Topic: No replies to any inbound traffic

[DanB35]

tl;dr:  Since replacing my cable modem, I'm getting no response to any incoming connection attempts to my SME server.

I've been running SME 9.0 in server/gateway mode for the last year or so without problems.  I run public-facing web, mail, and other services from there over a cable internet connection with a static IP address.  Last week, possibly as a result of a thunderstorm, my (rented from the cable co) cable modem died, and appears to have taken the WAN port on my motherboard with it.  I swapped motherboards with my FreeNAS server (identical boards--both SuperMicro X9SCL-F with the same BIOS and IPMI firmware), since FreeNAS only needs one LAN port, and the server came up without a problem.

The cable company said they could get a tech out here in 3 days, or I could buy my own cable modem, which (1) would get me a new modem immediately, and (2) would save me rental fees.  Sounded like a good deal.  I bought a SurfBoard SB6141, which from what I can find acts only as a simple bridge.

The cable company (Comcast) says I can't use my static IP address with my own modem unless I can figure out on my own how to configure it (and there's no apparent configuration on my modem), so I reconfigured the SME server to pick up an IP address via DHCP.  It did so, and it and other computers on my LAN are able to access the Internet without problems.  However, no inbound connection succeeds.  A port scan from grc.com on ports 0-1023 shows no response on any port--they're all "stealthed", in grc's terminology.  My server (or something, anyway) responds to pings, but not to TCP connections on any port.

Hoping to narrow down the problem, I plugged my laptop into the modem instead, and ran the port scan.  This time, it came back with most of the ports "closed", rather than "stealthed", and one or two ports open.  It also picked up a completely different IP address--the server was 73.x.x.x, while the laptop picked up 76.x.x.x.  grc.com stated that the 76. address had reverse DNS records, while the 73. one did not (though I don't know if that's relevant at all).

The different response on my laptop puzzles me.  Previously, I was entirely willing to blame this on Comcast; now, I'm wondering if something strange is happening on my SME server.  Is there somewhere I can look in the logs to see if it's dropping/blocking the port scan?

I'm hoping I can figure something out by tomorrow afternoon.  Then, a Comcast tech is coming--if I haven't figured it out by then, I'll have him leave a new modem and reconfigure for my static IP, which should put the system back to the same state it was in before everything happened.

[DanB35]

Perhaps I can focus the question a bit better.  If my server is dropping incoming packets, would that be logged somewhere?  And where, if so?  A tail of /var/log/messages while the port scan is running shows nothing relevant whatsoever (only DHCPREQUEST/DHCPACK for clients, and a couple of php errors related to Horde).

[stephdl]

Not really where i'm the best, but can you see something with whireshark and i guess that either you can increase the log-level or set a dedicated log file to iptables.

See in google 'centos iptables log'

[janet]

DanB35

Did you reconfigure the new modem to be in bridged mode ?

[DanB35]

Everything I can find about the new modem indicates that it only operates in bridged mode.

[DanB35]

Well, the point is now moot.  The cable tech came this afternoon (a day late), put in a new modem, and I'm back up and running with my static IP, and with the appropriate ports open to the outside.  Still not sure why it wouldn't work with my modem (nor why they won't let me use my static IP with my own modem), but at least it's working.