> Hello, I have DSL with a dynamic IP address. My network has a Netgear RT314 router/switch,
> two Macs and a Linux box running RH 7.0. On the RH box I have two servers which I want to
> be seen by the Internet, httpd (80) and sshd (22). My plan, for now, is to note the current
> external IP address assigned to the router and contact my network via ssh client or a web
> browser. In the future I may sign up for DynDNS or DynDDS to "register" the dynamic IP.
> I can access these ports from behind the router using the internal addresses. However, when
> I try to get in from a computer outside the network using the external IP address, the web
> browser responds that the server is not responding.
> I am guessing that some aspect of port filtering or built-in firewall is not allowing the
> port 80 traffic to be sent to the Linux box. I have read the manual carefully and section
> 6-3 "Configuration for Local Servers" is the only one which seems to address this issue.
> After following its directions, I cannot get an external connection to work. All three
> computers can "see" the Internet fine.
> If you can cc replies to my e-mail address, I would appreciate it.
> James D. Keeline
Yes, someone sent me e-mail which helped to spot the trouble. Since I
can see the servers behind the router then we can assume that they are
running. There are two things to check to make sure that Internet
traffic reaches the computer behind the router.
First, use option 15 in the router configuration menu (get there via
telnet 192.168.0.1). If you want Secure Shell, FTP, and HTTP to work
make the table look something like this:
Menu 15 - SUA Server Setup
Port # IP Address
2. 0 0.0.0.0
3. 80 192.168.0.4
4. 22 192.168.0.4
5. 0 0.0.0.0
6. 21 192.168.0.4
7. 0 0.0.0.0
8. 0 0.0.0.0
9. 0 0.0.0.0
10. 0 0.0.0.0
11. 0 0.0.0.0
12. 1026 RR Reserved
Press ENTER to Confirm or ESC to Cancel:
Port 22 is ssh and 21 and 80 are FTP and HTTP. The IP address is the
internal address where the server is located. I have found that this
does not change as long as there isn't another hub or switch for more
than four computers.
Next, and this is the part that got me, you need to go into the filter
configuration (menu item 21) and modify the 3rd filter so it looks like
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F
2 N IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N
3 N IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D F
Note the settings in the "A" column and the "n" column. A "Y" in the "A"
column will block traffic from that port. In this case, we don't want to
let port 23 (telnet) traffic to come through via the Internet. Many hacks
come through telnet access. Ports 21 (FTP) and 80 (HTTP) were blocked but
I changed them to no block in the "A" column.
The "F" in the "n" column indicates that the traffic should be "forwarded"
as defined in the routing table. I don't know why port 23 has this setting
since it is blocked by the filter but it works and I can't telnet in from
outside the router but I can do so behind the router so this is ok.
To test this, I had to telnet to an external account I have and use its
telnet client to go back into my system. I had a little difficulty finding
the temporary IP address assigned to my DSL modem. The way I use right now
is to use menu option 24 (System Maintenance) and then menu option 1 for
Menu 24.1 - System Maintenance - Status
Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time
WAN PacBell 334814 424392 0 0 0 3:03:21
LAN 100M/Full 440577 343019 0 250 92 70:02:56
Port Ethernet Address IP Address IP Mask DHCP
WAN 00:a0:c5:e3:79:57 188.8.131.52 255.255.255.255 None
LAN 00:a0:c5:e3:79:56 192.168.0.1 255.255.255.0 Server
System up Time: 70:03:02
RAS F/W Version: V3.20(CA.0) | 6/28/2000
The WAN IP address (184.108.40.206) is what I have at this moment. That IP
has been up for a little more than 3 hours, suggesting that it changes fairly
frequently. Meanwhile it has been some 70 hours since I reset the router.
The router can be configured to use DynDNS or DynDDS accounts and I may do
this in the future. The idea here is that a signal is sent every 10 mins
or so to update the current dynamic IP address. Traffic to your account
with one of these services is routed to the current dynamic IP. I don't
know if there is a fee for the subscription to this service. It isn't a
replacement for a real server but it is good for practice and development.
I hope this helps others.