Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-25-2012, 04:04 PM
|
#1
|
LQ Newbie
Registered: Jun 2012
Posts: 6
Rep:
|
Accessing httpd behind a router
guys, this one has got me stumped. i know it has been talked about before but none of the threads gave me any answer.
i am using "netgear DGN-2200" wireless router (switched a few days ago after my previous moded failed to start one day)and the latest kubuntu-linux.
i always had a fairly active apache server that i use to develop web apps, which i do need to access from outside my wireless and from work.
so after the wireless-upgrade i made at home i cannot whatsoever access my IP address without hitting the router log-in page.
so far i figured out my computers MAC address and made a LAN reservation for 10.0.0.2 connecting to it.
ive made a router-firewall rule to pass HTTP:80 services to 10.0.0.2
took special attention to make sure remote-managment is off.
made sure that apache is listenning to port 80 (or at least, there is a command called "Listen 80" on ports.conf, and that this file is included in the apache2.conf)
BTW: accessing 10.0.0.2 from my computer on my browser DOES lead me to my apache server
soooo im just going crazy!
please help me!
|
|
|
06-25-2012, 05:51 PM
|
#2
|
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604
|
You more than likely need to assign a static IP to your router for that machine to route the requests to. If you have a static IP and have assigned it to your internal IP on the router as well as forwarding the port 80 you should have no problems. Although, I have never used netgear as I am not fond of their products but this is the setup that will work for Cisco/Linksys devices.
|
|
|
06-25-2012, 07:07 PM
|
#3
|
Moderator
Registered: Aug 2002
Posts: 26,211
|
Nope, your not crazy its just how a NAT router works. You will have try from a computer outside of your LAN. It does appear that you have the router and computer configured correctly.
FYI it might be against your ISPs rules to run a website from home and they might even block port 80.
|
|
|
06-26-2012, 06:37 AM
|
#4
|
LQ Newbie
Registered: Jun 2012
Posts: 6
Original Poster
Rep:
|
thank you, i appreciate your help.
i filed a complaint with my ISP and they should get back to me with an answer within the next few hours. thing is, i didnt have any problem running apache for years until i switched to this router, so im a little skeptic about them port-blocking me.
http://www.yougetsignal.com/tools/open-ports/
checking with this tool port 80 returns that it is closed. this is very frustrating.
my ISP`s IP is dynamic, however i did reserve a LAN IP to my computers mac-address (10.0.0.2). is there any other IP im not aware of?
finaly, i should mention that i tried accessing my home-server from work, from my mobile phone (on a 3G network) and from my own computer with http-proxy. all returnning either "bad-gateway" or "unable to reach page".
|
|
|
06-26-2012, 08:09 AM
|
#5
|
Senior Member
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,690
|
Quote:
so far i figured out my computers MAC address and made a LAN reservation for 10.0.0.2 connecting to it.
ive made a router-firewall rule to pass HTTP:80 services to 10.0.0.2
|
Have you set up port forwarding for port 80 to 10.0.0.2 in your router's config?
Play Bonny!
|
|
|
06-26-2012, 08:30 AM
|
#6
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Quote:
Originally Posted by Soadyheid
Have you set up port forwarding for port 80 to 10.0.0.2 in your router's config?
Play Bonny!
|
This.
It sounds like you just opened a firewall rule that will allow outside users to access your machine on port 80, but you never set up a forwarding rule so that incoming connections on port 80 are actually forwarded to that machine.
|
|
|
06-26-2012, 11:05 AM
|
#7
|
Senior Member
Registered: Aug 2010
Location: Near Edinburgh, Scotland
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,690
|
Quote:
It sounds like you just opened a firewall rule that will allow outside users to access your machine on port 80, but you never set up a forwarding rule so that incoming connections on port 80 are actually forwarded to that machine.
|
I'm not quite sure what you mean here. Within a routers set up GUI there's usually a means to configure port forwarding. I use it to allow Internet access to my nas device through a specific port. I haven't set up any firewall port access on either a computer or the nas device.
By specifying the port and the static IP of the device on the lan side of the router, that's the only place any external requests go.
Does that make sense?
