Serving webpages from home: no access frm internal network
I have just moved on to adsl, and have started experimenting with a webserver on my machine, using Dynamic IP's. It seems to work fine. I can access the website, external users can access my web page from the internet, but I can't get my internal network to access the page; nor can I ping the website from the network machines ( I have a masqueraded network with 4 windows pcs). this must be something with SuSEfirewall2. I have tried various options, but nothing really works. This is the configuration I use: domain FW_SERVICES_EXT_TCP="www 80" # Common: domain FW_SERVICES_EXT_UDP="www 80" # Common: domain # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="" # # Common: smtp domain FW_SERVICES_DMZ_TCP="" # Common: domain FW_SERVICES_DMZ_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_IP="" # # Common: ssh smtp domain FW_SERVICES_INT_TCP="www 80" # Common: domain syslog FW_SERVICES_INT_UDP="www 80" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_IP="" Can anyone help? Thanks. fxf -- _______________________ Courtesy of SuSE Linux AIM fyxyf
On Sun, Jan 13, 2002 at 04:09:25PM +0100, FX Fraipont wrote:
I have just moved on to adsl, and have started experimenting with a webserver on my machine, using Dynamic IP's.
It seems to work fine. I can access the website, external users can access my web page from the internet, but I can't get my internal network to access the page; nor can I ping the website from the network machines ( I have a masqueraded network with 4 windows pcs).
this must be something with SuSEfirewall2. I have tried various options, but nothing really works.
I'm not sure if this is your problem, but... The IP address used by the outside world to access your web server is not the same one you need to use to access the server from your internal network. Your ISP assigns one of its IP addresses to the network interface (on your Linux box) used to connect you to the internet. Your Linux box is acting as a gateway/router to the machines on your internal network and is reached via an internal IP address, something like 192.168.0.1. This is the address your four Windows systems use as the gateway IP in their network configuration. Try using the that same IP address to reach your web server from the Windows machines on your internal network. -- ____________________________________________________________________ Robert Paulsen paulsen@texas.net
I'm not sure if this is your problem, but...
The IP address used by the outside world to access your web server is not the same one you need to use to access the server from your internal network.
Your ISP assigns one of its IP addresses to the network interface (on your Linux box) used to connect you to the internet. Your Linux box is acting as a gateway/router to the machines on your internal network and is reached via an internal IP address, something like 192.168.0.1. This is the address your four Windows systems use as the gateway IP in their network configuration. Try using the that same IP address to reach your web server from the Windows machines on your internal network.
You understand my problem exactly. Indeed, if I point the browser on any internal network machine to the IP of my machine (server/firewall/router: 192.168.0.99), I can access my website. But I don't understand why the request from these internal network machines don't get masqueraded, reach www.dyndns.org, and are redirected to the current Ip of my machine. Shouldn't it work like this? Thanks FX -- _______________________ Courtesy of SuSE Linux AIM fyxyf
This is the firewall which is blocking it. This is anti-spoofing. The previous suggestion of
mine for the custom rule is the only one which I now of to allow this. The only alternative
to this which I can think of is to setup a second machine which is connected to the
internet, have it at as your primary gateway to the Internet for your internal network, and
then this will masquerade all of your internal network and they will be able to reach the
web server.
I would love if someone else could provide anothere means of handling this. I have a
problem even with the rule I setup. I cannot access a chat applet on my external facing
IP from my internal network. It is running on port 6000 and the firewall blocks it with anti-
spoofing rules.
Jim
01/13/02 10:22:57 AM, FX Fraipont
I'm not sure if this is your problem, but...
The IP address used by the outside world to access your web server is not the same one you need to use to access the server from your internal network.
Your ISP assigns one of its IP addresses to the network interface (on your Linux box) used to connect you to the internet. Your Linux box is acting as a gateway/router to the machines on your internal network and is reached via an internal IP address, something like 192.168.0.1. This is the address your four Windows systems use as the gateway IP in their network configuration. Try using the that same IP address to reach your web server from the Windows machines on your internal network.
You understand my problem exactly.
Indeed, if I point the browser on any internal network machine to the IP of my machine (server/firewall/router: 192.168.0.99), I can access my website.
But I don't understand why the request from these internal network machines don't get masqueraded, reach www.dyndns.org, and are redirected to the current Ip of my machine. Shouldn't it work like this?
Thanks
FX
-- _______________________ Courtesy of SuSE Linux AIM fyxyf
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
I assume that you are trying to allow your external users to see the web site using the
external facing IP address (the Dynamic IP), or using a URL which is pointing to this IP.
In that case you need to add the following line just before true in the
fw_custom_before_anti_spoofing() section of the firewall2-custom.rc.config file:
iptables -A INPUT -i
I have just moved on to adsl, and have started experimenting with a webserver on my machine, using Dynamic IP's.
It seems to work fine. I can access the website, external users can access my web page from the internet, but I can't get my internal network to access the page; nor can I ping the website from the network machines ( I have a masqueraded network with 4 windows pcs).
this must be something with SuSEfirewall2. I have tried various options, but nothing really works.
This is the configuration I use:
domain FW_SERVICES_EXT_TCP="www 80" # Common: domain FW_SERVICES_EXT_UDP="www 80" # Common: domain # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="" # # Common: smtp domain FW_SERVICES_DMZ_TCP="" # Common: domain FW_SERVICES_DMZ_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_IP="" # # Common: ssh smtp domain FW_SERVICES_INT_TCP="www 80" # Common: domain syslog FW_SERVICES_INT_UDP="www 80" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_IP=""
Can anyone help?
Thanks.
fxf
-- _______________________ Courtesy of SuSE Linux AIM fyxyf
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
James Bliss wrote:
I assume that you are trying to allow your external users to see the web site using the external facing IP address (the Dynamic IP), or using a URL which is pointing to this IP. In that case you need to add the following line just before true in the fw_custom_before_anti_spoofing() section of the firewall2-custom.rc.config file:
iptables -A INPUT -i
-d <dynamic IP address> -j ACCEPT The one problem with this is if you IP address changes you must modify this rule and restart the firewall. But, more likely than not, if you keep you machine on all of the time your IP address will rarely, if ever change. I know that my cable modem IP has not changed, with the exception of the ATT / Excite boon doggle.
Thanks, Jim. My address does change, even when I leave my machine on all the time. So I guess your IPtable rule just won't work since Dyndns makes sure my website is reachable even when the address changes. Thanks anyway fx -- _______________________ Courtesy of SuSE Linux AIM fyxyf
participants (3)
-
FX Fraipont -
James Bliss -
Robert C. Paulsen Jr.