Hi there,

First of, I'm not entirely sure this is the right forum to post my question but I AM a newbie

I'm currently working as an intern and got the assignment to set up a webserver with some other appz for students.
This is the first time I'm really using Linux, Debian 3.1 Sarge to be precise. Anyway... this is my problem:

When my server is in a LAN with a WinXP machine... I can connect to it with no problem, webserver is working, SSH is working, x-forwarding stuff... it all works fine.
Now when I take this lone Debian machine and plug it into the Internet with the specified IP from my networkadmin the following happens:

FROM the Debian machine I can browse like there is no tomorrow... But there's no way I can connect to it's webserver or SSH when I try to at home... all I get is time outs when I try to connect to the specified IP.
You might say.. "well that's maybe because your networkadmin is blocking stuff" but he assures me everything is open, he's not blocking anything... at least... not to the IP he assigned to me. (No comments on security pls , I'll deal with that later... this server is just for testing and alone in the range the IP is in).

Now I figure I'm just overlooking stuff... but I don't know what... I edited the host.allow file to:
ALL: *

As I understood, this will allow ANYONE to have access (again...security will come later...).

So... could anyone correct me if I'm wrong and give me some hints to what to look at to solve my problem?

Some questions:
- could you just try a portscan of your server. ( use nmap or something like that)
- Is there any logging on the machine?
- Can you ping the server from home?
- Try a website like ....................... www.dnsstuff.com and ping / trace the server on its public adress. ( this to rule out your home pc of being rotten )

I did run nmap before it was hooked to the internet and confirmed the needed ports were open... probably even more then is needed... but these are open for sure:

22 - SSH
80 - HTTP

Logging... ok.. have to check that...

Pinging wasn't possible. According to the networkadmin they made it such that the network isn't pingable... so even if I'd ping and there wouldn't be any problems, I still wouldn't get a pingreply.

My homepc being rotten isn't the problem I think... haven't tested it yet but I dare to say I'm in the clear on that point But it won't hurt to check. I also had someone else try to connect to the machine this morning when it was still hooked up on the internet but no joy there either.
We also had a Win2003 server here... when we hooked it up using the IP that was issued, all worked fine, outgoing en incoming...

I spoke to a friend of mine who has more, if not alot more experiance with Debain (no offence to anyone trying to help me, I'm not insinuating anything here ) than I have and he figured it might be something like this:

When the Debian server is in my own LAN it has the ip 192.168.1.11 ... now before hooking it up to the internet, I change this manually to the IP issued by the networkadmin. This friend of mine thinks that the services running are still using the local IP and not the newly issues IP. He suggests to reboot the machine first after changing IP's...and be sure non of the config files contain IP's.

Now before I leave for home, I'll hook it up again to the Internet and try again.

Well... " I was wondering if there was anything that could push my headache to a full blown migraine... and there you go"

I've tested some more and together with my networkadmin we found out it's probably not the debian server but that is has to do with the ppl upstairs (he admins the network on this location but is also bound to rules and regulations forced upon him from the larger organisation). Apperantly there are just a x-number of IP's available for connecting directly to the internet, IP's we are not allowed to use. These IP's however ARE used to gain access to the win2003 servers availible eventhough they use an address that isn't directly hooked to the internet... there is some routing going on (which is logical IMHO) but nobody can give us an answer on how this is exactly done....

Don't know if this makes any sense but as I figure it... I've got to battle some people who have set the rules and are in charge of the routing/networking for the entire organisation and not with my Debian.

It's always nice to have people tell you that this and that can be done... but when you try it, it can't because well, they aren't doing what they say they are doing, which, as it seems, is the case here.

I'll post an update when I find out more... and know if it's a routing problem beyond my control or if it's a problem with my debian config.

Tnx for the help so far

ok...

The method of testing may not be the most efficient but at least I was able to rule somethings out.
Yesterday I hooked up my winXP with a quickly installed Apache server to the internet. Now when I came home I entered the IP that was specified for outside access (NOTE: this is NOT the IP that I was told to use for the machines I want to hook up to the internet) and there was my testing page...
So I conclude that it doesn't have to do with any routing outside my controle like I feared yesterday but it does have something to do with my Debian config.

To clarify:

I get an IP for the server *.*.*163 with subnetmask 255.255.255.240 and it's gateway *.*.*.161 ... now when connecting from the Internet... I have to use *.*.*.142. Everything that is requesting HTTP is send to my *.*.*.163.
It works fine with the WinXp and Apache.. but not with my Debian and Apache...

(*.*.* are all the same here... don't ask me why... that's the way they set it up... Even for some internal addresses, which, I wouldn't do myself... but that's an other discussion I think).

I'll go back to my Debian server and try to figure this out...

Host ... now it only contains 127.0.0.1 localhost.localdomain localhost debian ... should I add the IP that was issued to me?

hosts.allow I still don't get... when I leave everything commented out, I still can access the webserver over LAN.
Is it really neccesairy(sp?) to use hosts.allow?? If it's left blank(like I did with the LAN), doesn't it allow everything by default? I wasn't able to find anything on that... but I could be blind.

I'll do some more searching for answers today, hoping I will find some myself without asking

Thanks in advance for any help.

You have HTTP port open from outside. Try to give an HTTP command manually and see if there's a result. To do this you just need a simple telnet client. From your outside machine:
telnet *.*.*.142 80
(You need to telnet to port 80, not the standard one)
Then a simple HTTP request:
GET /
and press Enter two times. You should get HTML code of an welcome page.

Thanks again for moving it.

I'll try that coming monday, if I have the time to hook it up again and have my other work sorted (got a report due next friday :S).

Will give an update when I get around to it... It's going to be a busy week.

Hi there,

Well I finally had time to test everything again.
Telnet to port 80 and issueing GET shows the HTML-code and everything. But that was to be expected after seeing the page in my browser after hooking the server up to the Internet.

Now it turns out that probably the UTP interface on the NIC that's used for the external connection wasn't what you would call top notch... I replaced the NIC, used the IP's that were issued to me (a different set btw) and there she went.

I conclude that the problem I was having was a combination of not using the correct IP's (the admin was a bit disorganized on that point...) and a malfunctioning NIC, not software/OS related.

Thank you again for the tips/hints