Understanding my network

[Dale Dellutri]

On Wed, Aug 29, 2012 at 2:40 PM, Arthur Dent
<misc.lists at blueyonder.co.uk> wrote:
> Hello all,
>
> I am part-way through a bare-metal rebuild of my small home server (it
> was F15, I am rebuilding as F17). This machine serves up my IMAP mail
> with Dovecot and Squirrelmail and hosts my small (mainly static)
> website.
>
> The machine in question sits on my home network at 192.168.2.2. I have
> opened port 993 on the firewall. I have a domain name (let's call it
> example.org) with dyndns.org which points to my IP address (let's call
> that 123.456.789.123) and my router forwards port 993 to 192.168.2.2.
>
> So here's the thing - and I don't remember having this problem with F15
> (or previous):
> I can access my mail using a client on another machine in my network if
> I configure it to use 192.168.2.2, but for my mobile devices I configure
> the email client to point to example.org. If I am outside of my network
> they can access mail fine, but if I am at home and they are connecting
> via my own wi-fi... no joy...
>
> The same by the way is true of SSH. Although I use a non-standard port
> for SSH the principle is the same.
>
> I have obviously messed up or missed out some configuration step, but I
> can't understand where I have gone wrong.
>
> Can anyone help me to fix this?

I assume that your router forwards all of certain port traffic (like port 993)
to 192.168.2.2.  I assume that the server sees that traffic as coming from
the wan, and not the lan.  Therefore, it sounds like it has some restriction
to only accept certain traffic if it doesn't come from the lan.

This could be an iptables rule set up to only accept non-lan addresses,
or a problem with /etc/hosts.deny or /etc/hosts.allow .

Take a look at the output of
  # iptables -nvL
  # cat /etc/hosts.allow
  # cat /etc/hosts.deny

Also, the output of
  # lsof -n -i -P | grep LISTEN
may be interesting.

-- 
Dale Dellutri