access my computer from the web - help please!

[photoworks]

i am trying to access my computer from the web. i have set up apache and on local it works fine :

http://photoworks/fashionbug/

 

however, when trying to access to this link from the intermet (my WAN ip being 82.17.144.113) in using this address : http://82.17.144.113/fashionbug/ , it does not work.

 

When i type ifconfig in konsole, here is what i get :

 

eth0 Link encap:Ethernet HWaddr 00:08:74:97:18:AE

inet6 addr: fe80::208:74ff:fe97:18ae/64 Scope:Link

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:5 errors:0 dropped:0 overruns:0 carrier:5

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 B) TX bytes:378 (378.0 B)

Interrupt:11 Base address:0xec80

 

eth1 Link encap:Ethernet HWaddr 00:02:2D:BC:51:7C

inet addr:192.168.2.13 Bcast:255.255.255.255 Mask:255.255.255.0

inet6 addr: fe80::202:2dff:febc:517c/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:9538 errors:0 dropped:0 overruns:0 frame:0

TX packets:7881 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:7630926 (7.2 Mb) TX bytes:2097963 (2.0 Mb)

Interrupt:5 Base address:0x100

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:1414 errors:0 dropped:0 overruns:0 frame:0

TX packets:1414 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1977407 (1.8 Mb) TX bytes:1977407 (1.8 Mb)

 

sit0 Link encap:IPv6-in-IPv4

inet6 addr: ::192.168.2.13/96 Scope:Compat

inet6 addr: ::127.0.0.1/96 Scope:Unknown

UP RUNNING NOARP MTU:1480 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

 

 

here are below the screen captures of my router configuration :

 

 

 

Could anyone help me please.

[ianw1974]

OK, a few things it could be. First, have you tried accessing just by using the WAN IP address and see if that redirects? Were you at home when you tried this as well? And did it work from home, and not when you tried remotely, eg: at work.

 

I've tried this myself, and have had it blocked, and found it was the ISP. Have you checked they aren't blocking you from running services, such as a web server, etc. For me, I couldn't access using the router WAN IP, even if sat locally, since the ISP was blocking it.

 

I'm assuming the Virtual Server on your router is the equivalent of Port Forwarding, or do you have a Port Forwarding section as well?

 

Also, check port 80 has been opened up in case your firewall rules are blocking it at the router.

[photoworks]

Where do u check if port 80 has been opened

[ianw1974]

I'm not sure on your router, but normally when port forwarding is enabled, the firewall rules are altered accordingly to allow this port inbound. Have you tried running a port scanner on your router to see which ports are open?

[photoworks]

I'm not sure on your router, but normally when port forwarding is enabled, the firewall rules are altered accordingly to allow this port inbound.  Have you tried running a port scanner on your router to see which ports are open?

<{POST_SNAPBACK}>

i do not know where to start.

the actual settings of my router are as seen in the pics i provided above in my original post.

 

What aboout the special application post here :

Edited September 19, 2005 by photoworks

[ianw1974]

Not sure on that screen. I think the virtual server is the equivalent, which looks OK to me, as it redirects port 80 to the machine of your choice.

 

What's under LAN services? Or is that just the IP config of the router?

 

I think you might be OK config wise. Give your ISP a ring and see if they're blocking services on your internet link. It could well be that they won't let you run a web server or any other services unless you subscribe to one of their "business" type links that allow that kind of thing.

[photoworks]

Well, i do not think it is my ISP, since it used to work before.

[ianw1974]

Ah OK. Was it with the same router/firewall and it just stopped working?

[photoworks]

Ah OK.  Was it with the same router/firewall and it just stopped working?

<{POST_SNAPBACK}>

 

yes it was the same router, in the meantime i just had to reinstall mandriva.

[photoworks]

i was wondering one thin about my router configuration. on the router, the IP address is 192.168.2.1, but when i type ifconfig in a linux console on my computer, it tells me the ip address is 192.168.2.13.

 

would not be where the problem comes from ?

 

i tried also to put an ip address in the dmz zone (i tried to put 192.168.2.1 or 192.168.2.13) but it does not work either.

 

Now i am a little baffled by the page "special application settings"

 

i have a field for trigger port, tcp, udp choice,then a public port field, then again a tcp, udp choice and then an Enabled box.

 

What exactly do i have to enter in those fields ?

