Web Server not allowing external visitors

From: Gav.... (ipv6guru_at_bigpond.net.au)
Date: 06/24/03

  • Next message: Kliment Andreev: "ftp mirroring program"
    Date: Tue, 24 Jun 2003 21:58:47 +0800
    To: freebsd-questions@freebsd.org
    
    

    Hi,

    Subject says it all really, what good is a website if only I can view it?

    Ok, brief history of problem and setup details, I'm sure I'll leave
    something out you need.

    I had 3 computers all run MS and Apache2 Web Server was on the main one
    connecting to the net via ADSL and using dyndns.org client to update the
    dynamic IP address. No probs.

    I then decide to change my setup and add a FreeBSD Router/Firewall .and. a
    separate (NT) Web Server.
    I installed my dns update client onto the new web server , enabled NATd (am
    connected via PPPoA/E) , enabled port_forward tcp rules on port 80 to point
    to this Web Server machine. I also tried IPFW rules etc etc and could not
    get the outside world to connect. I thought I would instead put the Web
    Server (until I know better) onto the FreeBSD router machine.

    Still no go, All my internal machines can - by typing in the registered
    domain names, access the web server ok, the Apache Test page comes up ok. So
    by typing in www:mysite:com I get the sites ok. This I don't really
    understand. Surely my other computers must be going to the external www ,
    getting the domain name resolved, getting the dynamic IP address allocated
    to me , and then coming back to my FreeBSD router where it gets served the
    web site. So why can't anyone else now access it.??

    I'd love to give you a url to test it but this is a public forum and my
    router is still not very secure at the moment, however I do have trusted
    people testing it for me regularly.

    Now , settings I think of relevance (having tried all sorts of setups using
    different techniques , I may have mixed up some settings and probably have a
    cocktail of settings) are (syntax copied exactly) :-

    in /etc/rc.conf.

    ppp_nat="YES"
    defaultrouter="NO"
    firewall_enable="YES"
    firewall_type="OPEN" // (Yes I know but whilst testing!)
    natd_enable="YES"
    natd_interface="tun0"
    natd_flags="-f /etc/natd.conf"
    #hostname="mydomain" // I left this commented out for now ?

    There are other settings in this file of course but felt only the above
    relevant to this post.

    in /etc/natd.conf.

    interface tun0
    dynamic yes

    in /etc/resolv.conf

    domain mydomain.com
    nameserver 11.2.333.44
    nameserver 11.2.333.55

    //above values changed!

    in /etc/rc.firewall

    /sbin/ipfw -f flush
    /sbin/ipfw add divert natd all from any to any via tun0
    /sbin/ipfw add divert natd tcp from 192.168.0.2 80 to any
    /sbin/ipfw add divert natd tcp from any to 192.168.0.2 80
    /sbin/ipfw add divert natd tcp from any to 192.168.2.1 80
    /sbin/ipfw add divert natd tcp from 192.168.2.1 80 to any
    /sbin/ipfw add pass all from any to any
    // temporary measure again.

    // 192.168.0.2 is on ed0 card going to internal network
    //192.168.2.1 is on ed2 card going to another network (eventually web server
    proper)

    At this point I'd like to mention something in my ifconfig readout.

    Now, ed0 ed2 lp0 ppp0 seem to me to be fine (and must be if internal network
    can browse internet etc)

    tun0 , although above suggests it is working fine , gives me an unusual
    alias address. :-

    tun0: flags=8051(UP,POINTTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 14x1xx.xxx.xxx --> 172.31.22.152 netmask 0xffffff00.

    Ok, I've masked my ISP assig ed IP address for now as it is semi-permanent,
    but why has it aliased with a Class C
    internal IP address, when all my network is Class B 192.x.x.x addresses ,
    can this be the cause of why external visitors can not access my sites.???

    What other information do you need ???

    Thanks in advance , speedy help is appreciated as a family member has
    trusted me to host his personal website and he cant get on it :(

    Gav...

    ---
    Checked for Viruses (Viri) , Gav...
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
    

  • Next message: Kliment Andreev: "ftp mirroring program"

    Relevant Pages

    • VPN vs SSL client side certificates
      ... I've been asked to setup a web server for a site with security ... One suggestion was to setup a VPN (which I'm reading to mean some IPSEC ... would a simple SSL web server with client ...
      (comp.security.misc)
    • VPN vs SSL client side certificates
      ... I've been asked to setup a web server for a site with security ... One suggestion was to setup a VPN (which I'm reading to mean some IPSEC ... would a simple SSL web server with client ...
      (comp.security.ssh)
    • Re: ADSL Modem/Router Question
      ... > .233 is assigned to the modem/router, the other is for a web server. ... > lan which can use the internet, but also allow his web server to ... integrate a NAT setup with multiple IPs. ... Green is my internal LAN on a LAN subnet and Orange is ...
      (comp.security.firewalls)
    • Re: ATL ISAPI Deployment problem
      ... I found this issue is not related to IIS settings. ... the ISAPI does not work on all the computers without Visual Studio 2005 installed. ... I compared the settings on the target web server and development web server. ...
      (microsoft.public.vc.atl)
    • Re: Server 2003 Anti Virus software?
      ... I want it to work as a web server which hosts client web sites and allows ... POP3 / SMTP access so no need for workstation setup. ...
      (microsoft.public.security)