access my computer from the web - help please!

[photoworks]

But bear in mind that this is in a cooker (not released yet) version of 2006, thus (1) not applicable to 10.1 that you seem to have (2) off-topic in a non-coocker forum branch.

Well, i currently bave mandriva 2005LE, if i am not mistaken.

 

does it apply in my case ?

[photoworks]

Well, the best way to check for you if the firewall is running is to go to Mandriva Control Center and see there what are the options for the Firewall which is called Shorewall.

 

As you will open MCC application anyway, check which level of security you have, could that be it is set to smth like "paranoid" ? If so, set it to "High" (i.e. make it a lower level of security), that should be enough for a personal web-server.

 

These all are in the Security section of MCC, if I remember correctly. You may need to switch to "expert mode" in the MCC menu, to see entries to setup levels of security.

 

As for disabling the "interactive personal firewall", I commented out these lines:

INCLUDE /etc/ifw/start

INCLUDE /etc/ifw/rules

iptables -I INPUT 2 -j Ifw

 

in /etc/shorewall/start . But bear in mind that this is in a cooker (not released yet) version of 2006, thus (1) not applicable to 10.1 that you seem to have (2) off-topic in a non-coocker forum branch.

<{POST_SNAPBACK}>

 

 

in MCC, I have set on the lowest level, because if i set on a level other than lowest level, my internet connection does not work.

 

Talking about disabling "interactive Firewall", do i have to enter those lines exactly as they are in a console :

INCLUDE /etc/ifw/start

INCLUDE /etc/ifw/rules

iptables -I INPUT 2 -j Ifw

 

or is it more complex ?

[uralmasha]

photoworks,

I don't think interactive firewall exists in LE2005, at least it is not activated by default in there. So no need to touch /etc/shorewall/start

 

Now, have you tried to see traces of shorewall activity in the /var/log/messages ? Do you see anything there dropping connections, looks like this:

Sep 22 22:50:45 photoworks kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.2.13 DST=224.0.0.251 LEN=6 7 TOS=0x00 PREC=0x00 TTL=255 ID=4 DF PROTO=UDP SPT= DPT=80

 

If not, then it is not firewall that block it... You can also check in MCC-> security ->firewall that web traffic is allowed to flow in.

 

If you're sure you haven't touched the router, I don't know what else should be checked :-(

[uralmasha]

photoworks,

BTW, have you not accidentally enabled the router's own firewall? If you redirect port 22 of ssh to the same machine (192.168.2.13), and ssh demon is running, can you ssh to your 82.xx.xx.xxx IP address?

Edited September 22, 2005 by uralmasha

[wilcal]

i am trying to access my computer from the web. i have set up apache and on local it works fine :

http://photoworks/fashionbug/

 

however, when trying to access to this link from the intermet (my WAN ip being 82.17.144.113) in using this address : http://82.17.144.113/fashionbug/ , it does not work.

During installation make sure you set the Security Level to "Normal".

 

http://shots.osdir.com/slideshows/slidesho...ase=334&slide=5

 

Allowing it the default "High" will close off the Apache webserver to the WAN.

[photoworks]

From your ifconfig here, I'm assuming that the Linux machine has the IP of 192.168.2.13 - as that's how it shows in the ifconfig.

 

You do have ipv6 enabled as well, from the ifconfig, which you could always disable if you prefer, as you're unlikely to be using this.  If you want to disable, just add "alias net-pf-10 off" to /etc/modprobe.conf.  I'm not sure but it could help to get the machine working correctly, as I've seen networking problems when it's been enabled.

 

What's your router brand/model?  If you can let me know, I'll download a manual and have a read on the settings, and see if we can work out what we need to configure up.  The Virtual server is the inbound stuff.  The other that you just mentioned I'm not sure of, but if I have a read on the product info, I can understand whether we need to use that or not.  I have a feeling it's just for something else entirely.

 

Double-check your networking (i'm not sure how at terminal to check the gateway etc), but make sure the gateway is configured for the router IP, and also double-check your DNS entries too, just to make sure.

