First, it does not appear that you have tested pcAnywhere with your primary IP address (206.127.76.231). This assumes some significance when I note ...
Second, I *can* ping your primary IP address ... but I cannot ping or traceroute to several of your alternate IP addresses (all the ones I tried). Here is example output for 206.127.77.53:
[EMAIL PROTECTED]:~$ ping 206.127.77.53 PING 206.127.77.53 (206.127.77.53): 56 data bytes
--- 206.127.77.53 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss
[EMAIL PROTECTED]:~$ traceroute 206.127.77.53
traceroute to 206.127.77.53 (206.127.77.53), 30 hops max, 38 byte packets
1 maxwell.comarre.lan (192.168.1.86) 2.003 ms 0.305 ms 0.285 ms
2 adsl-63-198-182-254.dsl.snfc21.pacbell.net (63.198.182.254) 13.246 ms 15.221 ms 19.922 ms
3 dist1-vlan60.snfc21.pbi.net (216.102.187.130) 20.473 ms 17.212 ms 16.250 ms
4 bb2-g8-1.snfc21.pbi.net (216.102.176.194) 16.526 ms 16.767 ms 16.486 ms
5 sl-gw11-sj-3-0.sprintlink.net (144.228.44.49) 18.256 ms 17.382 ms 23.385 ms
6 sl-bb20-sj-8-1.sprintlink.net (144.232.3.137) 16.782 ms 15.860 ms 16.231 ms
7 sl-bb20-tac-11-1.sprintlink.net (144.232.9.214) 34.775 ms 36.766 ms 36.675 ms
8 sl-bb20-sea-8-1.sprintlink.net (144.232.18.42) 109.899 ms 183.186 ms 218.496 ms
9 sl-gw13-sea-0-0-0.sprintlink.net (144.232.6.2) 36.727 ms 34.954 ms 36.678 ms
10 sl-mt-6-0.sprintlink.net (160.81.44.6) 52.743 ms sl-mt-5-0.sprintlink.net (160.81.44.10) 66.063 ms sl-mt-6-0.sprintlink.net (160.81.44.6) 50.737 ms
11 * * *
(A traceroute to your primary address matches this one, except that it arrives at step 11.)
I know you previously said you could ping these other addresses ... but I don't think you were specific as to where you tested this *from*. Can the host that is trying to make the pcAnywhere connection to one of these addresses ping and traceroute to it? In any case, before focusing too tightly on port-forwarding problems, I would make sure you haver routing working (look at the stuff in the SR FAQ that you didn't do for ways to check on the LEAF router's interfaces and routing table).
Beyond that, another oddity ... if I do reverse lookups of two of the addresses, I find that the primary is associated with your domain, but one of the others is associated with a different domain:
[EMAIL PROTECTED]:~$ host 206.127.77.55
Name: train4.msdcomputers.com
Address: 206.127.77.55 [EMAIL PROTECTED]:~$ host 206.127.76.231
Name: blackmountainsoftware.net
Address: 206.127.76.231A quick look at the whois records seems to imply that msdcomputers.com is a different business from you (all the contact-info details differ), though also in Helena. So you might want to double check the accuracy of the additional addresses ...be sure they are the same ones you used in the successful tests of pcAnywhere you previously reported with a Windows server.
One other detail ... since you don't mention which addresses you used in your tests ... you did notice that you failed to port-forward the first extra IP address, right?
In closing, am I right in reading your message to mean that you tested port forwarding to a Web server using your primary IP address, not one of these alternates? But that you have ONLY tested pcAnywhere connections with the alternates? If so, I would stop focusing on port forwarding and start focusing on interface or routing-table problems.
At 03:07 PM 3/12/2003 -0700, Ken Marshall wrote:
Hello!
I've done quite a bit of testing to try to get this to work. But, I still am having no luck! Any help would be greatly appreciated.
As a recap, I am trying to allow a client to "Call Remote" over the Internet by connecting to one of my secondary IP addresses. The workstation behind the firewall is configured to "Wait for Call" from a host. I just can't seem to figure this out!
Here's the scenario:
My ISP has assigned me a primary static IP for my Dachstein LEAF box of 206.127.76.231
I have also been assigned a range of 16 secondary IP addresses 206.127.77.48-63 / 255.255.255.240.
