Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Fedora Core 2.
I have a linksys router, port forwarding (uPnP) two external ports (high numbers) to shh and http to my linux box (22,80) I can access my linux webserver via the internal network address on port 80. But I can't access them externally. I have tried enabling the services in the redhat firewall and then just disabling the firewall. Still no dice. I can see the via the logs on the router incoming requests to the correct external port from other people. My own requests to my external IP don't show up, but I am not too worried about that.
My question is what could possibly be interfering with the packets coming in and not getting to my firewall. What are some of the magic linux network commands I could use to find out where the address is getting dropped. Ideally I would like to get this working with the firewall up, another layer of protection and all, but worried about just getting it working.
try running up tcpdump or tethereal (preferable) against the interface you are port forwarding to. It'll tell you if your linksys is forwarding packets and let you make an informed decision about where the problem lies.
"You will have to set up Port Forwarding. The requests to port 80 are hitting your router and your router is not your web site - your web server is. You need to tell your router that requests on port 80 are sent to your web server. Your router most likely has a web interface that you can connect to to set up Port Forwarding. Forward port 80 to the internal ip address of your web server - 192.168.0.x or whatever your internal subnet is."
a guess what do you mean with firewall
oops just seen "redhat firewall" .its not your firewall your link sys router is the answer to your problem hopefully
My router is a firewall of sorts I guess. But I believed that the firewall that is part of fedora was my problems, but disabling it still didn't yield any results.
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150
Rep:
But NATurally you follow the links
http://www.homenethelp.com/web/explain/about-NAT.asp
What If I want to host a server?
Most NAT devices allow you to create maps between the internet and your computer network - this is called port forwarding. Example: A request on port 80 from the Internet (looking for a web server on your IP address) would normally be turned away by a NAT device. A special mapping can be set up to send that request from the internet to a specific computer on your network. One of your LAN computers could host a web server on the Internet, and another computer (or the same one) could host an FTP server because the two services work on different ports. Only a few special programs on the internet will not work using this port forwarding system.
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150
Rep:
Seriously try the Network Adress Translation. If that doesn't work then go for the fancy tools imo.
Occam's Razor
PRINCIPLE OF PARSIMONY OR PRINCIPLE OF SIMPLICITY
a criterion for deciding among scientific theories or explanations. One should always choose the simplest explanation of a phenomenon, the one that requires the fewest leaps of logic.
Ok forwarding an high numbered port on the router side, to port 80 on the linux box (where httpd is running).
Using tethereal I captured the following:
So the request packets are getting through the router and to my linux box. The port (2913) is not the external port, I guess the router is switching it to a different port on the internal side (192.168.1.1). However I don't see the webpage in my browser. Do I have to tell apache it is behind a router and to behave differently?
internet <-> linksys router <-> internal network (192.168.1.xxx)
I don't want port 80 on the external side, that would open me up to any port scanning on port 80. I want a different port to go to port 80. This should be possible, even when I switch it to port 80 on the router forwarding to port 80 on the linux box I get the same issues.
Distribution: Debian, Suse, Knoppix, Dyna:bolic, Mandrake [couple of years ago], Slackware [1993 or so]
Posts: 150
Rep:
Redirecting Around A Port 80 Block
Many Internet Service Providers (ISPs) choose to block traffic bound for their customers' port 80, the port used for web traffic. This is usually done for security or policy reasons, and makes it difficult (but not impossible) to run a web server.
This can be solved using either our MyWebHop (with Custom DNS) or WebHop (with Dynamic DNS or Static DNS) by creating a redirection to a URL which includes a non-standard port number.
Which port does your web server use then? You will need to add :<port number> to your web brower address line to access the server then, and have this port forwarded to the server computer (192.168.1.100).
interesting dump. your linux box is sending back RST packets to the client (RFC 793) - are you sure you don't have any filters running? it could be tcpwrappers (/etc/hosts.deny or /etc/hosts.allow), a stray ipchains, iptables or ipf rule, or an ACL perhaps in your apache config ...
you could always put your linksys into bridging mode and run it that way - take port forwarding/NAT etc out of the equation. may not be practical depending on your setup.
Originally posted by angrybeaver interesting dump. your linux box is sending back RST packets to the client (RFC 793) - are you sure you don't have any filters running? it could be tcpwrappers (/etc/hosts.deny or /etc/hosts.allow), a stray ipchains, iptables or ipf rule, or an ACL perhaps in your apache config ...
you could always put your linksys into bridging mode and run it that way - take port forwarding/NAT etc out of the equation. may not be practical depending on your setup.
both hosts.deny and hosts.allow are empty. ip tables is empty, it doesn't look like I have ipchains installed.
ipf doesn't seem to be supported by the newer kernels, and it doesn't look like its installed.
As for ACL I haven't changed anything from the default, I did not find any .htaccess files, or .acl files on my system.
As far as using port 80 on the router side, it produces the same result posted above as using a different external port and forwarding it to port 80 on the linux box (accessing via http://externalip:externalport )
I tried using the DMZ option, and got the same RST result.
8.557715 192.168.1.1 -> 192.168.1.100 TCP 4746 > http [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460
8.557935 192.168.1.100 -> 192.168.1.1 TCP http > 4746 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
I could try rebooting and seeing if it fixes anything, something is seriously messed up. What's strange is I often run bittorrent, which also use ports forwarded from the router, and it works fine, I am going to double check those results again though.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.