Can't "see" web server outside Netgear RT314 router.

Can't "see" web server outside Netgear RT314 router.

Post by James D. Keelin » Sun, 21 Jan 2001 09:37:23



Hello, I have DSL with a dynamic IP address.  My network has a Netgear RT314 router/switch,
two Macs and a Linux box running RH 7.0.  On the RH box I have two servers which I want to
be seen by the Internet, httpd (80) and sshd (22).  My plan, for now, is to note the current
external IP address assigned to the router and contact my network via ssh client or a web
browser.  In the future I may sign up for DynDNS or DynDDS to "register" the dynamic IP.

I can access these ports from behind the router using the internal addresses.  However, when
I try to get in from a computer outside the network using the external IP address, the web
browser responds that the server is not responding.  

I am guessing that some aspect of port filtering or built-in firewall is not allowing the
port 80 traffic to be sent to the Linux box.  I have read the manual carefully and section
6-3 "Configuration for Local Servers" is the only one which seems to address this issue.
After following its directions, I cannot get an external connection to work.  All three
computers can "see" the Internet fine.

If you can cc replies to my e-mail address, I would appreciate it.

James D. Keeline

 
 
 

Can't "see" web server outside Netgear RT314 router.

Post by James D. Keelin » Mon, 22 Jan 2001 15:59:30



> Hello, I have DSL with a dynamic IP address.  My network has a Netgear RT314 router/switch,
> two Macs and a Linux box running RH 7.0.  On the RH box I have two servers which I want to
> be seen by the Internet, httpd (80) and sshd (22).  My plan, for now, is to note the current
> external IP address assigned to the router and contact my network via ssh client or a web
> browser.  In the future I may sign up for DynDNS or DynDDS to "register" the dynamic IP.

> I can access these ports from behind the router using the internal addresses.  However, when
> I try to get in from a computer outside the network using the external IP address, the web
> browser responds that the server is not responding.

> I am guessing that some aspect of port filtering or built-in firewall is not allowing the
> port 80 traffic to be sent to the Linux box.  I have read the manual carefully and section
> 6-3 "Configuration for Local Servers" is the only one which seems to address this issue.
> After following its directions, I cannot get an external connection to work.  All three
> computers can "see" the Internet fine.

> If you can cc replies to my e-mail address, I would appreciate it.

> James D. Keeline


Yes, someone sent me e-mail which helped to spot the trouble.  Since I
can see the servers behind the router then we can assume that they are
running.  There are two things to check to make sure that Internet
traffic reaches the computer behind the router.

First, use option 15 in the router configuration menu (get there via
telnet 192.168.0.1).  If you want Secure Shell, FTP, and HTTP to work
make the table look something like this:

                           Menu 15 - SUA Server Setup

                    Port #         IP  Address
                    ------       ---------------
                   1.Default       0.0.0.0
                   2.  0           0.0.0.0
                   3.  80          192.168.0.4
                   4.  22          192.168.0.4
                   5.  0           0.0.0.0
                   6.  21          192.168.0.4
                   7.  0           0.0.0.0
                   8.  0           0.0.0.0
                   9.  0           0.0.0.0
                  10.  0           0.0.0.0
                  11.  0           0.0.0.0
                  12.  1026        RR Reserved

                    Press ENTER to Confirm or ESC to Cancel:

Port 22 is ssh and 21 and 80 are FTP and HTTP.  The IP address is the
internal address where the server is located.  I have found that this
does not change as long as there isn't another hub or switch for more
than four computers.

Next, and this is the part that got me, you need to go into the filter
configuration (menu item 21) and modify the 3rd filter so it looks like
this:

                        Menu 21.3 - Filter Rules Summary

 # A Type                       Filter Rules                              M m n
 - - ---- --------------------------------------------------------------- - - -
 1 Y IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23                             N D F
 2 N IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21                             N D N
 3 N IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80                             N D F
 4 N
 5 N
 6 N

Note the settings in the "A" column and the "n" column.  A "Y" in the "A"
column will block traffic from that port.  In this case, we don't want to
let port 23 (telnet) traffic to come through via the Internet.  Many hacks
come through telnet access.  Ports 21 (FTP) and 80 (HTTP) were blocked but
I changed them to no block in the "A" column.

The "F" in the "n" column indicates that the traffic should be "forwarded"
as defined in the routing table.  I don't know why port 23 has this setting
since it is blocked by the filter but it works and I can't telnet in from
outside the router but I can do so behind the router so this is ok.

