LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-05-2004, 08:54 PM   #1
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Rep: Reputation: 0
cannot access web server from LAN


Hi there,

Why did my pc in LAN cannot access a website in the webserver that are using a real ip that is not even sit behind the firewall, but still through the 3rd network card in firewall server.

The website is succesfull access by the internet but not the intranet.

Why is it happen? Is that because of my iptables rules??

Thanks in advance.
 
Old 09-06-2004, 12:35 AM   #2
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
yes if its on the third nic then that means that its mostly a DMZ and you would have no need of going to it because its for your own protection. Thats what they are there for, but yes if you wanted to get access to that webserver a few iptables rules will let you have access to it.
 
Old 09-06-2004, 01:20 AM   #3
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
It is seems to be as a DMZ, but it didn't located behind the firewall and i never do any ip aliasing.

The ip configuration is such like this :

EXTERNALIF = "eth0"
EXTERNALADDR = "201.139.100.90"

INTERNALIF = "eth1 \ eth2"
INTERNALADDR = "192.168.1.251 \ 201.139.31.250"

which the web server is in the same range of ip with eth2 (dmz)

and I put some rules as simple as this for port fowarding:

$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d 201.139.31.2 --dport 80 -j DNAT --to 2011.139.31.2:80
$IPTABLES -A FOWARD -i $EXTERNALIF -p tcp -d 201.139.31.2 --dport 80 -j ACCEPT


I try to use the same rules for LAN, which i just switch the EXTERNALIF to INTERNALIF, but it didn't work.

Do anybody can suggest me what is the exact rules for this

Thanks in advance
 
Old 09-06-2004, 01:25 AM   #4
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
$IPTABLES -A FOWARD
see if it makes a differences when you spell it correctly
FORWARD
 
Old 09-06-2004, 01:34 AM   #5
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
i'm sorry...i misspelt it in this forum but not in the iptables..
 
Old 09-06-2004, 01:40 AM   #6
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
what are the effective ip addresses of all the interfaces
eth0
eth1
eth2
just give me the last 2 octets.
 
Old 09-06-2004, 01:45 AM   #7
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
is this what u mean??

eth1 = "192.168.1.0/24"
eth2 = "201.139.31.0/24"

I'm sorry zatriz, but i don't understand what do u mean by effective ip addresses.
 
Old 09-06-2004, 01:48 AM   #8
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
when you do ifconfig on the actual firewall what are the ip addreses there
and what is 201.139.31.2 for
 
Old 09-06-2004, 01:55 AM   #9
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
eth0 = 201.139.100.90 (1st NIC) - this card going out to internet (EXTERNALIF)
eth1 = 192.168.1.251 (2nd NIC) - this card is for LAN (DHCP)
eth2 = 201.139.31.250 (3rd NIC) - this is for DMZ (for server farm)

And 201.139.31.2 is ip address for the web server that i put it in the same vlan and same range with the 3rd card.

Hope this will answer you.

Thank you
 
Old 09-06-2004, 09:35 PM   #10
karunesh
Member
 
Registered: Jan 2002
Location: India
Distribution: CentOS/Mandriva
Posts: 126

Rep: Reputation: 15
Pls post your complete firewall(iptables) rule list...
 
Old 09-06-2004, 11:57 PM   #11
puding
LQ Newbie
 
Registered: Aug 2004
Posts: 10

Original Poster
Rep: Reputation: 0
unfortunately, yesterday we changed the firewall tu win2k server, it's a direction from my it administrator from the center. recently i'm a little bz with the conversation process. can karunesh give me your mail, i'll provide to you the iptables rules...
thank u
 
Old 09-07-2004, 12:06 AM   #12
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
Im thinking you need a rule to do nat to the dmz from local network
so from eth1 to eth2

$IPTABLES -A PREROUTING -t nat -i eth1 -p tcp -d 201.139.31.2 --dport 80 -j DNAT --to 2011.139.31.2
$IPTABLES -A FORWARD -i eth1 -p tcp -d 201.139.31.2 --dport 80 -j ACCEPT
might do it but yeah post your whole iptables ruleset
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 05:11 PM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 11:27 AM
web server through lan zdos Linux - Software 3 05-24-2004 12:08 PM
LAN Only Web Server Questions bmrust Linux - Newbie 9 03-25-2004 09:59 AM
Can't access Linux web server web pages from LAN client jaydave Linux - Networking 4 03-16-2003 02:38 AM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration