Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have two pc's, one with slackware and one with arch, and i`m trying to access the web server from the archlinux machine but i haven't manage to do that. the archlinux machine is connect to the internet via the slackware machine via a crossover cable
internet > eth0 (pc1) and ppp0 (the PPPoE connection, pc1) > eth1 (pc1) > eth0 (pc2)
pc1:
ifconfig eth1 192.168.0.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT
pc2:
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
ifconfig eth0 up
route add default gw 192.168.0.1 eth0
/etc/resolv.conf (The same DNS as the first PC)
and now the internet is working and on the archlinux machine, but i`m not able to access the web server from lan with a public ip..
i tried many iptables port forwarding commands but none worked..
Ah, I think I understand what you're attempting to do now.
You're not trying to forward traffic from the public IP to the web server, but rather only trying to connect to the web server with a browser or whatever from your internal system.
Let's see what is going on with the network. Open two terminals on your Slackware system and enter one these commands in each as root:
tcpdump -nni eth0 port 80
tcpdump -nni eth1 port 80
Then attempt to connect via whatever method you were using.
I've got a theory that might apply here, but let's narrow things down a bit before we dig into that.
Last edited by devwatchdog; 02-03-2010 at 01:51 PM.
A few other questions I have regard to the web server. Is this web server accessible from a public IP address? Have you verified it is functioning properly?
This command will show what ports are open on your Slackware system:
(as root)
netstat -plantu
You will see port 80 in there somewhere.
I would imagine that you set the server up to where it is accessible on 192.168.0.1 as well -- can you access it from the Arch system at that address, or is the web server only available on the public IP address?
Is the public IP you have static, or are you going to use DynDNS or something to that effect to update a DNS server as to your IP for a domain? I'm wondering because if you're not going to assign a domain to the public IP address, it would be easier to access the server on the private IP address.
I wrote some code using Google Maps that needed a public IP address to request the information on the web page, as a private IP would not work when the request was sent to Google. I had to set up a hairpin NAT rule to handle the requests that came to the router from the private IP addresses to handle this traffic correctly. Otherwise, the web page would fail. Actually, any requests to the public IP and the domain hosted on the web server would fail. You might be seeing something similar, but I'm not sure as your situation is a little different. The web server is hosted in a DMZ, whereas yours is on the same device running iptables.
# tcpdump -nni eth0 port 80
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
cuz the internet is really coming from ppp0
Code:
# tcpdump -nni eth1 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
23:02:46.430499 IP 192.168.0.2.80 > 192.168.0.1.45617: Flags [F.], seq 792634877, ack 1802417389, win 764, options [nop,nop,TS val 563 ecr 4294925098], length 0
23:02:46.469975 IP 192.168.0.1.45617 > 192.168.0.2.80: Flags [.], ack 1, win 141, options [nop,nop,TS val 4294930104 ecr 563], length 0
23:02:49.540773 IP 192.168.0.1.45617 > 192.168.0.2.80: Flags [F.], seq 1, ack 1, win 141, options [nop,nop,TS val 4294933174 ecr 563], length 0
23:02:49.541155 IP 192.168.0.2.80 > 192.168.0.1.45617: Flags [.], ack 2, win 764, options [nop,nop,TS val 1496 ecr 4294933174], length 0
23:02:49.541272 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [S], seq 1950476995, win 5840, options [mss 1460,sackOK,TS val 4294933175 ecr 0,nop,wscale 7], length 0
23:02:49.541349 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [S.], seq 967532242, ack 1950476996, win 5792, options [mss 1460,sackOK,TS val 1496 ecr 4294933175,nop,wscale 4], length 0
23:02:49.541370 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1, win 46, options [nop,nop,TS val 4294933175 ecr 1496], length 0
23:02:49.541467 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [P.], ack 1, win 46, options [nop,nop,TS val 4294933175 ecr 1496], length 381
23:02:49.541607 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [.], ack 382, win 429, options [nop,nop,TS val 1496 ecr 4294933175], length 0
23:02:49.543898 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [P.], ack 382, win 429, options [nop,nop,TS val 1496 ecr 4294933175], length 1017
23:02:49.543959 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1018, win 62, options [nop,nop,TS val 4294933177 ecr 1496], length 0
23:02:49.589240 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [P.], ack 1018, win 62, options [nop,nop,TS val 4294933223 ecr 1496], length 456
23:02:49.590081 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [P.], ack 838, win 496, options [nop,nop,TS val 1510 ecr 4294933223], length 218
23:02:49.590126 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1236, win 78, options [nop,nop,TS val 4294933224 ecr 1510], length 0
23:02:49.594820 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [P.], ack 1236, win 78, options [nop,nop,TS val 4294933228 ecr 1510], length 458
23:02:49.595429 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [P.], ack 1296, win 563, options [nop,nop,TS val 1512 ecr 4294933228], length 218
23:02:49.634976 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1454, win 94, options [nop,nop,TS val 4294933269 ecr 1512], length 0
23:02:54.601302 IP 192.168.0.2.80 > 192.168.0.1.45618: Flags [F.], seq 1454, ack 1296, win 563, options [nop,nop,TS val 3014 ecr 4294933269], length 0
23:02:54.640979 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1455, win 94, options [nop,nop,TS val 4294938275 ecr 3014], length 0
http://79.xxx.xxx.xxx my public ip is still points to the slackware machine which acts as a router for arch machine.
what i`m trying to do is to make a web server accessible not only to me, but to others accessing my public ip, or a domain.. and i can`t manage to do this, all day long a tried various iptables commands for forwarding port 80 from the slackware machine to the arch machine...i run out of luck..
# tcpdump -nni eth0 port 80
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
cuz the internet is really coming from ppp0
Huh. I should have realized that the PPPoE connection was going to show up as ppp0, and used that as the interface in the tcpdump command.
127.0.0.1 (localhost/loopback) should only be reachable from the machine you are working on at the time.
Quote:
Code:
# tcpdump -nni eth1 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
23:02:46.430499 IP 192.168.0.2.80 > 192.168.0.1.45617: Flags [F.], seq 792634877, ack 1802417389, win 764, options [nop,nop,TS val 563 ecr 4294925098], length 0
23:02:46.469975 IP 192.168.0.1.45617 > 192.168.0.2.80: Flags [.], ack 1, win 141, options [nop,nop,TS val 4294930104 ecr 563], length 0
(snip)
23:02:54.640979 IP 192.168.0.1.45618 > 192.168.0.2.80: Flags [.], ack 1455, win 94, options [nop,nop,TS val 4294938275 ecr 3014], length 0
That's a good sign -- at least you know your web server is functioning.
Quote:
http://79.xxx.xxx.xxx my public ip is still points to the slackware machine which acts as a router for arch machine.
what i`m trying to do is to make a web server accessible not only to me, but to others accessing my public ip, or a domain.. and i can`t manage to do this, all day long a tried various iptables commands for forwarding port 80 from the slackware machine to the arch machine...i run out of luck..
On the web server itself, can you open a browser and access a web page by requesting the public IP? (the 79.xx.xx.xx number or whatever is assigned to ppp0)
As you know, you'll need an iptables entry to allow the web traffic to access port 80 with tcp traffic. We should take a look at your iptables configuration now.
Run these two commands and post the results. Shouldn't be too long as you don't have very many iptables rules.
iptables -nL
iptables -t nat -nL
Last edited by devwatchdog; 02-03-2010 at 03:59 PM.
I just realized that I was right the first time I posted. Your web server is hosted on your Arch system. I saw that port 80 was on 192.168.0.2 -- I thought it was 192.168.0.1
Hmmnn...then we need to look at the iptables rules on the Slackware system. Run the iptables commands that I mentioned in the post before this one. We can then see what your ruleset looks like.
The link I originally posted for the NAT rule is what we will have to do, plus add a rule to allow the traffic in. A NAT rule alone won't work -- although if you don't have any firewall rules it might. I hope you have firewall rules.
there's any solution to access the arch server from my slackware machine in any way thru the public ip (my domain still points to my slack machine, but from another pc not in the network works well)?
huh.. i tested and i can't connect anymore my public ip works only on localhost :|
Hmmnn...I think you are using the term 'localhost' in a way that is not consistent with generally accepted practice. localhost is the loopback interface (lo) on most systems, and can be found at the address 127.0.0.1. You should say something like this: I cannot reach the internet from my Arch system.
I drew a simple diagram so others will know what your network looks like. Your network is about as simple as they get, but the terminology used thus far has been confusing and complicates things far more than it should be.
There is a chance you had your firewall/nat rules set up correctly at one point or another, but since you were trying to test access to your web server from a system within your network, instead of asking someone with internet access to test it from an external source, it did not work.
You need to look at where ever your logs for apache are, and check out the error.log and access.log
Now we're looking at a situation where your network is broken, broken more than it was when we started because you no longer have internet access from your Arch system.
What have you changed in the meantime? What configuration did you have a day or two ago when Arch could access the internet?
Can you ping your gateway from the arch system? Can you ping the public address space on ppp0 on the Slackware system? Do you get name resolution?
Have you used tcpdump to look for network traffic? Do you see bidirectional traffic? Is traffic only going out and not coming back? Do you see outbound traffic on ppp0 which shows private addresses?
there's any solution to access the arch server from my slackware machine in any way thru the public ip (my domain still points to my slack machine, but from another pc not in the network works well)?
Fix your network first.
Last edited by devwatchdog; 02-04-2010 at 09:09 AM.
You can't access a host in your LAN using it's public IP address. For convenience you could enter it's local LAN IP address and domain name in /etc/hosts.
Use a netbook or something similar from a public wifi. Or have someone else try it. But you do need to configure your slackware machine to masquerate traffic for the web server and you need to make sure that port 80 is open on your arch machine.
You can test the functionality of your web server configuration from the Slackware computer, but use it's 192.168.0.2 IP address.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.