Viva Alexander,
Thanks for your answer.
Please, do NOT send HTML to the list!
Your wish is my command... I couldn't find the option for doing so in Yahoo mail so here I go with my home email...
Is your Fedora machine a router for you or behind a router? Is then SSH and HTTPD running directly connected to the net or behind a router?
Fedora is behind the router. Hence the packet trace showing a source IP on the internet 13.13.13.13 and the destination 192.168.1.1 as port forwarding had already been applied. It may be a bit confusing but my router is not 192.168.1.1... :-) It was the router before I got myself a wireless router switch and it kept using that same IP after that.
You can check which iptables rules are active by issuing the command "iptables -L -v -n". If you run a "service iptables stop" then under default circumstances there should be no rule left and filtering.
Alexander
I didn't really look at the iptables man page but when I try the command you gave me I believe everything seems to be ok and all kinds of traffic should be accepted:
=============================================== [root@somehost root]# iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ===============================================
But nevertheless connects are still not responded too (using tethereal this time as the output is more readable):
=============================================== [root@somehost root]# tethereal -n port 8080 Capturing on eth0 0.000000 13.13.13.13 -> 192.168.1.1 TCP 42443 > 8080 [SYN] Seq=953358288 Ack=0 Win=5840 Len=0 2.994874 13.13.13.13 -> 192.168.1.1 TCP 42443 > 8080 [SYN] Seq=953358288 Ack=0 Win=5840 Len=0 ===============================================
If I stop iptables using the init.d script:
=============================================== [root@somehost root]# /etc/init.d/iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] ===============================================
I still get the same result and no answer to the TCP SYNs. Now, if I try it from inside my network it works fine:
=============================================== [root@somehost root]# tethereal port 8080 Capturing on eth0 0.000000 192.168.1.2 -> 192.168.1.1 TCP 1958 > webcache [SYN] Seq=1296792560 Ack=0 Win=64512 Len=0 0.000142 192.168.1.1 -> 192.168.1.2 TCP webcache > 1958 [SYN, ACK] Seq=947748956 Ack=1296792561 Win=5840 Len=0 0.000328 192.168.1.2 -> 192.168.1.1 TCP 1958 > webcache [ACK] Seq=1296792561 Ack=947748957 Win=64512 Len=0 0.000686 192.168.1.2 -> 192.168.1.1 HTTP GET /ddb/ HTTP/1.1 ... ===============================================
In this set of examples I used HTTP for testing and only change I did to the HTTPD config was adding this virtual host session to the end of httpd.conf:
=============================================== NameVirtualHost 192.168.1.1:8080
<VirtualHost 192.168.1.1:8080> ServerAdmin fabricio.santos@quicknet.nl DocumentRoot /var/www/html/somehost ServerName somehost.homeip.net ServerAlias somehost.homeip.net ErrorLog logs/somehost.homeip.net-error_log CustomLog logs/somehost.homeip.net-access_log common </VirtualHost> ===============================================
And besides I get the same result when using SSH on port 6666. For SSH the only change I did was to add a line in the /etc/init.d/sshd script:
=============================================== OPTIONS="-p 6666" ===============================================
I'm really clueless here... :-/ so thanks in advance for any help.
PS. I hope formating will be ok now... O:-) And sorry for the long email.
-fs
Am So, den 28.03.2004 schrieb Fabrício Santos um 00:41:
Viva Alexander,
Thanks for your answer.
Fedora is behind the router. Hence the packet trace showing a source IP on the internet 13.13.13.13 and the destination 192.168.1.1 as port forwarding had already been applied. It may be a bit confusing but my router is not 192.168.1.1... :-) It was the router before I got myself a wireless router switch and it kept using that same IP after that.
Fedora behind a router ... So it is clear that the router has to forward the ports 6666 and 8080 to the Fedora box. Is that working?
I'm really clueless here... :-/ so thanks in advance for any help.
PS. I hope formating will be ok now... O:-) And sorry for the long email.
Thank you, plain text is perfect. :)
-fs
Alexander
Fedora behind a router ... So it is clear that the router has to forward the ports 6666 and 8080 to the Fedora box. Is that working?
Thanks for your help... I just solved the problem. I was being a bit dumb as there was no default route defined... I had not tried to connect from Fedora to anywhere else other than my local network yet because it is meant to be a server only... :-D LOL When I tried to do a wget to the Internet I got nowhere and "route" showed me the light... :-/ But the annoying thing is the result is similar to a firewall that drops the packets. :-)
Anyway, my interface was set up by DHCP and I'm not sure if the default gateway should also be aquired using this protocol. Obviously this was not the case... For now I have done it manually but if anyone knows a way of automating this task. Otherwise I will just add the "route add default gw 192.168.1.5" at the end of the S10network rc script start section.
Thanks!
-fs
Am So, den 28.03.2004 schrieb Fabrício Santos um 03:09:
Anyway, my interface was set up by DHCP and I'm not sure if the default gateway should also be aquired using this protocol. Obviously this was not the case... For now I have done it manually but if anyone knows a way of automating this task. Otherwise I will just add the "route add default gw 192.168.1.5" at the end of the S10network rc script start section.
GATEWAY is to be set in /etc/sysconfig/network.
Thanks!
-fs
Alexander
There are a bunch of kernel level filtering and routing 'setups' that are disconnected from the firewall (see /proc/sys/net/ipv4/) Including tcp_syscookies etc.