<{POST_SNAPBACK}>

here is the log i have on my router security log :

 

1970/01/01 00:00:08 DHCP Client : Send Discover

1970/01/01 00:00:10 DHCP Client : Receive Offer from 192.168.100.1

1970/01/01 00:00:11 DHCP Client : Send Discover

1970/01/01 00:00:12 DHCP Client : Receive Offer from 192.168.100.1

1970/01/01 00:00:19 DHCP Client : Send Discover

1970/01/01 00:00:20 DHCP Client : Receive Offer from 62.252.128.22

1970/01/01 00:00:25 DHCP Client : Send Request, Request IP = 82.17.144.113

1970/01/01 00:00:25 DHCP Client : Receive Ack from 62.252.128.22, Lease time = 88468

I have modified the file /etc/modprobe.conf to what is below :

# This file is autogenerated from /etc/modules.conf using generate-modprobe.conf command

 

alias sound-slot-0 i810_audio

install usb-interface /sbin/modprobe uhci-hcd; /bin/true

alias eth0 3c59x

alias net-pf-10 off

 

 

but it still does not work :

 

"the operation timed out when trying to access 82.17.144.113

 

when i look into MCC and the log for messages, there are none appearing (at least simiilar to :

Sep 22 22:50:45 photoworks kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=192.168.2.13 DST=224.0.0.251 LEN=6 7 TOS=0x00 PREC=0x00 TTL=255 ID=4 DF PROTO=UDP SPT= DPT=80

 

my security is set to normal.

 

considering the pictures of my router settings provided on my first posts, could anyone told me hwhat settings i have to enter.

 

I am at a loss at how to set my router.

[ianw1974]

here is the link for the doc of my router :

 

belkin router

 

on the other point, where do i have to add "alias net-pf-10 off" in the document  /etc/modprobe.conf /etc/modprobe.conf. ?

<{POST_SNAPBACK}>

 

Cool, I'll read it now, and see what I can ascertain. The alias line I normally add to the bottom of the file. It probably doesn't really matter where, but for me, the bottom was good :P

[ianw1974]

On page 14 of the 10MB user manual (this is the page number in Acrobat, it reflects page 12 at the bottom of the page), it shows the router, and the WAN port is connected to the cable modem.

 

Is this the same for you? What cable modem do you plug into the WAN port on the router? Do you have to configure this as well, or is it purely a username/password config to gain access to the internet? Or is the username/password used and stored on the router, and then just passed to the cable modem? The reason I ask is this is the point of entry, and I'm not sure if anything needs to be configured here to redirect to the WAN port on your router.

 

I downloaded the Windows XP manual, since there wasn't a Linux one, so figured I'd go with this, to get an idea of how the router works.

 

The other thing, you mentioned before DMZ port. This is something you use to point all web ports/services to a specific server. But, this is considered unsecure, unless wherever you're pointing it to is a hardware Firewall, or is a machine protected by a Firewall (eg Linux and shorewall). DMZ doesn't care about security, it's a like a "if a request for xx port arrives here, I'll just redirect it to wherever IP Address specified). You could point your DMZ to your Linux machine, but make sure the firewall is enabled. What DMZ does, is puts your machine outside the firewall that is effectively on the router and makes your machine accessible by everything, so needs to be protected by shorewall if you do use this.

 

Virtual Server is for the Inbound ports. I cannot quite understand what the Special application section is, but I think it only has 10 entries. What you can try is this.

 

For Virtual server, enter your machine's IP and the relevant port to access (port 80 if just http). This will be in point 1, which you've probably already got as well. Now, what I'm thinking is that we now need to tell the Public IP, eg: the IP that the ISP provides, that to open port 80 on this IP, so that the router can redirect to the Virtual Server. So in Point 1 on Special application, put trigger port 80, public port 80 and then enable. This will be a TCP port. I think this then ties in with point 1 on Virtual Server.

 

I hope that helps, I can't really think of what else could be the problem. Is your IP DHCP or Static?

[uralmasha]

A few lines about the router. I have another make, but the NAT section seems similar. Citation from my router setup page:

Special Applications

Some applications require multiple connections, such as Internet gaming, video conferencing, Internet telephony and others. These applications cannot work when Network Address Translation (NAT) is enabled. If you need to run applications that require multiple connections, specify the port normally associated with an application in the "Trigger Port" field, select the protocol type as TCP or UDP, then enter the public ports associated with the trigger port to open them for inbound traffic.

 

This has nothing to do with the virtual server, and e.g. my web-server is accessible without setting anything there. (and it is accessible with "high" security level, btw).

 

Anyway, In the screenshots I saw a checkbox checked in the "Special application" section.

If what ianw74 suggests about trigger- and public- ports doesn't help, perhaps, you should uncheck it at all.

