Thanks so far, but I think I have done all and still couldn't connet.
1) I tryed with shorewall clear and still have the sintome.
2) from the internal net it works, so sh-httpd is executed by inetd
3) I realy do not know what to put in host.allow and host.deny
Supose extIP=200.200.200.200/24, I thought
ALL: 192.168.1.
sh-httpd:200.200.200.0/255.255.255.0
should work, and since my revers isn't publick I thought that I
should comment the PARANOID entry from host.deny
4) I still can't connect to port 80. It seams that the poort isn't open
I tryed nmap -sT 200.200.200.200 -p 80 and it doesn't show up as open
5) I can connect thru ssh from 200.200.200.200 to this Bering1.2 router, so
my path/routing are correct
6) It seams for me that inetd (www) is listening only on eth1, and not on
ppp0 (PPPoE over eth0), but couldn't find while.
Can I check after connecting in the router if inetd is listening on the
ppp0-IP at port 80?
Thanks,
Alex
Cópia Jeff Newmiller <[EMAIL PROTECTED]>:
> On Wed, 28 May 2003 [EMAIL PROTECTED] wrote:
>
> > I added a rule alloing net2fw conection on tcp port 80.
> >
> > Added in sh-httpd.conf
> > CLIENT_ADDRS="192.168.1. My.IP.Net."
> > I tryed also to change the SERVER_NAME/ADDR to ppp0_IP
> >
> > In hosts.allow I added
> > sh-httpd: My.IP.Net.0/255.255.255.0
> > I tryed also to uncomment in hosts.deny the PARANOID
> >
> > restarted inetd
>
> inetd doesn't look at hosts.allow, though it usually invokes tcpd
> which
> does. Since tcpd gets re-invoked for every new connection, simply
> editing
> hosts.allow and saving should be enough to activate that change.
>
> >
> > but still can't connect to weblet and no log in shorewall.log.
> >
> > What am I missing to get weblet listen on the external interface (for
> me ppp0) ?
>
> I don't know, but this is what I would check:
>
> a) no firewall blockage: sounds like you have looked through shorewall
> files, but you may not have used "shorewall status" and looked for
> relevant lines in the firewall rules.
>
> b) no port 80 redirection: No DNAT to an internal server. Again,
> checking
> "shorewall status" should confirm this.
>
> Note that a) and b) can be eliminated as potential problem sources if
> you
> "shorewall clear" for testing.
>
> c) /etc/inetd.conf file has appropriate entry to activate weblet:
> www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
>
> d) /etc/hosts.allow has appropriate entry: you have obscured the entry
> above, but it does seem odd that you appear to want to expose it on
> the
> external interface _and not the internal interface_. Why exclude
> internal
> access?
>
> e) sh-httpd is executable:
>
> ------
> # ls -l /usr/sbin/sh-httpd
> -rwxr-xr-x 1 root root 8028 May 27 2001
> /usr/sbin/sh-httpd
> ------
>
> f) confirm that you can connect to it... use telnet from a host in the
> appropriate source network. Note response to attempted connection ...
> this can be a clue to where the problem is.
>
> -------
> $ telnet myrouter 80
> Trying 192.168.0.1...
> Connected to myrouter.my.localnet.
> Escape character is '^]'.
> GET / HTTP/1.0
>
> {http response should start here}
> --------
>
> Remember the extra blank line after you type the GET command.
>
> g) try looking in the logfile (/var/sh-log/sh-httpd.log) for
> indications
> of connection attempts.
>
> ---------------------------------------------------------------------------
> Jeff Newmiller The ..... ..... Go
> Live...
> DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live
> Go...
> Live: OO#.. Dead: OO#..
> Playing
> Research Engineer (Solar/Batteries O.O#. #.O#. with
> /Software/Embedded Controllers) .OO#. .OO#.
> rocks...2k
> ---------------------------------------------------------------------------
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: eBay
> Get office equipment for less on eBay!
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> ------------------------------------------------------------------------
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
