LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-24-2014, 03:08 PM   #1
Necrophagos
LQ Newbie
 
Registered: Feb 2014
Posts: 2

Rep: Reputation: Disabled
Can't access my webserver through external IP


Hi there,

I have some weird routing issue that I don't understand and can't solve.

I have an apache2 running on a debian7 machine in my homenetwork. my cablerouter forwards port 80 to that machine. people from the internet can access the websever. I can access it with the local 192.168.. address but I can't access it via the external ip.
somehow the server doesn't know how to answer back.

this is the server's routing table
Code:
philipp@scenicxb:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
I deleted the latter entry and when I do that I can access my webserver with the external ip but not anymore with the local ip.

What I'd want is to be able to access the service with either ip, internal or external.

I appreciate any help I can get.

Here is some more detailed information on the server's network setup. (eth0 is an unused nic) if you need any more info please tell me.

Code:
philipp@scenicxb:~$ sudo ifconfig -a
eth0      Link encap:Ethernet  Hardware Adresse 00:30:05:2d:e9:68
          BROADCAST MULTICAST  MTU:1500  Metrik:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  Hardware Adresse 00:0c:f6:48:a9:1c
          inet Adresse:192.168.0.187  Bcast:192.168.0.255  Maske:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX packets:33816930 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40044411 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX bytes:3983993477 (3.7 GiB)  TX bytes:246395488 (234.9 MiB)
          Interrupt:17 Basisadresse:0x3000

lo        Link encap:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metrik:1
          RX packets:125 errors:0 dropped:0 overruns:0 frame:0
          TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0
          RX bytes:7251 (7.0 KiB)  TX bytes:7251 (7.0 KiB)

philipp@scenicxb:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth1
auto eth1
iface eth1 inet static
        address 192.168.0.187
        netmask 255.255.255.0
        gateway 192.168.0.1

philipp@scenicxb:~$ cat /etc/sysctl.d/disable-ipv6.conf
net.ipv6.conf.all.disable_ipv6=1

Last edited by Necrophagos; 02-24-2014 at 03:17 PM.
 
Old 02-24-2014, 04:50 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,225

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Run tcpdump on the server and the local host and check the source and dest addresses on the request and response. Most likely requests are forwarded through the router but responses are not being returned correctly because of address mismatch.
 
Old 02-24-2014, 05:39 PM   #3
Necrophagos
LQ Newbie
 
Registered: Feb 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thx for your reply

I ran, tcpdump on the server. my clients are windows I'll have to check what to use there. maybe wireshark.

Code:
philipp@scenicxb:~$ sudo tcpdump -vvi eth1 | grep http
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
    192.168.0.10.5212 > 192.168.0.187.http: Flags [S], cksum 0x62a9 (correct), seq 1252199176, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5212: Flags [S.], cksum 0x823c (incorrect -> 0x45a3), seq 3254600174, ack 1252199177, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5212 > 192.168.0.187.http: Flags [R], cksum 0x6dc6 (correct), seq 1252199177, win 0, length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [S], cksum 0x259a (correct), seq 3866537026, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5213: Flags [S.], cksum 0x823c (incorrect -> 0xd0f7), seq 3013707750, ack 3866537027, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [R], cksum 0xf3a8 (correct), seq 3866537027, win 0, length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [S], cksum 0xdf5c (correct), seq 2121947771, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5214: Flags [S.], cksum 0x823c (incorrect -> 0x4229), seq 93683332, ack 2121947772, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [R], cksum 0x672f (correct), seq 2121947772, win 0, length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [S], cksum 0x259a (correct), seq 3866537026, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5213: Flags [S.], cksum 0x823c (incorrect -> 0xc8e6), seq 3060567340, ack 3866537027, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [R], cksum 0xf3a8 (correct), seq 3866537027, win 0, length 0
    192.168.0.10.5212 > 192.168.0.187.http: Flags [S], cksum 0x62a9 (correct), seq 1252199176, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5212: Flags [S.], cksum 0x823c (incorrect -> 0xf262), seq 3301610081, ack 1252199177, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5212 > 192.168.0.187.http: Flags [R], cksum 0x6dc6 (correct), seq 1252199177, win 0, length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [S], cksum 0xdf5c (correct), seq 2121947771, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5214: Flags [S.], cksum 0x823c (incorrect -> 0xd7e6), seq 140699129, ack 2121947772, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [R], cksum 0x672f (correct), seq 2121947772, win 0, length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [S], cksum 0x39a3 (correct), seq 3866537026, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5213: Flags [S.], cksum 0x8238 (incorrect -> 0x629d), seq 3154313705, ack 3866537027, win 14600, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.10.5213 > 192.168.0.187.http: Flags [R], cksum 0xf3a8 (correct), seq 3866537027, win 0, length 0
    192.168.0.10.5212 > 192.168.0.187.http: Flags [S], cksum 0x76b2 (correct), seq 1252199176, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5212: Flags [S.], cksum 0x8238 (incorrect -> 0x8aba), seq 3395356797, ack 1252199177, win 14600, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.10.5212 > 192.168.0.187.http: Flags [R], cksum 0x6dc6 (correct), seq 1252199177, win 0, length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [S], cksum 0xf365 (correct), seq 2121947771, win 8192, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.187.http > 192.168.0.10.5214: Flags [S.], cksum 0x8238 (incorrect -> 0x95a9), seq 234698406, ack 2121947772, win 14600, options [mss 1460,nop,nop,sackOK], length 0
    192.168.0.10.5214 > 192.168.0.187.http: Flags [R], cksum 0x672f (correct), seq 2121947772, win 0, length 0
^C108 packets captured
110 packets received by filter
0 packets dropped by kernel


philipp@scenicxb:~$ ping 192.168.0.10
PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data.
64 bytes from 192.168.0.10: icmp_req=1 ttl=128 time=0.142 ms
64 bytes from 192.168.0.10: icmp_req=2 ttl=128 time=0.182 ms
64 bytes from 192.168.0.10: icmp_req=3 ttl=128 time=0.178 ms
^C
--- 192.168.0.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.142/0.167/0.182/0.020 ms
I tried to visit my server through the browser (using the external ip adress) and this was the output that tcpdump produced. there are occasions of incorrect checksums but I actually don't know what that means.

192.168.0.187 is the server
192.168.0.10 is the client

Last edited by Necrophagos; 02-24-2014 at 05:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables issue? want to allow external access to a webserver moekad Linux - Server 11 11-20-2009 09:51 AM
Can't access my apache2 webserver using external address from LAN eldoran Linux - Networking 6 10-26-2008 04:51 PM
External IP and apache webserver cramer Linux - General 5 11-21-2007 12:12 PM
Cannot see my webserver using the external IP address shazam75 Linux - Networking 12 09-30-2005 09:32 PM
apache webserver - can see from internal but not external filpee Linux - Networking 5 03-20-2005 01:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration