Routing problem? What is it?

22/02/2005, 00h59

I'm running Fedora 2 + Apache 2. The server has two NICs going to two
different networks, one is 192.168.0.10 and the other is 10.0.0.10. The
192.168.0.10 card connects to my DSL router, which interfaces with the
public. The 10.0.0.10 connects to an internal LAN.

To add to this, my ISP is blocking port 80, meaning I had to configure
Apache to run on another port. I've put it at port 82 instead. On my
router I've configured all traffic to port 82 be routed to this web server.

I've also mapped a domain name test123.com to my public IP, which is
111.222.111.222 (made up).

Now, when I type in http://111.222.111.222:82/ I'm getting a browser time
out. However when I type in http://192.168.0.10:82/ it is responding. The
funny thing is, http://111.222.111.222:82/ has worked before, but
sporadically. I've also tried going to http://111.222.111.222:82/ from
within the web server and it's timing out there as well.

In http.conf I have this:
Listen *:82

So my question is, why is this happening? I'm not able to figure this out
as there are no error logs anywhere to look at. Could it be that the web
server is trying to route packets back out via the 10.0.0.x network instead?
I remember before I added that second IP, it used to work.

22/02/2005, 03h50

On Mon, 21 Feb 2005 16:59:26 -0800, Shabam <chalupa@yomama-nospam.com> wrote:
> I'm running Fedora 2 + Apache 2. The server has two NICs going to two
> different networks, one is 192.168.0.10 and the other is 10.0.0.10. The
> 192.168.0.10 card connects to my DSL router, which interfaces with the
> public. The 10.0.0.10 connects to an internal LAN.
>
> To add to this, my ISP is blocking port 80, meaning I had to configure
> Apache to run on another port. I've put it at port 82 instead. On my
> router I've configured all traffic to port 82 be routed to this web server.
>
> I've also mapped a domain name test123.com to my public IP, which is
> 111.222.111.222 (made up).
>
> Now, when I type in http://111.222.111.222:82/ I'm getting a browser time
> out. However when I type in http://192.168.0.10:82/ it is responding. The
> funny thing is, http://111.222.111.222:82/ has worked before, but
> sporadically. I've also tried going to http://111.222.111.222:82/ from
> within the web server and it's timing out there as well.

"type in" from where? What mfr/model router? Many routers do not do
loopback (LAN2LAN via WAN IP). You should test it from an internet host,
or dialup PPP from PC NOT on your LAN.

> In http.conf I have this:
> Listen *:82
>
> So my question is, why is this happening? I'm not able to figure this out
> as there are no error logs anywhere to look at. Could it be that the web
> server is trying to route packets back out via the 10.0.0.x network instead?
> I remember before I added that second IP, it used to work.

Check output of /sbin/route -n
The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local).
Server itself should not have any other route on that interface.

I assume you are masquerading 10.0.0.x network, if you can access the
internet from that LAN. Maybe something is not quite right with your
iptables rules (is it configured to any IP into destination port 82?).

22/02/2005, 05h02

> "type in" from where? What mfr/model router? Many routers do not do
> loopback (LAN2LAN via WAN IP). You should test it from an internet host,
> or dialup PPP from PC NOT on your LAN.

It's not working outside either. I've checked.

> Check output of /sbin/route -n
> The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local).
> Server itself should not have any other route on that interface.
>
> I assume you are masquerading 10.0.0.x network, if you can access the
> internet from that LAN. Maybe something is not quite right with your
> iptables rules (is it configured to any IP into destination port 82?).

The 10.0.0.x network is used purely for an internal server share, not for my
internet access. I use the 192.168.0.x network for that. Therefore there's
no masquerading going on in the 10.0.0.x network. IPTables has nothing to
do with the issue either.

Here's the output of route -n:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

24/02/2005, 18h57

On Mon, 21 Feb 2005 21:02:10 -0800, Shabam <chalupa@yomama-nospam.com> wrote:
>> "type in" from where? What mfr/model router? Many routers do not do
>> loopback (LAN2LAN via WAN IP). You should test it from an internet host,
>> or dialup PPP from PC NOT on your LAN.
>
> It's not working outside either. I've checked.

