bytes from 137.132.5.2#53(nuscc.nus.edu.sg) in 256 ms
Note that the SOA record was returned, not the NS record. Meaning the delegation (NS records) for enterprise.ise.nus.edu.sg. does not exist at ise.nus.edu.sg. Again, this is why dnsreport gave you the error message you posted. It could not find the NS records for your domain name. So based on the SOA above, you would need to contact dnsadmin@id4.nus.edu.sg and have that person add the proper delegation records (NS) for domain enterprise.ise.nus.edu.sg. In addition, you (or the dns admin) would also have to setup the authoritative name servers to answer all queries for the domain enterprise.ise.nus.edu.sg.
 
Old 10-20-2004, 08:12 PM   #11
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
Ok. I will check with the respective peoples first. It might take me a few days.
 
Old 10-21-2004, 04:57 AM   #12
BillJennings
Member
 
Registered: Oct 2004
Location: Big River, California, USA
Distribution: Debian
Posts: 48

Rep: Reputation: 15
It appears that enterprise.ise.nus.edu.sg (137.132.166.170) is being seriously firewalled. According to nmap: all priveledged ports (ones less than 1024) are filtered except: 113/tcp auth, 389/tcp ldap, 522/tcp ulp,
577/tcp vnas which are all closed.

In fact, the only open ports on this IP address at all are:

6000/tcp open X11
7100/tcp open font-service
8000/tcp open http-alt
32773/tcp open sometimes-rpc9

and these you may not want open.

If you request a web page on port 80000, it closes the connection without a response.

Hope this helps.

Bill Jennings
 
Old 10-21-2004, 09:48 PM   #13
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
But when I do a nmap on myself, this is what i get

Port State Service
22/tcp open ssh
80/tcp open http
199/tcp open smux
443/tcp open https
6000/tcp open X11
7100/tcp open font-service
32773/tcp open sometimes-rpc9

Could it be the firewall at nus.edu.sg that is blocking the incoming request?
 
Old 10-22-2004, 02:22 AM   #14
BillJennings
Member
 
Registered: Oct 2004
Location: Big River, California, USA
Distribution: Debian
Posts: 48

Rep: Reputation: 15
When you nmap yourself, where are you coming from?

When I traceroute (ICMP) to 137.132.166.170 from the internet at large, I get through (with three routers just before 137.132.166.170 not responding). BUT... when I tcptraceroute (ssh) to 137.132.166.170, it dies just after nus-pgp-border.singaren.net.sg (202.3.135.130). The next hop in the ICMP traceroute is nusnet-3-193.dynip.nus.edu.sg (137.132.3.193). Judging by the name, I'd say that the edge router for singaren.net.sg is trying to protect it's dynamically-assigned customers/students (e.g. nusnet-3-193.dynip.nus.edu.sg) by firewalling the bejesus out of all incoming traffic.

They may not want you running a server there.

Hope this helps.

Bill Jennings
 
Old 10-22-2004, 02:42 AM   #15
jc_neo
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
oops.. stupid me. I nmap myself in the nus.edu.sg network. Of coz I get reach myself.

Since you mention about ICMP, I've got a line in my iptables stating

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Is this line the culprit?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to connect to network Printer (CNet 430) chhorn Linux - Hardware 0 11-10-2004 09:29 PM
Unable to connect to network vaber Linux - Newbie 4 09-08-2003 11:31 PM
im having a "unable to connect to network agent error Josh11111 Linux - Newbie 0 12-04-2002 10:04 PM
Unable to access to a website on apache web server bisbane Linux - Networking 3 07-11-2001 09:18 AM
Unable to access to a website on apache web server bisbane General 3 07-10-2001 11:03 AM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration