Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-06-2008, 12:21 PM
|
#1
|
Member
Registered: Nov 2003
Location: Chicago western suburbs
Distribution: Linux Mint
Posts: 75
Rep:
|
Linksys WRT54G Port Forward or DMZ
Hello Everyone,
I would like to make my home Ubuntu web/ftp server accessible to the internet. My hardware stack is:
[SpeedStream 4100 DSL Modem]
[Linksys WRT54G Router] (Firmware Version: v1.02.2, Jun. 7, 2007)
[Wired Windows-1]
[Wired Windows-2]
[Wired Ubuntu]
[Wireless Windows Laptop]
My understanding is that with the WRT54G in place, it is necessary to use either Port Forwarding or DMS to the IP address of the Ubuntu box to make it visible to the outside world.
How can I do this? The things I have tried are shown below. Variations include rebooting Ubuntu and the WRT54G.
Thanks,
Mark
Configuration 0 (Sanity Test)
---------------
Plug Ubuntu directly into the SpeedStream.
Run 'ifup' and 'ifdown' to settle the IP address.
Get external IP address from SpeedStream.
Test http, ftp, telnet from the internet side.
Everything works!
Configuration 1 (Desirable)
---------------
Verify Ubuntu's local IP address from Windows.
Set Port Forwarding of ports 20-23 and 80-80 to Ubuntu's address.
Test http, ftp, telnet from the internet side.
No response.
Configuration 2 (Acceptable)
---------------
Verify Ubuntu's local IP address from Windows.
Enable DMZ for Ubuntu's address.
Test http, ftp, telnet from the internet side.
No response.
Configuration 3 (Grasping at straws)
---------------
Do Port Forwarding and DMZ at the same time.
No Response.
|
|
|
01-06-2008, 01:05 PM
|
#2
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
On the linksys you can do two things. Post forward the desired external wan ip/port to the internal lan ip/port. What you what to do first is define a static IP to the Ubuntu machine so it always has the same internal lan IP when it boots up.
Example to foward ssh connection
You add a port foward from the external which is default port 22 to the static IP set on the ubuntu machine port 22. Then on Ubuntu if there is a firewall enabled it either needs to be disabled or open port 22 through it.
To forward as DMZ it means to forward any data recieved on wan conection directly to the lan IP defined machine. Which what happens is when one connects to to your wan IP what they see is the machine itself. It would be like if the Ubuntu machine was directly connected to modem. Again if firewall exist it needs to be disabled which in this case would not be advisable. Better to have firewall active and open only the needed ports.
Brian
|
|
|
01-06-2008, 01:52 PM
|
#3
|
Member
Registered: Nov 2003
Location: Chicago western suburbs
Distribution: Linux Mint
Posts: 75
Original Poster
Rep:
|
Hi Brian,
Thanks for the reply.
The WRT54G has a local IP address of 192.168.2.1 and is set to 10 DNS clients.
I set the Ubuntu box to 192.168.2.100.
It's ftp, telnet, and http are reachable from the windows machines on the router side and it can browse the web.
The two approaches were tried for the static IP: (1) DMZ enabled for 192.168.2.100, and (2) with Port Forwarding for 20-23 and 80 for 192.168.2.100. (By the way, which ports do you suggest forwarding?)
An outside machine still cannot ping, ftp, telnet, or http to the Ubuntu machine. The modem's IP address was tested two different ways.
Any other ideas?
Mark
|
|
|
01-06-2008, 02:31 PM
|
#4
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
If you set the DMZ to point to your Ubuntu machine you do not need to define any port forwarding. All DMZ does it make the machine look like it is already on the outside like it is the only thing connected to modem. So looks like no firewall or at least the needed ports because you can access from other lan machines.
Has there been anything added to say /etc/host.allow or /etc/host.deny to only use local lan IPs?
On the machine goto here and see what ports are seen.
http://www.pcflank.com/test.htm
Brian
|
|
|
01-06-2008, 05:05 PM
|
#5
|
Member
Registered: Nov 2003
Location: Chicago western suburbs
Distribution: Linux Mint
Posts: 75
Original Poster
Rep:
|
I have been trying DMZ and Port Forwarding independently and Port Forwarding would be my preferred solution.
The hosts.allow and hosts.deny files are out-of-the-box with only comments, no entries. This should be 100% open which corresponds to my modem-to-ubuntu experiment.
Running the PCFlank test resulted in:
http://www.pcflank.com/details.html
Warning!
The test found visible port(s) on your system: 1080, 3128
Warning!
The test found visible ports on your system: 27374, 12345, 1243, 31337, 12348.
The following Trojans use these ports: SubSeven, NetBus, SubSeven, Back Orifice,
BioNet
Although these ports are visible, they are not open, so your system is not infec
ted. However, having visible ports on your system means your computer can be "se
en" over the Internet. This makes it very easy for skillful intruders to explore
your system.
This was on the ubuntu box with DMZ enabled for its ip address.
What's going on here? Can anybody do Port Forwarding or DMZ with a Linksys WRT54G????
Mark
|
|
|
01-06-2008, 10:32 PM
|
#6
|
Member
Registered: Nov 2003
Location: Chicago western suburbs
Distribution: Linux Mint
Posts: 75
Original Poster
Rep:
|
Good News,
I had a long internet chat with Linksys and they ultimately told me to:
1. Hit the reset button for 10 seconds with power on
2. Remove power for 10 seconds
3. Power up and restore my settings
Now both DMZ and Port Forwarding work as expected.
By the way, googling for "WRT54G Port Forward Failure" gets lots of hits. I don't know what's going on here, but Linksys does have good support.
Thank you Brian
|
|
|
01-07-2008, 03:45 PM
|
#7
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Glad to see you got it working.
Brian
|
|
|
All times are GMT -5. The time now is 01:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|