Play Bonny!
|
|
|
06-26-2012, 02:20 PM
|
#8
|
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604
|
I still think the issue here is the dynamic IP and NAT translations on the router. If you get a static IP from your ISP and assign that secondary static IP in your router for the NAT translation to that 10.0.0.2 address and have done the router port forwarding as you say you have then all should work as it should.
|
|
|
06-26-2012, 02:24 PM
|
#9
|
LQ Newbie
Registered: Jun 2012
Posts: 6
Original Poster
Rep:
|
Quote:
Originally Posted by Soadyheid
Have you set up port forwarding for port 80 to 10.0.0.2 in your router's config?
Play Bonny!
|
hmmm well im not quite sure of that....
the firmware my router uses has no "Port forwarding\Port trigerring" entry, but instead uses "Firewall rules" and as a result im not so sure as to how im supposed to do this...
this is a screen capture of the firewall rules and the sidebar
http://www.linuxquestions.org/questi...1&d=1340738313
note that since my first message i accidently changed my computers LAN ip changed to 10.0.0.3 (changes to rules made accordingly) and that out of shear dispare i changed the "service name" to ALL.
|
|
|
06-26-2012, 02:29 PM
|
#10
|
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604
|
Thomas, the issue here is your IP! Lets say for example your ISP assigns you a dynamic ip of 64.66.122.88 or something of that fashion. When you try to send an http request to that IP it will route to your router, your router does not have that IP assigned to a NAT translation rule for an internal IP(each internal IP would need a static external IP to translate to) so it simply does its job and reject the connection or display a default web page that is hosted on the router. This is a security feature to help you and there is no way you can setup a dynamic IP to translate to an internal IP as far as I am aware due to the fact that it constantly changes.
So yes, your router is allowing inbound and outbound connections to your server on port 80 but there is no route to the server from external connections.
Think about it, if you had 10 servers setup behind the router you wanted to access over http you wouldn't be able to use just one IP, you would have to get a separate one for each and assign it to the internal IP on the router so your router knows where to send the traffic.
|
|
|
06-26-2012, 02:56 PM
|
#11
|
LQ Newbie
Registered: Jun 2012
Posts: 6
Original Poster
Rep:
|
Ok well i completely understand what you said... is there anyway i can set it manually?
i tried doing a "Static route" and i ran into a wierd problem where the router would set 10.0.0.3 to .0 and had absolutlely no affect...
EDIT: by "it" i mean a translation table or route...
Last edited by doubtingthomas; 06-26-2012 at 03:01 PM.
|
|
|
06-26-2012, 03:08 PM
|
#12
|
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604
|
Within your router you should be able to set a static IP to translate to internal. Most routers are using Cisco firmware or something proprietary but is very similar. A NAT rule is pretty simple, it tells your router/firewall that IP 1.1.1.1 translates to 10.0.0.1 and 2.2.2.2 translates to 10.0.0.2. Without a static IP you won't be able to set these rules as it will change.
|
|
1 members found this post helpful.
|
06-26-2012, 03:29 PM
|
#13
|
Member
Registered: Mar 2010
Location: There
Distribution: Linux Mint 17.1
Posts: 237
Rep:
|
disable NAT forwarding on your router.
|
|
|
06-26-2012, 03:36 PM
|
#14
|
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604
|
Quote:
Originally Posted by kindofabuzz
disable NAT forwarding on your router.
|
No.. and Why?
|
|
|
06-26-2012, 04:01 PM
|
#15
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
Quote:
Originally Posted by Kustom42
Thomas, the issue here is your IP! Lets say for example your ISP assigns you a dynamic ip of 64.66.122.88 or something of that fashion. When you try to send an http request to that IP it will route to your router, your router does not have that IP assigned to a NAT translation rule for an internal IP(each internal IP would need a static external IP to translate to) so it simply does its job and reject the connection or display a default web page that is hosted on the router. This is a security feature to help you and there is no way you can setup a dynamic IP to translate to an internal IP as far as I am aware due to the fact that it constantly changes.
|
That is incorrect. I think you're hung up on setups with multiple public, static IPs and using NAT to assign each one to a local machine...with a single external IP and an internal network you need to set things up completely differently. You assign the public IP to the router itself, and then use port forwarding to direct incoming connections to the various machines on the local network. Whether the external IP is static or dynamic makes absolutely no difference to the behavior of the system.
kindofabuzz is correct; turn off NAT, and set up port forwarding. I'm sure the router can do it, I've never found one that can't.
Last edited by suicidaleggroll; 06-26-2012 at 04:04 PM.
|
|
|
All times are GMT -5. The time now is 03:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|