Cannot access Red Hat 7.2 from the Internet

Cannot access Red Hat 7.2 from the Internet

Post by Bret » Mon, 04 Feb 2002 06:14:11



I am running a web server (Apache, of course) and FTP server on a
Linux 7.2 box from a DMZ line on a Sonicwall through a Cisco router.

The problem is, I cannot reach the box from outside of my building.  
The entire network inside my building can see the HTTP site and FTP
just fine while *inside* my building by IP and by my remote DNS
Server.

I cannot ping the ip (request timed out), cannot connect through FTP,
cannot connect thought HTTP, cannot connect though another port while
*outside* the building.

The Linux box has two network cards one that goes to the DMZ and the
other is on the internal network.  The IP address that is assigned to
the DMZ line is a resolvable public address.  I have assigned the eth0
(the dmz line) as non-dhcp and assigned it the proper, IP, Subnet
Mask, and Default Gateway Address.

I have turned off ipchains and reset iptables to the default ACCEPT
policy.

I really wanted to blame the Sonicwall and the router. The reason I
think the problem lies within Linux is because I have Apache running
on my windows box and I connected the DMZ line up to it.  I set all
the correct information (ip, subnet, default gateway) and IT WORKED!
It even worked for a few days.

I have checked  /etc/host.allow and /etc/host.deny and the files are
empty.

I have also ran tcpdump and had someone try to get to the http site.
I can see the requests coming in on tcpdump, but they cannot see the
server.

I have searched the groups for many days and found very little that
relates to my experience or situation.  If anyone out there can help
it would be very appreciated.

brett

 
 
 

Cannot access Red Hat 7.2 from the Internet

Post by Simon Matthew » Mon, 04 Feb 2002 07:03:15


The first thing to note is that tcpdump can see packets BEFORE they are
dropped by iptables/ipchains. So I would suggest that you list the rules
(with ipchains, use /sbin/ipchains --list) and make sure that the rules are
what you expect.

Can the linux box ping to hosts on the Internet?


Quote:> I am running a web server (Apache, of course) and FTP server on a
> Linux 7.2 box from a DMZ line on a Sonicwall through a Cisco router.

> The problem is, I cannot reach the box from outside of my building.
> The entire network inside my building can see the HTTP site and FTP
> just fine while *inside* my building by IP and by my remote DNS
> Server.

> I cannot ping the ip (request timed out), cannot connect through FTP,
> cannot connect thought HTTP, cannot connect though another port while
> *outside* the building.

> The Linux box has two network cards one that goes to the DMZ and the
> other is on the internal network.  The IP address that is assigned to
> the DMZ line is a resolvable public address.  I have assigned the eth0
> (the dmz line) as non-dhcp and assigned it the proper, IP, Subnet
> Mask, and Default Gateway Address.

> I have turned off ipchains and reset iptables to the default ACCEPT
> policy.

> I really wanted to blame the Sonicwall and the router. The reason I
> think the problem lies within Linux is because I have Apache running
> on my windows box and I connected the DMZ line up to it.  I set all
> the correct information (ip, subnet, default gateway) and IT WORKED!
> It even worked for a few days.

> I have checked  /etc/host.allow and /etc/host.deny and the files are
> empty.

> I have also ran tcpdump and had someone try to get to the http site.
> I can see the requests coming in on tcpdump, but they cannot see the
> server.

> I have searched the groups for many days and found very little that
> relates to my experience or situation.  If anyone out there can help
> it would be very appreciated.

> brett


 
 
 

Cannot access Red Hat 7.2 from the Internet

Post by Bret » Wed, 06 Feb 2002 02:47:36



> The first thing to note is that tcpdump can see packets BEFORE they are
> dropped by iptables/ipchains. So I would suggest that you list the rules
> (with ipchains, use /sbin/ipchains --list) and make sure that the rules are
> what you expect.

> Can the linux box ping to hosts on the Internet?

Yes I can ping other hosts on the internet.

Here is the out put of /sbin/ipchains -L:

Chain input (policy ACCEPT):
target     prot opt     source           destination           ports
icmp       icmp ------  anywhere         anywhere          any ->  
any
ACCEPT     tcp  ------  xxxxxxxn.org     xxxxxxxn.org      any ->  
any
ACCEPT     tcp  ------  xxxxxxxn.org     xxxxxxxn.org      any ->  
any
ACCEPT     udp  ------  xxxxxxxn.org     xxxxxxxn.org      any ->  
any
ACCEPT     udp  ------  xxxxxxxn.org     xxxxxxxn.org      any ->  
any
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Chain icmp (1 references):
target     prot opt     source                destination          
ports
ACCEPT     all  ------  anywhere             anywhere              n/a

I have two network cards, someone has mentioned that the outgoing
packets could be misdirected to the other network card.  I have set up
a rule in the ipchains that the Srcdev is Eth0 and the DstDev is Eth0.
Are there any changes that i am missing?