To test this, I had to telnet to an external account I have and use its
telnet client to go back into my system.  I had a little difficulty finding
the temporary IP address assigned to my DSL modem.  The way I use right now
is to use menu option 24 (System Maintenance) and then menu option 1 for
System Status:

                     Menu 24.1 - System Maintenance - Status

Port   Status        TxPkts      RxPkts    Cols    Tx B/s    Rx B/s     Up Time
 WAN     PacBell     334814      424392       0         0         0     3:03:21
 LAN   100M/Full     440577      343019       0       250        92    70:02:56

Port   Ethernet Address        IP Address           IP Mask       DHCP
 WAN  00:a0:c5:e3:79:57    63.204.107.194   255.255.255.255       None
 LAN  00:a0:c5:e3:79:56       192.168.0.1     255.255.255.0     Server

     System up Time:    70:03:02

     Name: pacbell.net.keeline.com
     Routing: IP
     RAS F/W Version: V3.20(CA.0) | 6/28/2000

The WAN IP address (63.204.107.194) is what I have at this moment.  That IP
has been up for a little more than 3 hours, suggesting that it changes fairly
frequently.  Meanwhile it has been some 70 hours since I reset the router.

The router can be configured to use DynDNS or DynDDS accounts and I may do
this in the future.  The idea here is that a signal is sent every 10 mins
or so to update the current dynamic IP address.  Traffic to your account
with one of these services is routed to the current dynamic IP.  I don't
know if there is a fee for the subscription to this service.  It isn't a
replacement for a real server but it is good for practice and development.

I hope this helps others.

James

 
 
 

Can't "see" web server outside Netgear RT314 router.

Post by Mark Paul » Sat, 03 Feb 2001 03:19:18


Did you do anything special to get the SSH stuff working??
I am trying this, and I can't seem to get the SSH to go through
my RT311.  I have opened up port 22 under Menu 15,
but my SSH command in through firewall just times out.  But
I can SSH locally.

I didn't know about the DynaDNS stuff.  My solution was going to be
to write an expect script that would be kicked off via cron every
hour, and it would pull the ISP IP from Menu 24/1, and then push
it to some homepage of mine as a hot link.



> > Hello, I have DSL with a dynamic IP address.  My network has a Netgear RT314 router/switch,
> > two Macs and a Linux box running RH 7.0.  On the RH box I have two servers which I want to
> > be seen by the Internet, httpd (80) and sshd (22).  My plan, for now, is to note the current
> > external IP address assigned to the router and contact my network via ssh client or a web
> > browser.  In the future I may sign up for DynDNS or DynDDS to "register" the dynamic IP.

> > I can access these ports from behind the router using the internal addresses.  However, when
> > I try to get in from a computer outside the network using the external IP address, the web
> > browser responds that the server is not responding.

> > I am guessing that some aspect of port filtering or built-in firewall is not allowing the
> > port 80 traffic to be sent to the Linux box.  I have read the manual carefully and section
> > 6-3 "Configuration for Local Servers" is the only one which seems to address this issue.
> > After following its directions, I cannot get an external connection to work.  All three
> > computers can "see" the Internet fine.

> > If you can cc replies to my e-mail address, I would appreciate it.

> > James D. Keeline

> Yes, someone sent me e-mail which helped to spot the trouble.  Since I
> can see the servers behind the router then we can assume that they are
> running.  There are two things to check to make sure that Internet
> traffic reaches the computer behind the router.

> First, use option 15 in the router configuration menu (get there via
> telnet 192.168.0.1).  If you want Secure Shell, FTP, and HTTP to work
> make the table look something like this:

>                            Menu 15 - SUA Server Setup

>                     Port #         IP  Address
>                     ------       ---------------
>                    1.Default       0.0.0.0
>                    2.  0           0.0.0.0
>                    3.  80          192.168.0.4
>                    4.  22          192.168.0.4
>                    5.  0           0.0.0.0
>                    6.  21          192.168.0.4
>                    7.  0           0.0.0.0
>                    8.  0           0.0.0.0
>                    9.  0           0.0.0.0
>                   10.  0           0.0.0.0
>                   11.  0           0.0.0.0
>                   12.  1026        RR Reserved

>                     Press ENTER to Confirm or ESC to Cancel:

> Port 22 is ssh and 21 and 80 are FTP and HTTP.  The IP address is the
> internal address where the server is located.  I have found that this
> does not change as long as there isn't another hub or switch for more
> than four computers.

