Help with server...... PLEASE need a solution

fxdsuperglide · #1 (**permalink**) 01-25-2004, 08:36 PM

Here is what I got going on I have a DSL connection with 5 static IP's I am running a webserver / mailserver and using the proxy part for the mailserver (which is working just fine)

Proxy picks up port 25 smtp and passes to my mailsever 192.168.1.103 that all works great.
What does not work is my webserver.... I have read the manual as far as setting it up and I have done all of those things I made a definition called Linux_server 192.168.1.103
I have made DNAT/SNAT to linux server I also have made a packet filter to allow traffic to it... I have checked the logs and on outside IP's trying to access the webserver and I do not see in the logs where it is getting dropped as a matter of fact I dont see any log entry for anyrthing to do with port 80 its driving me nuts.... My webserver does use mysql and PHP and was working with the rules that I made and somehow now it decided not to work.. so not sure what happened ... I have looked until I am BLUE about ready to give up... [img]/images/graemlins/mad.gif[/img]

I need also for this to do IMAP as well as HTTP and HTTPS I will gladly post my entire config if anyone thinks this will help...I am no expert ....

Thanks...

Goofy · #2 (**permalink**) 01-25-2004, 09:25 PM

try adding a rule to your packet filter:
from: any
to: your web server host
service: HTTP
action: allow

then add your SNAT/DNAT :
source: any
dest addr: your external interface
service: HTTP
change source to: no change
change dest to: your web server host
service dest: no change

fxdsuperglide · #3 (**permalink**) 01-27-2004, 01:21 AM

I have done that exactly ..... no luck ?
I dont know what gives.....

Tetz · #4 (**permalink**) 01-27-2004, 07:01 AM

Are your rules in the correct order? The ASL will go with the first one the packet matches.

bagira · #5 (**permalink**) 01-27-2004, 07:25 AM

Did you check the routing and gateway settings of your Webserver? Does the default gateway point to your ASL ?

Cheers Bagira

fxdsuperglide · #6 (**permalink**) 01-28-2004, 01:03 AM

Ok not sure what you are talking about here my default gateway is for external interface 66.136.X.X
my gateway for the internal Interface is 192.168.1.2
my webserver sits at 192.168.1.103

fxdsuperglide · #7 (**permalink**) 01-28-2004, 01:11 AM

Ok the first rule as far as packet filter is that my internal inetface is any any to access the outside... second packet filter rule is for http is source: any server: linux_server service: http action:allow

JimmyM · #8 (**permalink**) 01-28-2004, 05:54 PM

In your ASL configuration you should only have a Default Gateway assigned on you external interface. The other interfaces should have "None" in the default gateway field. The default gateway assigned on your Webservers NIC configuration should be the interface of your ASL where the webserver connects.

fxdsuperglide · #9 (**permalink**) 01-30-2004, 12:46 AM

I have taken the default gateway out of the internal_interface and put it to none the only gateway that I have now is my external one 66.136.X.X and I still cannot access my webserver unless doing it through the local IP 192.168.1.103 any suggestions ?

fxdsuperglide · #10 (**permalink**) 01-30-2004, 12:51 AM

Here is a copy of whats going and it seems to be right but no matter what I do I cannot make it happen .....
Chain NAT_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 66.136.x.x tcp spts:1024:65535 dpt:80 to:192.168.1.103

Chain NAT_POST (1 references)
pkts bytes target prot opt in out source destination
3067 484K MASQUERADE all -- * eth1 192.168.1.0/24 0.0.0.0/0

Chain NAT_PRE (1 references)
pkts bytes target prot opt in out source destination
4 192 DNAT tcp -- * * 0.0.0.0/0 66.136.x.x tcp spts:1024:65535 dpt:80 to:192.168.1.103