LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-22-2003, 08:23 AM   #1
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Rep: Reputation: 15
Cannot access any services outside local network


Hello all! This is my first time posting, and I would like to add that simply by reading this forum, many of my questions have been answered! Great forum!

But this time I have a different question. I set up a box with RedHat 9 on it to run as a httpd/ftp/ssh/mail server. Everything works great from within my local network. But as soon as I try to access any of those from outside my local network, I cannot get in. I have used the "setup" command, and changed the firewall settings to none, since I am behind a different firewall, and have also opened up the appropiate ports on the perimiter firewall.

One note is that I am using the ods.org DNS service, and I have changed the hostname on this Linux box to match that of my ods.org name.

Any ideas on what might be causing a problem here?

 
Old 07-22-2003, 09:48 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
issue :

service iptables stop

as you are already behind a different firewall.

This will disable iptables totally.

Check whether you are now able to conect to the desired services.
 
Old 07-22-2003, 09:50 AM   #3
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
Thanks for your reply.

Is that different from changing the firewall settings via RedHat's "setup" command?
 
Old 07-22-2003, 09:56 AM   #4
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Not sure, I have never used the firewall settings from setup. If you have set it to "None", that should have a similar effect.

You can use the tcpdump command

tcpdump host <external host's IP>

to check what is exactly happenning.
 
Old 07-22-2003, 09:58 AM   #5
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
I will try that during lunch today and let you know! Hopefully it is as simple as that!

Thanks ppuru and I will let you know!
 
Old 07-22-2003, 01:06 PM   #6
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
Well I tried '/etc/init.d/iptables stop' to kill my firewall process, then tried to access webnoelle2.ods.org (which is my dns name), and still nothing.

Any other ideas?
 
Old 07-22-2003, 01:29 PM   #7
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
run tcpdump and watch what is happenning; you will get a good understanding of whether any traffic is actually hitting your box, whether your box is not responding, etc.

The problem could also be as simple as your network card not activated or wrong gateway ... just stating possibilities.

Last edited by ppuru; 07-22-2003 at 01:31 PM.
 
Old 07-22-2003, 01:53 PM   #8
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
I am not at the system now, so I will have to wait until I get home to try that out.

But isnt it weird that everything works fine from within the local network, but as soon as you go outside of that nothing works? I have tested the port forwarding on the external firewall as well and everything works fine with that box.

I was reading about the /etc/hosts file in another thread here where someone messed up their apache by changing the host name. Could this possibly cause the same experience as me, just multiplied by 3 for ssh, ftp, and http?

Again, I want to express thanks for your help (mainly ppuru).
 
Old 07-22-2003, 07:40 PM   #9
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
hey ppuru, I ran tcpdump as you suggested, and got some interesting results. Although I do not have any clue how to decipher these.

Here is a small snippet:
19:36:44.224482 hp.mshome.net.domain > 192.168.0.9.32769: 38239- 1/0/0 (105)
19:36:44.225027 192.168.0.9.32769 > hp.mshome.net.domain: 38240+ PTR? 9.0.168.192.in-addr.arpa. (42) (DF)
19:36:44.245851 hp.mshome.net.domain > 192.168.0.9.32769: 38240 NXDomain* 0/1/0 (110)
19:36:44.246665 hp.mshome.net.domain > jasondesktop.mshome.net.1028: 41* 1/3/3 A hp.ce1.client2.attbi.com (157)
19:36:44.247056 192.168.0.9.32769 > hp.mshome.net.domain: 38241+ PTR? 151.16.97.65.in-addr.arpa. (43) (DF)
19:36:44.247359 jasondesktop.mshome.net.1298 > hp.ce1.client2.attbi.com.http: S 591756700:591756700(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
19:36:44.247684 hp.ce1.client2.attbi.com.http > jasondesktop.mshome.net.1298: R 0:0(0) ack 591756701 win 0
19:36:44.248810 hp.mshome.net.domain > 192.168.0.9.32769: 38241- 1/0/0 (106)
19:36:44.305162 hp.mshome.net.domain > 192.168.0.9.32769: 38240 NXDomain* 0/1/0 (103)
19:36:44.305210 192.168.0.9 > hp.mshome.net: icmp: 192.168.0.9 udp port 32769 unreachable [tos 0xc0]
19:36:44.708417 jasondesktop.mshome.net.1298 > hp.ce1.client2.attbi.com.http: S 591756700:591756700(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
19:36:44.708811 hp.ce1.client2.attbi.com.http > jasondesktop.mshome.net.1298: R 0:0(0) ack 1 win 0

What does this mean?

Thanks again.
 
