Viva Alexander,

Thanks for your answer.

Please, do NOT send HTML to the list!

Your wish is my command... I couldn't find the option for doing so in Yahoo mail so here I go with my home email...

Is your Fedora machine a router for you or behind a router? Is then SSH and HTTPD running directly connected to the net or behind a router?

Fedora is behind the router. Hence the packet trace showing a source IP on the internet 13.13.13.13 and the destination 192.168.1.1 as port forwarding had already been applied. It may be a bit confusing but my router is not 192.168.1.1... :-) It was the router before I got myself a wireless router switch and it kept using that same IP after that.

You can check which iptables rules are active by issuing the command "iptables -L -v -n". If you run a "service iptables stop" then under default circumstances there should be no rule left and filtering.

Alexander

I didn't really look at the iptables man page but when I try the command you gave me I believe everything seems to be ok and all kinds of traffic should be accepted:

=============================================== [root@somehost root]# iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ===============================================

But nevertheless connects are still not responded too (using tethereal this time as the output is more readable):

=============================================== [root@somehost root]# tethereal -n port 8080 Capturing on eth0 0.000000 13.13.13.13 -> 192.168.1.1 TCP 42443 > 8080 [SYN] Seq=953358288 Ack=0 Win=5840 Len=0 2.994874 13.13.13.13 -> 192.168.1.1 TCP 42443 > 8080 [SYN] Seq=953358288 Ack=0 Win=5840 Len=0 ===============================================

If I stop iptables using the init.d script:

=============================================== [root@somehost root]# /etc/init.d/iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] ===============================================

I still get the same result and no answer to the TCP SYNs. Now, if I try it from inside my network it works fine:

=============================================== [root@somehost root]# tethereal port 8080 Capturing on eth0 0.000000 192.168.1.2 -> 192.168.1.1 TCP 1958 > webcache [SYN] Seq=1296792560 Ack=0 Win=64512 Len=0 0.000142 192.168.1.1 -> 192.168.1.2 TCP webcache > 1958 [SYN, ACK] Seq=947748956 Ack=1296792561 Win=5840 Len=0 0.000328 192.168.1.2 -> 192.168.1.1 TCP 1958 > webcache [ACK] Seq=1296792561 Ack=947748957 Win=64512 Len=0 0.000686 192.168.1.2 -> 192.168.1.1 HTTP GET /ddb/ HTTP/1.1 ... ===============================================

In this set of examples I used HTTP for testing and only change I did to the HTTPD config was adding this virtual host session to the end of httpd.conf:

=============================================== NameVirtualHost 192.168.1.1:8080

<VirtualHost 192.168.1.1:8080> ServerAdmin fabricio.santos@quicknet.nl DocumentRoot /var/www/html/somehost ServerName somehost.homeip.net ServerAlias somehost.homeip.net ErrorLog logs/somehost.homeip.net-error_log CustomLog logs/somehost.homeip.net-access_log common </VirtualHost> ===============================================

And besides I get the same result when using SSH on port 6666. For SSH the only change I did was to add a line in the /etc/init.d/sshd script:

=============================================== OPTIONS="-p 6666" ===============================================

I'm really clueless here... :-/ so thanks in advance for any help.

PS. I hope formating will be ok now... O:-) And sorry for the long email.

-fs