[photoworks]

Yesterday, to try to get a grasp of things, i asked an online friend of mine to try the links to my webserver ( http://82.17.144.113/fashionbug/ ) on his machine. It worked.

To be sure i asked him to try several times and as well navigate on the several pages of the site on my server. it worked fine. When i type this address on my computer, it does not works, but i was told that it is normal.

 

So when someone try to access to the site on my server at the address mentionned above, it works fine.

 

Now, here is the settings i have on my router :

 

on lan client restrictions page, here are the settings :

 

ip address : 192.168.2.1

 

ip address pool :

 

Start IP 192.168.2.2

end IP 192.168.2.40

 

domain name : work group

 

 

on virtual server :

private ip : 192.168.2.13 - private port : 80 - Type : tcp - Public port 80

 

However, when i turn on my machine,, sometimes, the iip addres of my machine change to 192.168.2.14 ou some other ip address,.

 

So my question is, are my setting on the router correct to cover any ip address that my machine get every time i reconnect.

 

the ip address pool cover the ip adresses from 192.168.2.2 to 192.168.2.40.

 

do i need to fill in the virtual server settings as i have done :

 

on virtual server :

private ip : 192.168.2.13 - private port : 80 - Type : tcp - Public port 80

 

or should i leave it empty or add other ip addresses that my computer could get ?

[ianw1974]

:P many thanks, I wasn't sure whether it did or not. Not using this router, I'm not familiar with some of the options, as it's different from one to another. So confusing :D

 

photoworks, keep us posted how you get on!

[photoworks]

:P many thanks, I wasn't sure whether it did or not.  Not using this router, I'm not familiar with some of the options, as it's different from one to another.  So confusing :D

 

photoworks, keep us posted how you get on!

<{POST_SNAPBACK}>

 

Yesterday, to try to get a grasp of things, i asked an online friend of mine to try the links to my webserver ( http://82.17.144.113/fashionbug/ ) on his machine. It worked.

To be sure i asked him to try several times and as well navigate on the several pages of the site on my server. it worked fine. When i type this address on my computer, it does not works, but i was told that it is normal.

 

So when someone try to access to the site on my server at the address mentionned above, it works fine.

 

Now, here is the settings i have on my router :

 

on lan client restrictions page, here are the settings :

 

ip address : 192.168.2.1

 

ip address pool :

 

Start IP 192.168.2.2

end IP 192.168.2.40

 

domain name : work group

 

 

on virtual server :

private ip : 192.168.2.13 - private port : 80 - Type : tcp - Public port 80

 

However, when i turn on my machine,, sometimes, the iip addres of my machine change to 192.168.2.14 ou some other ip address,.

 

So my question is, are my setting on the router correct to cover any ip address that my machine get every time i reconnect.

 

the ip address pool cover the ip adresses from 192.168.2.2 to 192.168.2.40.

 

do i need to fill in the virtual server settings as i have done :

 

on virtual server :

private ip : 192.168.2.13 - private port : 80 - Type : tcp - Public port 80

 

or should i leave it empty or add other ip addresses that my computer could get ?

[ianw1974]

You might be better changing the DHCP range to 192.168.2.10-192.168.2.50, and then give your machine a static IP address maybe 192.168.2.2 and then configure the Virtual server to point to this static IP Address.

 

Sometimes, routers can be configured to allocate a DHCP address to a particular MAC address, that way your machine would be guaranteed to get it so effectively, it's just like configuring a static IP.

 

If you let me know when done, give me the IP for your webserver, and I'll see if I can connect and browse to it like your friend did.

[photoworks]

You might be better changing the DHCP range to 192.168.2.10-192.168.2.50, and then give your machine a static IP address maybe 192.168.2.2 and then configure the Virtual server to point to this static IP Address.

 

Sometimes, routers can be configured to allocate a DHCP address to a particular MAC address, that way your machine would be guaranteed to get it so effectively, it's just like configuring a static IP.

 

If you let me know when done, give me the IP for your webserver, and I'll see if I can connect and browse to it like your friend did.

<{POST_SNAPBACK}>

where do i give my machine a static ip address ?

[ianw1974]

You can click System/Configuration/Configure Your Computer.

 

In there, there should be an option for the LAN connection, where you can change static IP's etc. You don't need to add a connection, since one will already exist. You just need to change it from DHCP to static, and then give an IP.

 

Make sure you change the DHCP range on the router though, as it'll conflict if another machine tries to pick one up you allocated as static.