Topic: port forward

[enchesss]

Hi,

The port forwarding settings in the server manager are not working.

The SME is in dedicated server + gateway mode

It has been configured to have access to internet via a bridged modem.

The internet works well and access to internet works for local network

I want to forward incoming traffic for port 9000 to an internal server

This did work before changing gateway to SME Server (when previously just port forwarding via modem)

We used to access by putting the web address http://openworldsproject.info:9000 in the viewers address

The port forwarding settings in the server- manager console are:

Protocol                               tcp
Source Port(s)                       9000
Destination Host IP Address       internal server ip
Destination Port(s)               9000
Rule Comment                       opensim
Allow Hosts                       [left blank - not sure about this]

I can access the apache server via firefox e.g. http://internalip

I can access the via firefox e.g. http://internalip:9000

Am trying to look for errors in logs - but not sure about this

Thanks

Not sure how to do a port scan but the output of the following might show that the ports are not open

netstat -an| grep 0.0.0.0|grep LISTEN|grep :

tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:515                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN     
tcp        0      0 127.0.0.1:139               0.0.0.0:*                   LISTEN     
tcp        0      0 serverip:139            0.0.0.0:*                   LISTEN     
tcp        0      0 serverip:2222           0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN     
tcp        0      0 127.0.0.1:980               0.0.0.0:*                   LISTEN     
tcp        0      0 127.0.0.2:53                0.0.0.0:*                   LISTEN     
tcp        0      0 serverip:53             0.0.0.0:*                   LISTEN     
tcp        0      0 127.0.0.1:3128              0.0.0.0:*                   LISTEN     
tcp        0      0 serverip:3128           0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN     
tcp        0      0 127.0.0.1:26                0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN     
tcp        0      0 0.0.0.0:636                 0.0.0.0:*                   LISTEN



The server manager log files do not show any errors

There is an error in the OpenSim viewer though indicating that port 9000 is not open:

2015-06-30T22:40:14Z WARNING: ll_apr_warn_status: APR: Connection refused
2015-06-30T22:40:14Z WARNING: BaseCapabilitiesComplete::httpFailure: [POST:http://110.175.1.173:9000/CAPS/6b25878a-f804-4148-8ec0-bd19c73ef5440000/] [status:499] [reason:STATUS_EXPIRED] [content:!]

[Daniel B.]

OpenSim does not work internally - but did/ does before changing gateway to SME Server

I think you mean from the outside. But still "doesn't work" is a bit vague. Not enough for us to help you

[janet]

Enchesss

You need to provide more details.
Look in the sme server & second apache server log files to see what error messages (or otherwise) that are recorded around the time you try accessing from an external location.
Remember if you try accessing the second server via the port forward, from behind the sme server, it will not work as port fowarding does not forward internal requests

Also please describe your network arrangement, is your sme server in server & gateway mode & does it act as the firewall for your network, is there any other firewall device between sme server & the Internet, is the service running & open on the second server (it sounds like it may be as you say you can access it using an internal IP/URL) etc etc (anything else pertinent).
You could also provide us with the real world external address (URL) & we could test & check access.

Also have you done a port scan to ensure port 9000 is really open/ accessible, see grc.com.

[enchesss]

Thanks

The SME is in dedicated server gateway mode

Please see modified initial description

[janet]

Enchesss

From a workstation on the LAN (behind the sme server gateway), open a web browser to www.grc.com & perform a port scan.
You will probably need to do a manual scan after nominating that port 9000 (as it is not included in a standard scan). Have both servers operating for this test.

From what you say port 9000 is closed "somewhere".

Also how is that domain configured on sme server eg did you add it to the Domain panel or did you only set up the port forward for that particular address & port in the port forwarding panel ?

[janet]

If I open a browser to
http://openworldsproject.info/
I get

ERRORThe requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://openworldsproject.info/
Read Error
The system returned: (104) Connection reset by peer
An error condition occurred while reading data from the network. Please retry your request.
Your cache administrator is webmaster.
Generated Tue, 30 Jun 2015 23:55:21 GMT by tx22rrpep2gb (hpm/3.0.70.2)


If I open a browser to the IP mentioned in the error message (ie http://110.175.1.173) I get

This web site is under construction

which appears to be a sme server standard ibay index file.

It looks like you have a domain setting that is overriding the port forward setting, or otherwise the port forward is incorrect or not been enabled/instigated.

Do you have any thoughts on this as you know the configuration of your sme server & external DNS records.

[guest22]

Allow Hosts                       [left blank - not sure about this]
[/l]

So that would mean no host is allowed to access the service on that port. Maybe you should try to put  '0.0.0.0' in there for testing purposes only.

I could be wrong.

[enchesss]

Thanks

have attempted your suggestions and still not working - even on the localhost, strange.

Will go back to router for further testing

Will try again soon

[enchesss]

Using the router only without the SME server gateway - the openworldsproject.info:9000 works on an opensim viewer such as kokua

If you want to test it you can log in with

username: guest user

password: sme

Will leave it like this until the port forwarding issue is identified


thanks again

[janet]

enchesss

Will leave it like this until the port forwarding issue is identified

If you revert to an earlier setup, then we cannot really test your non working setup, can we ?

Do you want help or not ?
The faulty system needs to be troubleshooted, not a working system
If you keep changing things then you are just wasting our time.

Did you read my earlier posts & suggestions, what is the outcome ?

[enchesss]

the port scan for

port 9000

at https://www.grc.com

failed


modifying the dns settings to internet servers in the domain settings did not change the outcome - they have been returned to default and are set to resolve locally

the domain settings at crazydomains.com are standard - and have been working without the SME as a gateway

 

So - the problem seems to be my acute lack of knowledge about how to forward ports - using the server-manager

these are the settings in the server manager (that do not work):

Protocol    Source Port(s)    Destination Host IP Address    Destination Port(s)    Allow Hosts    Rule Comment    Action
TCP    9000-9050    internalserverip    9000-9050    0.0.0.0    opensimtcp    Remove
UDP    9000-9050    internalserverip    9000-9050    0.0.0.0    opensimudp    Remove

[janet]

Enchesss

The domain name does not seem to resolve to your sme server.

Can you please temporarily delete all the port forward settings & advise when they are deleted.

I can then test access using the domain name URL.

Thanks

[janet]

Enchesss

The domain name & IP both resolve to

This web site is under construction.

So in the sme server Domains panel have you configured the domain http://openworldsproject.info to point to an ibay or to the Primary ibay ?

[enchesss]

Yes

openworldsproject.info is resolved to the primary ibay - the website has not been installed yet (will do that if/ after the portforwarding issue is sorted)

Can the

openworldsproject.info:9000

resolve to a second server on the lan using port forward?

[janet]

enchesss

You should be able to do a port forward

Go to a command prompt on the sme server & show us the output of
db domains show

Then as a test/experiment, then please setup this portforward

Protocol    TCP
Source Port(s)    9000
Destination Host IP Address   localhost
Destination Port(s)     80
Rule Comment    test1-9000to80
Allow Hosts

click Next & click Add

Then go to a command prompt on the sme server & show us the output of
db portforward_tcp show
db portforward_udp show

Finally then open a browser on a external device & see if
http://openworldsproject.info:9000
resolves to the Primary ibay index file

Let us know the outcome of these tests