Web Server not allowing external visitors
From: Gav.... (ipv6guru_at_bigpond.net.au)
Date: Tue, 24 Jun 2003 21:58:47 +0800 To: email@example.com
Subject says it all really, what good is a website if only I can view it?
Ok, brief history of problem and setup details, I'm sure I'll leave
something out you need.
I had 3 computers all run MS and Apache2 Web Server was on the main one
connecting to the net via ADSL and using dyndns.org client to update the
dynamic IP address. No probs.
I then decide to change my setup and add a FreeBSD Router/Firewall .and. a
separate (NT) Web Server.
I installed my dns update client onto the new web server , enabled NATd (am
connected via PPPoA/E) , enabled port_forward tcp rules on port 80 to point
to this Web Server machine. I also tried IPFW rules etc etc and could not
get the outside world to connect. I thought I would instead put the Web
Server (until I know better) onto the FreeBSD router machine.
Still no go, All my internal machines can - by typing in the registered
domain names, access the web server ok, the Apache Test page comes up ok. So
by typing in www:mysite:com I get the sites ok. This I don't really
understand. Surely my other computers must be going to the external www ,
getting the domain name resolved, getting the dynamic IP address allocated
to me , and then coming back to my FreeBSD router where it gets served the
web site. So why can't anyone else now access it.??
I'd love to give you a url to test it but this is a public forum and my
router is still not very secure at the moment, however I do have trusted
people testing it for me regularly.
Now , settings I think of relevance (having tried all sorts of setups using
different techniques , I may have mixed up some settings and probably have a
cocktail of settings) are (syntax copied exactly) :-
firewall_type="OPEN" // (Yes I know but whilst testing!)
#hostname="mydomain" // I left this commented out for now ?
There are other settings in this file of course but felt only the above
relevant to this post.
//above values changed!
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via tun0
/sbin/ipfw add divert natd tcp from 192.168.0.2 80 to any
/sbin/ipfw add divert natd tcp from any to 192.168.0.2 80
/sbin/ipfw add divert natd tcp from any to 192.168.2.1 80
/sbin/ipfw add divert natd tcp from 192.168.2.1 80 to any
/sbin/ipfw add pass all from any to any
// temporary measure again.
// 192.168.0.2 is on ed0 card going to internal network
//192.168.2.1 is on ed2 card going to another network (eventually web server
At this point I'd like to mention something in my ifconfig readout.
Now, ed0 ed2 lp0 ppp0 seem to me to be fine (and must be if internal network
can browse internet etc)
tun0 , although above suggests it is working fine , gives me an unusual
alias address. :-
tun0: flags=8051(UP,POINTTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 14x1xx.xxx.xxx --> 172.31.22.152 netmask 0xffffff00.
Ok, I've masked my ISP assig ed IP address for now as it is semi-permanent,
but why has it aliased with a Class C
internal IP address, when all my network is Class B 192.x.x.x addresses ,
can this be the cause of why external visitors can not access my sites.???
What other information do you need ???
Thanks in advance , speedy help is appreciated as a family member has
trusted me to host his personal website and he cant get on it :(
--- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003 _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "email@example.com"