Old 07-22-2003, 11:33 PM   #10
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Quote:
Originally posted by webnoelle
---- (1)
19:36:44.247359 jasondesktop.mshome.net.1298 > hp.ce1.client2.attbi.com.http: S 591756700:591756700(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)

19:36:44.247684 hp.ce1.client2.attbi.com.http > jasondesktop.mshome.net.1298: R 0:0(0) ack 591756701 win 0
----(2)
19:36:44.248810 hp.mshome.net.domain > 192.168.0.9.32769: 38241- 1/0/0 (106)
19:36:44.305162 hp.mshome.net.domain > 192.168.0.9.32769: 38240 NXDomain* 0/1/0 (103)
----(3)
19:36:44.305210 192.168.0.9 > hp.mshome.net: icmp: 192.168.0.9 udp port 32769 unreachable [tos 0xc0]
----(4)
19:36:44.708417 jasondesktop.mshome.net.1298 > hp.ce1.client2.attbi.com.http: S 591756700:591756700(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
19:36:44.708811 hp.ce1.client2.attbi.com.http > jasondesktop.mshome.net.1298: R 0:0(0) ack 1 win 0
(1) - jasondesktop sent a http request to hp.ce1.client2.attbi.com
AND
hp.ce1 has replied
(2) - dns traffic
(3) - 192.168.0.9 sends a icmp response?? to hp.mshome.net
(4) - same as (1).

But no traffic from webnoelle2.

you can do a tcpdump host <ip of external host>

to check the traffic between your system and the external host you are connecting from.

Last edited by ppuru; 07-22-2003 at 11:38 PM.
 
Old 07-23-2003, 01:41 PM   #11
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
So this is saying that the "router system" (which is directly attached to the internet) is not allowing traffic to go through?

And I would do 'tcpdump host <ip of external host>' which would give the traffic between the system connected directly to the internet and the client? I am beginning to get confused as to what systems we are talking about right now.

Let's use names, the RedHat box is the system in question, then you have the "HP" which is the gateway for the internet (connected directly), and you also have the client. This will help me clear some things up.

So basically, I want to do 'tcpdump host <ip of hp's external IP>' correct? We are doing this because the RedHat box is not even recieving traffic?

Thanks again.
 
Old 07-24-2003, 03:19 AM   #12
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
There is traffic going across but I am not sure whether it is the traffic that you want to hit your system.


Internet -------- HPMachine ------- RedHatPC ------- Client

Is this your setup?

by running tcpdump host, you will know whether any traffic from your favorite host is reaching your linux server. Run the tcpdump comand on your linux server.

Last edited by ppuru; 07-24-2003 at 06:42 AM.
 
Old 07-24-2003, 04:26 AM   #13
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
There's a firewall machine/device between youe network and the internet yah?

You've opened the ports but have you any port forwading/routing rules to ensure that external http,ssh etc requests get routed to the proper machine? If you have ignore me.
 
Old 07-24-2003, 08:28 AM   #14
webnoelle
Member
 
Registered: Jul 2003
Distribution: Red Hat
Posts: 37

Original Poster
Rep: Reputation: 15
My setup is:
Client2- - Client
\ /
Internet ------ HPMachine (WinXP) ---- RHServer

In which the HPMachine is running Windows XP's port forwarding. And I have opend up the ports via the Windows XP machine to allow traffic in.

I did some more research, and I get a "Page Cannot be Displayed" error from within the local network, but I cannot ping, or get any response from the RHServer from outside the local network (ie Client 2). This is really puzzling me, as it seems that more and more pieces are being added then twisted around!?

I appreciate your help guys!

Edit:

It messed up my ASCII drawing, so I will try again
http://webnoelle.ods.org/images/network_drawing.gif

Last edited by webnoelle; 07-24-2003 at 08:47 AM.
 
Old 07-24-2003, 09:26 AM   #15
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
Well if webnoelle2.ods.org website is hosted on one of those machines a guess the good news is it's reachable by others, me at least from the outside as is ftp.

Not sure about changing the hostname because if above is true it isn't stopping me connecting, know diddly about XP port forwading or firewall, maybe it s stopping external connections that originate from the same IP as itself, (yup I'm guessing )
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Network access problem morbius SUSE / openSUSE 3 06-17-2005 09:45 AM
Can't access external server from local network newuser455 Linux - Networking 7 05-30-2005 01:47 AM
No access to the local network (Suse 9.2) zenith_zth Linux - Networking 28 03-07-2005 01:47 PM
Can't access external server from local network newuser455 Linux - Networking 4 11-26-2004 03:09 PM
Vector Linux : Can ping local network, can't access internet JoeLinux Linux - Networking 7 12-25-2002 11:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration