RH9 system accessible from LAN, not from internet
Hi guys
I've got a RH9 system on an intranet, behind a router, at home. I can access it just fine from the intranet, when we're all behind the router in the house. I can SSH, view webpages off its Apache instance, etc. I want to access this machine from work. As an experiment, I forwarded port 22 and 80 on my router, for SSH and HTTP access to the machine. I got my router's current IP at that time (my ISP assigns dynamic IPs, I'm just testing...) which only change when you switch the router off and on (it then gets a new IP each time). However, I cannot get the Linux machine to respond either on 22 or 80. I then tried to access IIS7 running on my Windows 7 machine from work (obviously using the same router and temporary IP) at the same time, and that worked 100%. (I've got an assistant at home to help.) E. g. my router is correctly configured, and if I know its external IP at that time, I can freely use it to access my Windows 7 machine's IIS instance, over the internet. Any idea why my Linux machine refuses to communicate? I did a tcpdump on the Linux machine, and you can see me coming in over the router (some packets are listed that come from my work IP address) when I try both HTTP and SSH access on it. The packets are very few though, much less than when, for example, I come into the machine on the intranet in my house into port 22 or port 80. So the router is definitely correctly configured and forwarding packets sent from "outside" to the correct ports. Why does my Windows 7 machine respond normally on HTTP when I access it over my home router from work, but the Linux machine does receive at least some packets, but semantically it never responds? I'm not running any form of firewall on the machine, I've already turned iptables off just to try and get this working. Thanks! |
Quote:
|
May be firewall of your RH( configured to allow access only from your internal network?
And I too support what Hangdog42 said about using more recent distro. |
Ok, I've managed to get hold of another system with FC11.
I also changed to a completely different locale, with a different router made by a different company. It is still the same ISP (Telkom South Africa) but with another ISP account completely as well. Still on copper (ADSL) but in a completely different part of town. I'm having the exact same issue here too... forwarded the relevant ports just like on the "first" router I was experimenting with. I wonder if this is something the ISP explicitly blocks on its network? E. g. not allowing its DSL end-subscribers to transfer SSH packets somehow? How can I then still SSH "out" to online machines? The most baffling part is that a Windows 7 machine at the new locale is -also reachable, just like the other one at the first locale was reachable - but the Linux machine again refuses to play ball. I know of the security issues, but I disabled iptables and SELinux on this FC11 machine too, just to test (I'll put it back, no worries) - still nothing... Thanks for the responses! Regards, |
Quote:
Here's my rationale. The router at my "first locale" is also my switch - it has integrated Ethernet ports which I use. If I SSH from machine A on my LAN, say, with IP 192.168.0.4, the packets "come from" 192.168.0.4, which is fine and dandy, it is in the local subnet so the Linux machine responds and I can SSH into it (its IP is 192.168.0.1). Now, if the SSH packets are generated by 192.168.0.2 (the router) shouldn't it behave in exactly the same way as it does if the SSH packets come from 192.168.0.4? How does it "detect" that something comes from the local network (vs. the internet) if all it has is IP addresses that are all still in the same subnet? Does forwarding of a port on a router though MEAN that forwarded packets still retain their original originating IP, and do not acquire the router's internal IP if they get transferred "inside"? Sorry, big noob on this. Thanks! |
Quote:
Quote:
Quote:
Quote:
Quote:
By the way, while FC11 is a nice step up from RH9, it is still obsolete and I believe unsupported. FC14 is the current issue and you really, really, really want to have a fully supported OS on any box you're exposing to the Internet. If you want to have this as a long term server, you don't want a fast moving distro like FC. Something like CentOS/RHEL, Debian, Slackware or one of the *buntu LTS releases are a much better choice. |
Thank your very much for your long and detailed reply. :)
You've given me some things to try at least. I'll go and play around and see what I can come up with. Thanks again for the advice. Much obliged! |
Does the internet side of your modem have an Internet IP address, or is it in one of the private ranges. Some DNS ISPs issue IP addresses in a private range, which means you are behind their NAT router as well, and traffic originating from outside the ISP's network can't initiate a connection.
The ports that are normally blocked by an ISP are the ones used for email (to cut down on spam from infected computers) and the ports for Windows file sharing. |
All times are GMT -5. The time now is 12:29 AM. |