If nothing is mentioned in your apache logs, it appears to not be reaching
that server. If you are sure that you properly forwarded port 82 in your
router to 192.168.0.10, and router logs do not mention unauthorized access
for that port, the only other thing I can think of is that there may be a
default firewall you are not aware of. Check output of:

iptables -L -n

22/02/2005, 00h59	#1
Shabam Messages: n/a Hébergeur:	Routing problem? What is it? I'm running Fedora 2 + Apache 2. The server has two NICs going to two different networks, one is 192.168.0.10 and the other is 10.0.0.10. The 192.168.0.10 card connects to my DSL router, which interfaces with the public. The 10.0.0.10 connects to an internal LAN. To add to this, my ISP is blocking port 80, meaning I had to configure Apache to run on another port. I've put it at port 82 instead. On my router I've configured all traffic to port 82 be routed to this web server. I've also mapped a domain name test123.com to my public IP, which is 111.222.111.222 (made up). Now, when I type in http://111.222.111.222:82/ I'm getting a browser time out. However when I type in http://192.168.0.10:82/ it is responding. The funny thing is, http://111.222.111.222:82/ has worked before, but sporadically. I've also tried going to http://111.222.111.222:82/ from within the web server and it's timing out there as well. In http.conf I have this: Listen *:82 So my question is, why is this happening? I'm not able to figure this out as there are no error logs anywhere to look at. Could it be that the web server is trying to route packets back out via the 10.0.0.x network instead? I remember before I added that second IP, it used to work.

22/02/2005, 03h50	#2
David Efflandt Messages: n/a Hébergeur:	Re: Routing problem? What is it? On Mon, 21 Feb 2005 16:59:26 -0800, Shabam <chalupa@yomama-nospam.com> wrote: > I'm running Fedora 2 + Apache 2. The server has two NICs going to two > different networks, one is 192.168.0.10 and the other is 10.0.0.10. The > 192.168.0.10 card connects to my DSL router, which interfaces with the > public. The 10.0.0.10 connects to an internal LAN. > > To add to this, my ISP is blocking port 80, meaning I had to configure > Apache to run on another port. I've put it at port 82 instead. On my > router I've configured all traffic to port 82 be routed to this web server. > > I've also mapped a domain name test123.com to my public IP, which is > 111.222.111.222 (made up). > > Now, when I type in http://111.222.111.222:82/ I'm getting a browser time > out. However when I type in http://192.168.0.10:82/ it is responding. The > funny thing is, http://111.222.111.222:82/ has worked before, but > sporadically. I've also tried going to http://111.222.111.222:82/ from > within the web server and it's timing out there as well. "type in" from where? What mfr/model router? Many routers do not do loopback (LAN2LAN via WAN IP). You should test it from an internet host, or dialup PPP from PC NOT on your LAN. > In http.conf I have this: > Listen *:82 > > So my question is, why is this happening? I'm not able to figure this out > as there are no error logs anywhere to look at. Could it be that the web > server is trying to route packets back out via the 10.0.0.x network instead? > I remember before I added that second IP, it used to work. Check output of /sbin/route -n The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local). Server itself should not have any other route on that interface. I assume you are masquerading 10.0.0.x network, if you can access the internet from that LAN. Maybe something is not quite right with your iptables rules (is it configured to any IP into destination port 82?).

22/02/2005, 05h02	#3
Shabam Messages: n/a Hébergeur:	Re: Routing problem? What is it? > "type in" from where? What mfr/model router? Many routers do not do > loopback (LAN2LAN via WAN IP). You should test it from an internet host, > or dialup PPP from PC NOT on your LAN. It's not working outside either. I've checked. > Check output of /sbin/route -n > The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local). > Server itself should not have any other route on that interface. > > I assume you are masquerading 10.0.0.x network, if you can access the > internet from that LAN. Maybe something is not quite right with your > iptables rules (is it configured to any IP into destination port 82?). The 10.0.0.x network is used purely for an internal server share, not for my internet access. I use the 192.168.0.x network for that. Therefore there's no masquerading going on in the 10.0.0.x network. IPTables has nothing to do with the issue either. Here's the output of route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

24/02/2005, 18h57	#4
David Efflandt Messages: n/a Hébergeur:	Re: Routing problem? What is it? On Mon, 21 Feb 2005 21:02:10 -0800, Shabam <chalupa@yomama-nospam.com> wrote: >> "type in" from where? What mfr/model router? Many routers do not do >> loopback (LAN2LAN via WAN IP). You should test it from an internet host, >> or dialup PPP from PC NOT on your LAN. > > It's not working outside either. I've checked. If nothing is mentioned in your apache logs, it appears to not be reaching that server. If you are sure that you properly forwarded port 82 in your router to 192.168.0.10, and router logs do not mention unauthorized access for that port, the only other thing I can think of is that there may be a default firewall you are not aware of. Check output of: iptables -L -n

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email