 

i also have a "virtual server" setting page

 

i tried to enter 192.168.2.13 (private ip) then 80 in private port, choosing tcp and then entering 80 in public port.

 

But then again, it did not work.

[ianw1974]

From your ifconfig here, I'm assuming that the Linux machine has the IP of 192.168.2.13 - as that's how it shows in the ifconfig.

 

You do have ipv6 enabled as well, from the ifconfig, which you could always disable if you prefer, as you're unlikely to be using this. If you want to disable, just add "alias net-pf-10 off" to /etc/modprobe.conf. I'm not sure but it could help to get the machine working correctly, as I've seen networking problems when it's been enabled.

 

What's your router brand/model? If you can let me know, I'll download a manual and have a read on the settings, and see if we can work out what we need to configure up. The Virtual server is the inbound stuff. The other that you just mentioned I'm not sure of, but if I have a read on the product info, I can understand whether we need to use that or not. I have a feeling it's just for something else entirely.

 

Double-check your networking (i'm not sure how at terminal to check the gateway etc), but make sure the gateway is configured for the router IP, and also double-check your DNS entries too, just to make sure.

[uralmasha]

Hi, photoworks!

 

a few remarks while ianw1974 studies the Belkin router manual...

 

have you checked system logs of the router and the host? If the router blocks something, it should (normally) log it somewhere. Mine does (another make, though). Same for the Mandriva.

 

For the router you'll have to find out yourself, and for Marndriva I suggest that you check

/var/log/messages | grep -i drop

or just eye-examine /var/log/messages right after you've failed to access the web page.

 

There may be lines looking like (not exactly as below, but you get the idea)

 

Sep 22 22:50:45 photoworks kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.2.13 DST=224.0.0.251 LEN=6 7 TOS=0x00 PREC=0x00 TTL=255 ID=4 DF PROTO=UDP SPT= DPT=80

 

This indicates that your firewall is blocking incoming traffic from outside...

 

In 2006-version there is also an "interactive firewall" that I couldn't make let the inbound (ssh) traffic trough in other way than disabling it.

 

mind you, I am a newbee.

Edited September 22, 2005 by uralmasha

[photoworks]

From your ifconfig here, I'm assuming that the Linux machine has the IP of 192.168.2.13 - as that's how it shows in the ifconfig.

 

You do have ipv6 enabled as well, from the ifconfig, which you could always disable if you prefer, as you're unlikely to be using this.  If you want to disable, just add "alias net-pf-10 off" to /etc/modprobe.conf.  I'm not sure but it could help to get the machine working correctly, as I've seen networking problems when it's been enabled.

 

What's your router brand/model?  If you can let me know, I'll download a manual and have a read on the settings, and see if we can work out what we need to configure up.  The Virtual server is the inbound stuff.  The other that you just mentioned I'm not sure of, but if I have a read on the product info, I can understand whether we need to use that or not.  I have a feeling it's just for something else entirely.

 

Double-check your networking (i'm not sure how at terminal to check the gateway etc), but make sure the gateway is configured for the router IP, and also double-check your DNS entries too, just to make sure.

<{POST_SNAPBACK}>

here is the link for the doc of my router :

 

belkin router

 

on the other point, where do i have to add "alias net-pf-10 off" in the document /etc/modprobe.conf /etc/modprobe.conf. ?

[photoworks]

In 2006-version there is also an "interactive firewall" that I couldn't make let the inbound (ssh) traffic trough in other way than disabling it.

I think that my firewall i disabled but i am not sure.

Where exactly do you disable it ?

[uralmasha]

Well, the best way to check for you if the firewall is running is to go to Mandriva Control Center and see there what are the options for the Firewall which is called Shorewall.

 

As you will open MCC application anyway, check which level of security you have, could that be it is set to smth like "paranoid" ? If so, set it to "High" (i.e. make it a lower level of security), that should be enough for a personal web-server.

 

These all are in the Security section of MCC, if I remember correctly. You may need to switch to "expert mode" in the MCC menu, to see entries to setup levels of security.

 

As for disabling the "interactive personal firewall", I commented out these lines:

INCLUDE /etc/ifw/start

INCLUDE /etc/ifw/rules

iptables -I INPUT 2 -j Ifw

 

in /etc/shorewall/start . But bear in mind that this is in a cooker (not released yet) version of 2006, thus (1) not applicable to 10.1 that you seem to have (2) off-topic in a non-coocker forum branch.