If you have any other suggestions or help it would be much
appreciated.



> > I am running a web server (Apache, of course) and FTP server on a
> > Linux 7.2 box from a DMZ line on a Sonicwall through a Cisco router.

> > The problem is, I cannot reach the box from outside of my building.
> > The entire network inside my building can see the HTTP site and FTP
> > just fine while *inside* my building by IP and by my remote DNS
> > Server.

> > I cannot ping the ip (request timed out), cannot connect through FTP,
> > cannot connect thought HTTP, cannot connect though another port while
> > *outside* the building.

> > The Linux box has two network cards one that goes to the DMZ and the
> > other is on the internal network.  The IP address that is assigned to
> > the DMZ line is a resolvable public address.  I have assigned the eth0
> > (the dmz line) as non-dhcp and assigned it the proper, IP, Subnet
> > Mask, and Default Gateway Address.

> > I have turned off ipchains and reset iptables to the default ACCEPT
> > policy.

> > I really wanted to blame the Sonicwall and the router. The reason I
> > think the problem lies within Linux is because I have Apache running
> > on my windows box and I connected the DMZ line up to it.  I set all
> > the correct information (ip, subnet, default gateway) and IT WORKED!
> > It even worked for a few days.

> > I have checked  /etc/host.allow and /etc/host.deny and the files are
> > empty.

> > I have also ran tcpdump and had someone try to get to the http site.
> > I can see the requests coming in on tcpdump, but they cannot see the
> > server.

> > I have searched the groups for many days and found very little that
> > relates to my experience or situation.  If anyone out there can help
> > it would be very appreciated.

> > brett

 
 
 

Cannot access Red Hat 7.2 from the Internet

Post by Simon Matthew » Wed, 06 Feb 2002 14:47:49


someone has mentioned that the outgoing

Quote:> packets could be misdirected to the other network card.  I have set up
> a rule in the ipchains that the Srcdev is Eth0 and the DstDev is Eth0.
> Are there any changes that i am missing?

Not sure what you are saying here. Perhaps you should post the results of:
/sbin/ipchains -l -v -n
/sbin/ipconfig
netstat -rn

Oh, also, how about running tcpdump while you try to ping the machine from
the Internet?

Please don't edit the results as you may be editing out some key
information!

Simon

 
 
 

Cannot access Red Hat 7.2 from the Internet

Post by Brian » Sat, 09 Feb 2002 05:34:43



> I am running a web server (Apache, of course) and FTP server on a
> Linux 7.2 box from a DMZ line on a Sonicwall through a Cisco router.

> The problem is, I cannot reach the box from outside of my building.  
> The entire network inside my building can see the HTTP site and FTP
> just fine while *inside* my building by IP and by my remote DNS
> Server.

> I cannot ping the ip (request timed out), cannot connect through FTP,
> cannot connect thought HTTP, cannot connect though another port while
> *outside* the building.

> The Linux box has two network cards one that goes to the DMZ and the
> other is on the internal network.  The IP address that is assigned to
> the DMZ line is a resolvable public address.  I have assigned the eth0
> (the dmz line) as non-dhcp and assigned it the proper, IP, Subnet
> Mask, and Default Gateway Address.

> I have turned off ipchains and reset iptables to the default ACCEPT
> policy.

> I really wanted to blame the Sonicwall and the router. The reason I
> think the problem lies within Linux is because I have Apache running
> on my windows box and I connected the DMZ line up to it.  I set all
> the correct information (ip, subnet, default gateway) and IT WORKED!
> It even worked for a few days.

> I have checked  /etc/host.allow and /etc/host.deny and the files are
> empty.

> I have also ran tcpdump and had someone try to get to the http site.
> I can see the requests coming in on tcpdump, but they cannot see the
> server.

> I have searched the groups for many days and found very little that
> relates to my experience or situation.  If anyone out there can help
> it would be very appreciated.

> brett

Brett,
I would check your "rules" setup in the sonicwall firewall.  By
default, from the LAN you should be able to get to the DMZ and the
Internet with no problems, but from the WAN, you may not be allowing
FTP, Telnet, Ping, etc from the outside world.


Brian W.