> Next, and this is the part that got me, you need to go into the filter
> configuration (menu item 21) and modify the 3rd filter so it looks like
> this:

>                         Menu 21.3 - Filter Rules Summary

>  # A Type                       Filter Rules                              M m n
>  - - ---- --------------------------------------------------------------- - - -
>  1 Y IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23                             N D F
>  2 N IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21                             N D N
>  3 N IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80                             N D F
>  4 N
>  5 N
>  6 N

> Note the settings in the "A" column and the "n" column.  A "Y" in the "A"
> column will block traffic from that port.  In this case, we don't want to
> let port 23 (telnet) traffic to come through via the Internet.  Many hacks
> come through telnet access.  Ports 21 (FTP) and 80 (HTTP) were blocked but
> I changed them to no block in the "A" column.

> The "F" in the "n" column indicates that the traffic should be "forwarded"
> as defined in the routing table.  I don't know why port 23 has this setting
> since it is blocked by the filter but it works and I can't telnet in from
> outside the router but I can do so behind the router so this is ok.

> To test this, I had to telnet to an external account I have and use its
> telnet client to go back into my system.  I had a little difficulty finding
> the temporary IP address assigned to my DSL modem.  The way I use right now
> is to use menu option 24 (System Maintenance) and then menu option 1 for
> System Status:

>                      Menu 24.1 - System Maintenance - Status

> Port   Status        TxPkts      RxPkts    Cols    Tx B/s    Rx B/s     Up Time
>  WAN     PacBell     334814      424392       0         0         0     3:03:21
>  LAN   100M/Full     440577      343019       0       250        92    70:02:56

> Port   Ethernet Address        IP Address           IP Mask       DHCP
>  WAN  00:a0:c5:e3:79:57    63.204.107.194   255.255.255.255       None
>  LAN  00:a0:c5:e3:79:56       192.168.0.1     255.255.255.0     Server

>      System up Time:    70:03:02

>      Name: pacbell.net.keeline.com
>      Routing: IP
>      RAS F/W Version: V3.20(CA.0) | 6/28/2000

> The WAN IP address (63.204.107.194) is what I have at this moment.  That IP
> has been up for a little more than 3 hours, suggesting that it changes fairly
> frequently.  Meanwhile it has been some 70 hours since I reset the router.

> The router can be configured to use DynDNS or DynDDS accounts and I may do
> this in the future.  The idea here is that a signal is sent every 10 mins
> or so to update the current dynamic IP address.  Traffic to your account
> with one of these services is routed to the current dynamic IP.  I don't
> know if there is a fee for the subscription to this service.  It isn't a
> replacement for a real server but it is good for practice and development.

> I hope this helps others.

> James

--
Message sent VIA Followup and E-Mail --

--
****   Please remove the NO.SPAM when replying   ****

 
 
 

1. """"""""My SoundBlast 16 pnp isn't up yet""""""""""""

My machine: P166+mmx, 32mb ram, 4gb HD with Win95 and Win NT 4.0 and
redhat5.1 co-existed in different partitions.

I issued "sndconfig" within a xterm inside X Window, The program
detects the SB 16 pnp card sets it up with no error message, but when
it launch ModProbe to test out, it gets a message states: An error was
encountered running the ModProbe program."  I tried different IRQ
settings, all ends with the same message.

2nd, When I try to mount /dev/cdrom from File Systerm Manager, the
following error is returned:  Can't find /dev/hdb in /etc/mtab or
/etc/fstab.

3nd, When my machine boots, it halts at "Sendmail" for about 3-5 mins
before it goes to next step.  Obviously there isn't any mail system on
the machine right now because it is a standalone.  How can take this
mail thing out and speed up booting?

last one, Is my Zoom 56k PCI FaxModem a Windmodem that Linux can't use
to connect me to my local isp?

Experts help me out please. thanks.

2. E-mail question

3. GETSERVBYNAME()????????????????????"""""""""""""

4. problems with rsync

5. how is the packet been "seen" by (web) servers?

6. Memory File System?

7. Netgear RT314 / one ip/ two web servers

8. Compiling Sendmail 8.7.1

9. "talk" and "write" problems outside node...

10. make sees "makefile" not "Makefile"

11. Type "(", ")" and "{", "}" in X...

12. "Cisco's and RPC", or "Booting suns from off-subnet servers"

13. "client" & "server" versions -- what's the diff?