Unable to connect to Website Once outside the network
Dear all experts,
I am now facing a problem with my web server. I have no problem connecting to my website within the company network but once I try to connect from outside, it will say "The requested URL could not be retrieved". But I have no problems with PING from inside and outside the network. :confused: I have looked thru the forum and some of them is also facing this problem. I tried their methods and it still doesn't work. And also I have just configured the following, but still it doesn't work either. <Directory "/var/www/html"> Options Indexes Includes FollowSymLinks Order deny,allow AllowOverride None Allow from all </Directory> My firewall is currently enabled, and WWW (http) is my trusted services, eth0 is my trusted device. As for iptables, I Accept connections coming for port 80. No luck too when I turned off the firewall and iptables. This is my site.. enterprise.ise.nus.edu.sg (if anyone can see this site, pls let me know =) ) I got a friend to do a tracert for me and this is the results. (but i don't if this can contribute to solving the problem) At #15, it manages to reach nusnet-3-193.dynip.nus.edu.sg but after it got timeout . What does this mean? ------------------------------------------------------------------------------------- 1 2 ms 2 ms 1 ms host-203-92-100-167.lga.net.sg [x.x.x.x] 2 16 ms 16 ms 16 ms host-203-92-91-53.lga.net.sg [x.x.x.x] 3 21 ms 21 ms 19 ms host-203-92-90-226.lga.net.sg [x.x.x.x] 4 22 ms 20 ms 19 ms host-203-92-84-25.lga.net.sg [x.x.x.x] 5 19 ms 32 ms 24 ms host-203-92-84-18.lga.net.sg [x.x.x.x] 6 41 ms 229 ms 189 ms 61.8.233.173 7 22 ms 26 ms 25 ms ge-1-0-0.r00.sngpsi01.sg.bb.verio.net [x.x.x.x] 8 206 ms 187 ms 190 ms p1-0-1-2.r80.sttlwa01.us.bb.verio.net [x.x.x.x] 9 195 ms 204 ms 227 ms p16-1-1-1.r21.sttlwa01.us.bb.verio.net [x.x.x.x] 10 212 ms 195 ms 187 ms p16-2-0-0.r03.sttlwa01.us.bb.verio.net [x.x.x.x] 11 228 ms 224 ms 210 ms p1-0.usngp.sttlwa01.us.bb.verio.net [x.x.x.x] 12 178 ms 186 ms 186 ms pos1-0.pgp-cr1.singaren.net.sg [x.x.x.x] 13 192 ms 197 ms 194 ms ge3-9.pgp-dr1.singaren.net.sg [x.x.x.x] 14 204 ms 289 ms 258 ms nus-pgp-border.singaren.net.sg [x.x.x.x] 15 188 ms 186 ms 190 ms nusnet-3-193.dynip.nus.edu.sg [x.x.x.x] 16 * * * Request timed out. 17 * * * Request timed out. 18 * * * Request timed out. 19 182 ms 188 ms 190 ms enterprise.ise.nus.edu.sg [x.x.x.x] |
Check ur DNS ip address entry !
-jack |
How will I know that my entry is correct? Any guides?
|
Which distro r u using ?
=============== For Mandrake 9.2 # cat /etc/resolv.conf nameserver 192.168.1.2 ------------------------------ above ip is the address my DNS. Try finding the reolv.conf or related file as per ur distro and put ur DNS entry over there. -jack |
I am using RHEL 3
my /etc/resolv.conf shows nameserver 137.132.123.4 nameserver 137.132.5.2 ; generated by /sbin/dhclient-script domain enterprise.ise.nus.edu.sg search nus.edu.sg |
Looks like to me the tracert hit your site. The three with * * * just mean those routers weren't returning those requests. But the last was was your web server.
Your DNS info is correct. I found it on http://www.dnsstuff.com/ May be a firewall issue. |
I ran the dnsreport and results is
[ERROR: The parent servers say that the domain enterprise.ise.nus.edu.sg does not have any NS records (although they may have some other information on that zone). I can not do a DNS report on a hostname (such as mail.example.com) or a domain name that does not have its own zone.] Can someone explain to me, in layman terms. I am rather bad with all these networking details. |
ise.nus.edu.sg is your domain name. A "registered" domain name must list the authoritative name servers that will answer DNS queries for that domain name. This is done using Name Server (NS) records.
...while enterprise.ise.nus.edu.sg is a host within the above domain space. AKA: fully qualified domain name (fqdn) Host entries are referenced with address (A) records in DNS, not NS reocrds. This is why dnsreport gave you the error you posted. Try using dnsreport again using your domain name instead. The only error I saw was the lack of MX records. |
Actually, nus.edu.sg is our domain name
We got 2 servers, one is www.ise and the other is of course belongs to me, enterprise.ise So am I right to say I must get the people at nus.edu.sg to add enterprise.ise to their DNS? |
Quote:
Currently, enterprise.ise.nus.edu.sg is listed as a host (address record) within the domain ise.nus.edu.sg, not a domain name. If your goal is to create a domain name enterprise.ise.nus.edu.sg, then you would need to contact the DNS admin at ise.nus.edu.sg. The DNS admin would then have to add the proper delegation records (NS records) that point to the authoritative name servers for enterprise.ise.nus.edu.sg. See below: Code:
[scowles@excelsior scowles]$ dig +short enterprise.ise.nus.edu.sg a |
Ok. I will check with the respective peoples first. It might take me a few days.
|
It appears that enterprise.ise.nus.edu.sg (137.132.166.170) is being seriously firewalled. According to nmap: all priveledged ports (ones less than 1024) are filtered except: 113/tcp auth, 389/tcp ldap, 522/tcp ulp,
577/tcp vnas which are all closed. In fact, the only open ports on this IP address at all are: 6000/tcp open X11 7100/tcp open font-service 8000/tcp open http-alt 32773/tcp open sometimes-rpc9 and these you may not want open. If you request a web page on port 80000, it closes the connection without a response. Hope this helps. Bill Jennings |
But when I do a nmap on myself, this is what i get
Port State Service 22/tcp open ssh 80/tcp open http 199/tcp open smux 443/tcp open https 6000/tcp open X11 7100/tcp open font-service 32773/tcp open sometimes-rpc9 Could it be the firewall at nus.edu.sg that is blocking the incoming request? |
When you nmap yourself, where are you coming from?
When I traceroute (ICMP) to 137.132.166.170 from the internet at large, I get through (with three routers just before 137.132.166.170 not responding). BUT... when I tcptraceroute (ssh) to 137.132.166.170, it dies just after nus-pgp-border.singaren.net.sg (202.3.135.130). The next hop in the ICMP traceroute is nusnet-3-193.dynip.nus.edu.sg (137.132.3.193). Judging by the name, I'd say that the edge router for singaren.net.sg is trying to protect it's dynamically-assigned customers/students (e.g. nusnet-3-193.dynip.nus.edu.sg) by firewalling the bejesus out of all incoming traffic. They may not want you running a server there. Hope this helps. Bill Jennings |
oops.. stupid me. I nmap myself in the nus.edu.sg network. Of coz I get reach myself.
Since you mention about ICMP, I've got a line in my iptables stating -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited Is this line the culprit?:scratch: |
All times are GMT -5. The time now is 12:49 PM. |