Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: paologiusti on September 06, 2005, 01:28:32 AM
-
I think I'm missing something (very stupid I think)
I have a server and gateway SME with a dedicated connection and a static IP. It also serves as a DHCP for the internal lan. On this private lan there is another server (not a SME, another Linux box as 10.10.100.1) on which I need to reach some services. One is ssh,and another is a web service running on port 9001. For the ssh I configured sshd to reply on port 49152 (on the 10.10.100.1 machine). I then used the port forwarding panel to open those ports. The rules are now: source port 49152 Host 10.10.100.1 destination port 49152. The same for port 9001. The connection is always refused. Can someone help me? Off course the ssh client is configured to talk to port 49152 as well. This was working when the setup was as server only and a router in the half with exactly the same rules.
-
The rules are now: source port 49152 Host 10.10.100.1 destination port 49152. The same for port 9001. The connection is always refused.
Where are you connecting to? And where are you connecting from? Port forwarding doesn't work on the local network - you can only test it from the Internet side.
This was working when the setup was as server only and a router in the half with exactly the same rules.
Sorry, I can't understand what you are trying to say here.
-
Thank Charlie, forget to say I'm trying from the outside. From the internet. The second point, the one you don't understand means that I previously tried to install in server only mode with a Netgear router/firewall between the SME and the Internet. Now I only have the SME in server/gateway mode acting as a router (It's directly connected to the ADSL modem).
-
The second point, the one you don't understand means that I previously tried to install in server only mode with a Netgear router/firewall between the SME and the Internet. Now I only have the SME in server/gateway mode acting as a router (It's directly connected to the ADSL modem).
I don't understand how you would have had port forwarding working (with exactly the same rules) in that mode.
Anyway, you have three things that you need to check.
1. Do the services on the other server accept connections from the local network on the ports you are forwarding?
2. Does the port forwarding on the SME server work (actually forward packets correctly)?
3. Do the services on the other server accept connections from the Internet?
If 2 doesn't check out, you should raise a bug report on the Bug tracker (link to the left). I suspect your problem is one of 1 and 3, since port forwarding works for others.
-
Hey paologiusti,
do you know if the ADSL modem is running as a bridge or a router?
If it is in router mode it will "usually" cause a NAT problem with SME.
If you connect a computer directly to the ADSL modem does that computer recieve the public IP address?
Joe
-
Hi CharlieBrady hi Boss_hog,
replying to Charlie:
1) Yes. I can ssh to the other server from within the local lan on the specified port (49152)
2) Honestly I don't know. I tried to tcpdump to see what happens and I 'think' SME does not forward correctly. (any tips to check it better are really welcome because I can't believe it's a bug on SME)
3) Yes. To explain better: with the other configuration, the one with the Netgear in the middle, the rules were set up on the Netgear, not on the SME server. With this kind of setup, I was able to ssh through the Netgear to the other machine, using Internet off course.
Replying to Boss_hog:
I don't know how it's running. I 'think' it's not in router mode because the ISP supplied the access, the ADSL modem AND the router, as well as one static IP for the router and the default gateway (which is the modem). What I did was to take off the router and replace it with the SME, assigning the static IP to it, the default gateway (the modem) and the netmask. This way SME is working correctly, I can log on the webmail and the server-manager interface from here (Italy) to there (Copenhagen).
Thanks for now. Any suggestions welcome.
-
Thanks to everybody.
I found it. It works now !!!!
-
2) Honestly I don't know. I tried to tcpdump to see what happens and I 'think' SME does not forward correctly.
What are you seeing with tcpdump, and what makes you think that SME does not forward correctly?
When you try to connect, are you seeing any iptables packet logs in the SME server logs?
BTW, why aren't you running ssh on the standard port on your internal server? Port forwarding can also do port translation, so you could forward port nnn from the outside to port 22 on the inside.
-
Thanks to everybody.
I found it. It works now !!!!
What was the problem and how did you fix it? Posting details here might help someone else who has a similar problem.
-
Charlie,
Well, you are right regarding the port, I can certainly let sshd on the other machine running on standard port. But this was just an example, since the real services I need to get are different. It was just to make the point clear. Anyway, seems the problem was not the configuration nor SME. When I tried to connect unsuccesfully and opened this topic I was in a Copenhagen hotel. It did not work. Now I'm in my office in Italy and it works perfectly. Don't know why. Should not be a strange configuration of the hotel's ISP, since with tcpdump I was able to see packets(now I don't remember the details but they were there, on the SME server). Thanks alot anyway. If you have any ideas about this strange behaviour I'll be happy to hear.
-
A lot of public or "semi public" places are filtering their outbound trafic so that there is not much more open ways out than port 80 and 443 (and a few others)