Topic: Network config help

[NickCritten]

I Agree with Khrum, it's probably your winblows firewall.

Also, I hope you are only port forwarding the ports you need to your SME server from the WiFi Router? (80 & 443)

As Pfloor told you before, you shouldn't EVER just forward everything to an SME in Server-Only Mode.

[WACOMalt]

My windows firewall is turned off, and yes, all of the port forwarding (only the ports used for specific services) are being forwarded by my wifi router.

Anyways, I found the issue was with my DHCP settings. I turned DHCP serving off on my router, and on on my server. it was the other way around.

now the only issue is incoming traffic cannot see my website. I have port 80 forwarded to my server, but no go. I was looking in the config settings on SME, and wondered: right now, the gateway IP address is set to 192.168.1.1, which is how I connect to my router (or the gateway in this case... right)

but then, on my router's configuration page, it lists the gateway IP address as something else (and is is able to be inputed by the user as something else)

my router is set to a static IP, which rather than getting the IP settings from the ISP, lets you type stuff in.

anyways, should SME be using THAT gateway IP address?

[NickCritten]

No your SME's Default Gateway should be your router.
Your routers default gateway will be at your ISP.

If you can get on the net, then your routers DG is correct.


OK, Network troubleshooting goes like this.

Step1 - Check LAN
How to test : Ping your router from your SME Server.

Code: [Select]

[root@aquarius ~]# ping -c4 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.720 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.240 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.223 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.199 ms

--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.199/0.345/0.720/0.217 ms, pipe 2
[root@aquarius ~]#


Step2 - Check Routing
How to Test : Ping a known working IP address that is Off-LAN e.g. ping 216.239.59.103 (That's google.com)

Code: [Select]

[root@aquarius ~]# ping -c4 216.239.59.103
PING 216.239.59.103 (216.239.59.103) 56(84) bytes of data.
64 bytes from 216.239.59.103: icmp_seq=0 ttl=247 time=30.9 ms
64 bytes from 216.239.59.103: icmp_seq=1 ttl=247 time=34.9 ms
64 bytes from 216.239.59.103: icmp_seq=2 ttl=247 time=31.9 ms
64 bytes from 216.239.59.103: icmp_seq=3 ttl=247 time=33.3 ms

--- 216.239.59.103 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 30.916/32.796/34.961/1.534 ms, pipe 2
[root@aquarius ~]#


Step3 - Check DNS
How to Test : On your server, do dig www.google.com

Code: [Select]

[root@aquarius ~]# dig www.google.com

; <<>> DiG 9.2.4 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14879
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         524500  IN      CNAME   www.l.google.com.
www.l.google.com.       300     IN      A       216.239.59.104
www.l.google.com.       300     IN      A       216.239.59.103
www.l.google.com.       300     IN      A       216.239.59.147
www.l.google.com.       300     IN      A       216.239.59.99

;; Query time: 318 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 14 19:43:19 2007
;; MSG SIZE  rcvd: 116

[root@aquarius ~]#



If the above three work then there is no problem with the setup on your internal network.


Next you need to troubleshoot your incoming connection.

Step 1 - Verify your Public IP Address
Go to http://www.whatismyip.com

Step 2 - Verify your Public DNS records.
Go to http://www.dnsstuff.com
Scroll down and put your FQDN into the DNS Lookup Tool.
If the IP address that is being resolved does not match your public IP address then your DNS setup needs fixing.


Test the above, then come back if you still aren't getting anywhere.

[NickCritten]

Assuming that your LAN tests Ok and your DNS Records are OK then your firewall isn't configured correctly:

Code: [Select]

[root@aquarius ~]# dig www.wacomalt.com

; <<>> DiG 9.2.4 <<>> www.wacomalt.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.wacomalt.com.              IN      A

;; ANSWER SECTION:
www.wacomalt.com.       1776    IN      A       68.202.60.164

;; Query time: 13 msec
;; SERVER: 192.168.30.1#53(192.168.30.1)
;; WHEN: Wed Feb 14 20:03:45 2007
;; MSG SIZE  rcvd: 50

[root@aquarius ~]# nmap 68.202.60.164

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-02-14 20:04 GMT
All 1660 scanned ports on 164-60.202-68.tampabay.res.rr.com (68.202.60.164) are: filtered

Nmap run completed -- 1 IP address (1 host up) scanned in 243.889 seconds
[root@aquarius ~]#


[WACOMalt]

wll all of the server side tests went propperly, there were a couple fails on the DNS test though. My external IP is configured correctly with my DNS settings.

http://www.dnsstuff.com/tools/dnsreport.ch?domain=wacomalt.com

what should I check on my firewall? I have the propper ports forwarded... but just to check.. could someone list all the ports that should be forwarded?

[NickCritten]

Please see my previous post.

If your public IP address truly is 68.202.60.164, then your firewall is incorrectly configured and is not forwarding the ports to your server properly.

Either that or your ISP is blocking you.

For a standard Website you should have only TCP Port 80 forwarded to your Server.
TCP Port 443 is also required if you have secure pages (i.e. https://)

[WACOMalt]

is there any way I can check if my ISP is blocking me? all of the ports are correct, I have triple checked that. However this is the exact same ISP and exact same connection I had last time the server was working.

[NickCritten]

Try Opening TCP Port 5800 (That's usually used for VNC) and forward it to your servers port 80.

Your ISP Definitely shouldn't be blocking that.

I'll check from here once you've done that

[WACOMalt]

Try Opening TCP Port 5800 (That's usually used for VNC) and forward it to your servers port 80.

Your ISP Definitely shouldn't be blocking that.

I'll check from here once you've done that

hmm. I actually have VNC setup on my windows PC, but I will try this anyways.

um.. how do I make it take 5800 and go to 80? would that be starting port of  5800 then ending port of 80?


wait.. should all of this be under port "triggering" rather than forwarding?

[NickCritten]

hmm. I actually have VNC setup on my windows PC, but I will try this anyways.

That doesn't matter, your PC doesn't come into the equation in this instance.

um.. how do I make it take 5800 and go to 80? would that be starting port of  5800 then ending port of 80?

It sounds like you need to do some reading of your Firewalls manual..

You are forwarding External Source port TCP 5800 (ANY IP) to Inside Destination TCP Port 80 (SME Server Internal IP - i.e. 192.168.whatever)

wait.. should all of this be under port "triggering" rather than forwarding?

Port triggering sounds like setup you'd need to run non-passive FTP and the like - if you are running a web server, don't worry about it.

I have come across Broadband routers that have separate sections for Port Forwarding and Firewalling, so if yours is like that, then you may have to open the firewall port AS WELL AS doing the port forwarding.