 
 
 

Cannot access Red Hat 7.2 from the Internet

Post by Bret » Thu, 14 Feb 2002 04:00:08




> someone has mentioned that the outgoing
> > packets could be misdirected to the other network card.  I have set up
> > a rule in the ipchains that the Srcdev is Eth0 and the DstDev is Eth0.
> > Are there any changes that i am missing?

> Not sure what you are saying here. Perhaps you should post the results of:
> /sbin/ipchains -l -v -n
> /sbin/ipconfig
> netstat -rn

> Oh, also, how about running tcpdump while you try to ping the machine from
> the Internet?

> Please don't edit the results as you may be editing out some key
> information!

> Simon

Okay here are the results of netstat -rn

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window
irtt Iface
66.89.110.0     0.0.0.0         255.255.255.240 U        40 0        
0 eth0
90.0.0.0        0.0.0.0         255.255.255.0   U        40 0        
0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U        40 0        
0 lo
0.0.0.0         90.0.0.1        0.0.0.0         UG       40 0        
0 eth1
0.0.0.0         66.89.110.1     0.0.0.0         UG       40 0        
0 eth0

Results of ifconfig

eth0      Link encap:Ethernet  HWaddr 00:04:5A:62:16:BD  
          inet addr:66.89.110.13  Bcast:66.89.110.15
Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:1561 dropped:0 overruns:0 carrier:3122
          collisions:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth1      Link encap:Ethernet  HWaddr 00:01:03:DF:C1:CB  
          inet addr:90.0.0.107  Bcast:90.0.0.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
          RX packets:2635315 errors:379 dropped:0 overruns:1 frame:727
          TX packets:294670 errors:0 dropped:0 overruns:0 carrier:46
          collisions:465
          RX bytes:498230384 (475.1 Mb)  TX bytes:155847146 (148.6 Mb)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1837759 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1837759 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:136417587 (130.0 Mb)  TX bytes:136417587 (130.0 Mb)

results of ipchains -L -v -n
(probably pretty unreadable)
Chain input (policy ACCEPT: 3494560 packets, 513884911 bytes):
 pkts bytes target     prot opt    tosa tosx  ifname     mark      
outsize  source                destination           ports
   51 10837 ACCEPT     udp  ------ 0xFF 0x00  *                      
      206.13.28.12         0.0.0.0/0             53 ->   1025:65535
 1344  382K ACCEPT     udp  ------ 0xFF 0x00  *                      
      206.13.31.12         0.0.0.0/0             53 ->   1025:65535
    0     0 ACCEPT     udp  ------ 0xFF 0x00  *                      
      206.13.31.11         0.0.0.0/0             53 ->   1025:65535
 2944  214K icmp       icmp ------ 0xFF 0x00  *                      
      0.0.0.0/0            0.0.0.0/0             * ->   *
    0     0 ACCEPT     tcp  ------ 0xFF 0x00  eth0                    
      66.89.110.13         66.89.110.13          * ->   *
    0     0 ACCEPT     udp  ------ 0xFF 0x00  eth0                    
      66.89.110.13         66.89.110.13          * ->   *
Chain forward (policy ACCEPT: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 2139246 packets, 288851461 bytes):
Chain icmp (1 references):
 pkts bytes target     prot opt    tosa tosx  ifname     mark      
outsize  source                destination           ports
 2944  214K ACCEPT     all  ------ 0xFF 0x00  *                      
      0.0.0.0/0            0.0.0.0/0             n/a

if you can find anything in here that makes linux unviewable from the
internet please let me know.

Thanks

Brett

 
 
 

1. Samba - Red Hat sees Win2k but Win2k cannot see Red Hat 7.2

After installing Red Hat 7.2 I configured Samba. I can mount and browse
shares on a Win2k Pro system on the network. However, the Win2k system
cannot see the Red Hat system.

I can ping the Red Hat system from the Win2k system both by name and IP
address. However, if I search for the Red Hat system from Windows Explorer,
either by name or IP address, it is not found.

I am a Linux novice and have run out of things to check. Any suggestions?

Thanks,

--
Bill

2. xchat 1.2.1 with Slakware7.0

3. Cannot connect to the internet through modem in Red hat 7.2?

4. X-Windows in a telnet session

5. accessing internet thru cable router with Red Hat 7.2

6. rebuilding specific packages

7. cannot play games in linux red hat 7.2

8. zsh/readline: character-search (C-]) just beeps

9. 7.2 Install cannot find Red Hat CD-ROM

10. red hat 7.2 linuxconf cannot be found

11. Configuracion Red Hat 7.2 en red

12. Red Hat 7.1 - Installing Red Hat packages after Red Hat is already installed.

13. Red Hat Linux 6.1 -- My Own DNS Changes Wrecked My Internet Access