It is strange that I cannot reach the FC2 PC via a Windows PC running on the same LAN by going through the external IP address. Must be some kind of NAT restriction. Can anyone recommend how to get around this?
One way is obviously to use the internal LAN address when on the LAN and use the external router address when accessing the FC2 PC from the outside.
Victor
Matt Frye wrote:
Ditto re TriLUG account. You have to have a third place to test from, otherwise you can't isolate the problem. Re firewalls, yes, it is common and a function of policy. However, as Jeremy Portzer once pointed out, mailicious web sites could just as easily use port 80, (or 443 for that matter) and there plenty of legitimate apps that use non-80 ports.
MPF
On Mon, 23 Aug 2004 13:17:13 -0400, Ken Mink <[EMAIL PROTECTED]> wrote:
This type of a firewall setup is actually fairly common in corporations. It is used to try to slow down trojans and mail relays. Usually all traffic but 80 and 443 is blocked and they go through a proxy.
When I am monkeying with my Apache setup, I like to use my TriLUG shell account as test point. The network setup is a known and very stable(thanks guys), but outside both my home network and my work network. Perfect place to test from.
Ken
On Aug 23, 2004, at 10:53 AM, Matt Frye wrote:
You might want to check whether the LAN of the PC outside your network even allows non-80 ports to be accessed. I've seen at least two cases where someone was trying to access a page on their home web server from their work PC and found out later that their company's firewall was dropping or disallowing all non-port-80 httpd requests.
Matt Frye
On Mon, 23 Aug 2004 10:08:30 -0400, Jeff Groves <[EMAIL PROTECTED]> wrote:
Victor Snesarev wrote:
I know this subject has been discussed to death on the net, but nothing I was able to google up helped.
Here's the network:
---[CableModem]---[d-link 713p router]---[PC IP=196.168.0.122]
PC running FC2 Linux 2.6.5-1.358 and Apache 2.0.49.
I can reach the sample Apache page from a different computer on the same 196.168.0.xxx subnet, but cannot reach it from the outside world using the router's IP address.
httpd.conf is set up to "Listen 8888" and port 8888 is forwarded to 196.168.0.122 by the router.
In fact, I know that outside requests reach the PC because Ethereal shows a short TCP session when I try to reach the PC from outside the router. I compared it to the TCP session from the local home LAN and saw something odd. The TCP handshake from the outside connection looks like this:
Router-to-PC SYN PC-to-Router SYN,ACK Router-to-PC RST (terminate)
A handshake from a local LAN PC completes fine and Apache serves the page.
This almost points to the router, but I am not sure where to go from here.
Just for reference, I am not running iptables or ipchains (I don't think it's even installed) on the Linux box. Apache access_log and error_log do not show any events associated with a connection attempt from outside the local LAN.
Any ideas?
-Victor
The only thing that I can think of (and it's pretty unlikely at best) is that you may have some entry /etc/hosts.deny file that is preventing the connection.
Jeff G.
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
--------------------------------------------- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."--Benjamin Franklin " 'Necessity' is the plea for every infringement of human liberty; it is the argument of tyrants; it is the creed of slaves."--William Pitt
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
