Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-01-2010, 10:38 AM
|
#1
|
LQ Newbie
Registered: Nov 2008
Posts: 6
Rep:
|
NAT Forwarding Issue (SYN_SENT)
My setup is as follows:
I have an outside WAN connection on the /29 subnet on eth1 of my Endian Linux router (for the most part, an IPTables based router) and an internal connection on the /24 subnet on eth0 of the router. I set up an SNAT masquerade and I can successfully access the internet on computers on my internal /24 network.
I am relatively well versed in firewalls and NAT so I proceeded to set up a DNAT in order to forward packets from the external interface to my internal web server on port 80. I also set up a firewall rule to allow the movement of TCP packets on port 80 into the internal network.
Unfortunately, I cannot seem to connect to the web server through the external IP. I monitored the TCP packets through the Endian interface and also lsof and found that the TCP packets were being destroyed in the SYN_SENT state, whereas they never received a TCP "handshake" (SYN/ACK) from the internal web server in order to begin TCP transmission. For the life of me, I cannot figure out why this is happening.
Some additional notes, the router feeds into the /24 network through a Cisco Catalyst switch. I currently have a Draytek "dumb" router fully functioning including NAT, firewall and IPSec VPN. This router has no trouble forwarding packets to the web server and is currently in production. Also, I tested this same appliance with a Vyatta linux firewall and received the same SYN_SENT packet problem so I don't believe it is a firewall configuration problem.
Feel free to ask if you need any additional information.
Thanks in advance for your help.
|
|
|
07-02-2010, 10:36 AM
|
#2
|
Member
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208
Rep:
|
Can you please post the output of:
Code:
ifconfig
ip route
iptables-save
|
|
|
07-02-2010, 10:58 AM
|
#3
|
Senior Member
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571
Rep:
|
Check, what IP your forwarded port 80 on router to. May be it is not IP of your web server?
|
|
|
All times are GMT -5. The time now is 07:39 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|