I have 10 workstations behind the firewall using the 192.168.10.0 network. I can get out through the Dach box with absolutely no problems. NAT is working great. Some of the Port Forwarding stuff is working because I have configured the INTERN_WWW_SERVER to point to 192.168.10.100 as a test and I can connect to that web server fine. I have opened the TCP and UDP ports for pcAnywhere (TCP 5631 and UDP 5632) using: EXTERN_UDP_PORT1="0/0 5632 206.127.77.48/28" EXTERN_TCP_PORT0="0/0 5631 206.127.77.48/28"
I then set up the Internal Servers for PortFW using: # Set Additional EXTERN_IPx Addresses EXTERN_IP1=206.127.77.49 EXTERN_IP2=206.127.77.50 EXTERN_IP3=206.127.77.51 EXTERN_IP4=206.127.77.52 EXTERN_IP5=206.127.77.53 EXTERN_IP6=206.127.77.54 EXTERN_IP7=206.127.77.55 EXTERN_IP8=206.127.77.56 EXTERN_IP9=206.127.77.57 EXTERN_IP10=206.127.77.58 EXTERN_IP11=206.127.77.59 EXTERN_IP12=206.127.77.60 EXTERN_IP13=206.127.77.61 EXTERN_IP14=206.127.77.62
INTERN_SERVERS="tcp_${EXTERN_IP2}_5631_192.168.10.50_5631 udp_${EXTERN_IP2}_5632_192.168.10.50_5632 \ tcp_${EXTERN_IP3}_5631_192.168.10.70_5631 udp_${EXTERN_IP3}_5632_192.168.10.70_5632 \ tcp_${EXTERN_IP4}_5631_192.168.10.52_5631 udp_${EXTERN_IP4}_5632_192.168.10.52_5632 \ tcp_${EXTERN_IP5}_5631_192.168.10.53_5631 udp_${EXTERN_IP5}_5632_192.168.10.53_5632 \ tcp_${EXTERN_IP6}_5631_192.168.10.54_5631 udp_${EXTERN_IP6}_5632_192.168.10.54_5632 \ tcp_${EXTERN_IP7}_5631_192.168.10.55_5631 udp_${EXTERN_IP7}_5632_192.168.10.55_5632 \ tcp_${EXTERN_IP8}_5631_192.168.10.71_5631 udp_${EXTERN_IP8}_5632_192.168.10.71_5632"
Here is my current rule set: (I enabled logging on the PortFW entries of the input chain to try to troubleshoot. When a user tries to connect using pcAnywhere, I don't get a log entry, but I do get log entries when users connect to the web server.)
Chain input (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 13 -> * 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 14 -> * 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.10.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.76.231 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.48/28 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.50 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.51 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.52 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.53 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.54 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.55 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.56 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.57 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.58 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.59 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.60 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.61 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.62 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 206.127.77.49 0.0.0.0/0 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 127.0.0.0/8 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 192.168.10.0/24 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 6 468 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 3 696 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 ACCEPT tcp ----l- 0xFF 0x00 eth0 0.0.0.0/0 206.127.77.48/28 * -> 5631 0 0 ACCEPT tcp ----l- 0xFF 0x00 eth0 0.0.0.0/0 206.127.76.231 * -> 80 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 113 1122 1181K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 ACCEPT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 206.127.76.231 * -> 53 0 0 ACCEPT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 206.127.77.48/28 * -> 5632 0 0 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 67 65 14265 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 9 632 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 17 1008 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 161:162 -> * 3530 297K ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain forward (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.50 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.50 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.70 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.70 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.52 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.52 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.53 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.53 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.54 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.54 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.55 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.55 0.0.0.0/0 5632 -> * 0 0 MASQ tcp ------ 0xFF 0x00 * 192.168.10.71 0.0.0.0/0 5631 -> * 0 0 MASQ udp ------ 0xFF 0x00 * 192.168.10.71 0.0.0.0/0 5632 -> * 972 81444 MASQ all ------ 0xFF 0x00 eth0 192.168.10.0/24 0.0.0.0/0 n/a 0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain output (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 5705 2000K fairq all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ------ 0xFF 0x00 eth0 192.168.10.0/24 0.0.0.0/0 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 5705 2000K ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a
Here is the Port Forward Stuff from Weblet: prot localaddr rediraddr lport rport pcnt pref UDP 206.127.77.56 192.168.10.71 5632 5632 10 10 UDP 206.127.77.55 192.168.10.55 5632 5632 10 10 UDP 206.127.77.54 192.168.10.54 5632 5632 10 10 UDP 206.127.77.53 192.168.10.53 5632 5632 10 10 UDP 206.127.77.52 192.168.10.52 5632 5632 10 10 UDP 206.127.77.51 192.168.10.70 5632 5632 10 10 UDP 206.127.77.50 192.168.10.50 5632 5632 10 10 TCP 206.127.77.56 192.168.10.71 5631 5631 10 10 TCP 206.127.77.55 192.168.10.55 5631 5631 10 10 TCP 206.127.77.54 192.168.10.54 5631 5631 10 10 TCP 206.127.77.53 192.168.10.53 5631 5631 10 10 TCP 206.127.77.52 192.168.10.52 5631 5631 10 10 TCP 206.127.77.51 192.168.10.70 5631 5631 10 10 TCP 206.127.77.50 192.168.10.50 5631 5631 10 10 TCP 206.127.76.231 192.168.10.100 80 80 10 10
I know that the INTERN_SERVERS variable is part of the extended scripts. Is there something I have to do to make the extended scripts work on Dach? BTW, this is Dachstein with CD and floppy. The reason I ask is because the standard scripts use the INTERN_WWW_SERVER and that seems to work fine. But, since pcAnywhere is not a standard service, and because I don't want to connect using the primary IP, I have to use the alternate variables.
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
