From owner-freebsd-questions@FreeBSD.ORG Fri Jun 27 07:08:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC23037B401 for ; Fri, 27 Jun 2003 07:08:23 -0700 (PDT) Received: from argosy.ca (www.argosy.ca [138.73.18.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5A8043FA3 for ; Fri, 27 Jun 2003 07:08:22 -0700 (PDT) (envelope-from hhwoo@argosy.ca) Received: from a7n8x (mctn1-2698.nb.aliant.net [156.34.186.138]) by argosy.ca (8.12.9/8.12.9) with SMTP id h5RE9et2031453; Fri, 27 Jun 2003 11:09:43 -0300 (ADT) (envelope-from hhwoo@argosy.ca) Message-ID: <00ed01c33cb5$aaaa9900$0200a8c0@a7n8x> From: "Han Hwei Woo" To: "Gav..." , , References: <20030624075915-149200041@bigpond.com> <000a01c33bd2$ba1bc960$0100a8c0@madaboutipv6> Date: Fri, 27 Jun 2003 11:09:00 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Web Server not allowing external visitors X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2003 14:08:24 -0000 This is because natd is being run before ppp is. Just disable natd in rc.conf, and run it from rc.local instead: /sbin/natd -n ----- Original Message ----- From: "Gav..." To: ; Sent: Thursday, June 26, 2003 8:04 AM Subject: Re: Web Server not allowing external visitors > > | First of all you have two different nats running. The ppp_nat="YES" > | option says use nat function of pppd and natd_enable="YES" says to > | use NATD function of firewall. So you have nated your private lan ip > | address 2 times which is a user config error. You need option > | gateway_enable="YES" to pass packets to lan. I would comment out to > | disable the firewall options until you have thinks working and them > | add firewall. To many things happening and you do not know who is at > | fault so limit testing to one thing at time. With apache server on > | gateway box you do not need port 80 forwarding. > | > | > | in /etc/rc.conf. > | > | ppp_nat="YES" > | gateway_enable="YES" > | defaultrouter="NO" > | > | #firewall_enable="YES" > | #firewall_type="OPEN" // (Yes I know but whilst testing!) > | #natd_enable="YES" > | #natd_interface="tun0" > | #natd_flags="-f /etc/natd.conf" > | > | > > Ok, I did all this and lost all access to the internet from the other LAN > computers. - even with firewall disabled, ipfw is not letting anything > through. > It seems maybe that ppp_nat is not working or not fully configured, what are > all the files and options I need > to change for this to work properly? > > When I boot the computer, the ADSL Modem automatically dials my ISP and > connects fine, but then to gain access to the internet properly I have to do > this: > > killall natd > killall ppp > ppp -background adsl > natd -dynamic -n tun0 > > I can then access the internet fine - without the natd line I can not > access the internet, I tried without this line. > > So maybe a bit more firewall and natd config is required I dont know.? > > As the Web Server at the moment then is on my FreeBSD machine I do not need > any kind of port forwarding, but maybe I still need to more IPFW rules? > > At the moment one tester has reported that he is getting the following:- > > 'Gateway Timeout ' error > A gateway timeout error has occured.The Server is unreachable, please retry > the request. > (GATEWAY_TIMEOUT) > Please contact the Administrator. > > Any ideas, thanks for all the help so far. > > Gav... > > (Original message left intact for now for those that missed it first time) > > | -----Original Message----- > | From: owner-freebsd-questions@freebsd.org > | [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Gav.... > | Sent: Tuesday, June 24, 2003 9:59 AM > | To: freebsd-questions@freebsd.org > | Subject: Web Server not allowing external visitors > | > | Hi, > | > | Subject says it all really, what good is a website if only I can > | view it? > | > | Ok, brief history of problem and setup details, I'm sure I'll leave > | something out you need. > | > | I had 3 computers all run MS and Apache2 Web Server was on the main > | one > | connecting to the net via ADSL and using dyndns.org client to update > | the > | dynamic IP address. No probs. > | > | I then decide to change my setup and add a FreeBSD Router/Firewall > | .and. a > | separate (NT) Web Server. > | I installed my dns update client onto the new web server , enabled > | NATd (am > | connected via PPPoA/E) , enabled port_forward tcp rules on port 80 > | to point > | to this Web Server machine. I also tried IPFW rules etc etc and > | could not > | get the outside world to connect. I thought I would instead put the > | Web > | Server (until I know better) onto the FreeBSD router machine. > | > | Still no go, All my internal machines can - by typing in the > | registered > | domain names, access the web server ok, the Apache Test page comes > | up ok. So > | by typing in www:mysite:com I get the sites ok. This I don't really > | understand. Surely my other computers must be going to the external > | www , > | getting the domain name resolved, getting the dynamic IP address > | allocated > | to me , and then coming back to my FreeBSD router where it gets > | served the > | web site. So why can't anyone else now access it.?? > | > | I'd love to give you a url to test it but this is a public forum and > | my > | router is still not very secure at the moment, however I do have > | trusted > | people testing it for me regularly. > | > | Now , settings I think of relevance (having tried all sorts of > | setups using > | different techniques , I may have mixed up some settings and > | probably have a > | cocktail of settings) are (syntax copied exactly) :- > | > | in /etc/rc.conf. > | > | ppp_nat="YES" > | defaultrouter="NO" > | firewall_enable="YES" > | firewall_type="OPEN" // (Yes I know but whilst testing!) > | natd_enable="YES" > | natd_interface="tun0" > | natd_flags="-f /etc/natd.conf" > | #hostname="mydomain" // I left this commented out for now ? > | > | There are other settings in this file of course but felt only the > | above > | relevant to this post. > | > | in /etc/natd.conf. > | > | interface tun0 > | dynamic yes > | > | in /etc/resolv.conf > | > | domain mydomain.com > | nameserver 11.2.333.44 > | nameserver 11.2.333.55 > | > | //above values changed! > | > | in /etc/rc.firewall > | > | /sbin/ipfw -f flush > | /sbin/ipfw add divert natd all from any to any via tun0 > | /sbin/ipfw add divert natd tcp from 192.168.0.2 80 to any > | /sbin/ipfw add divert natd tcp from any to 192.168.0.2 80 > | /sbin/ipfw add divert natd tcp from any to 192.168.2.1 80 > | /sbin/ipfw add divert natd tcp from 192.168.2.1 80 to any > | /sbin/ipfw add pass all from any to any > | // temporary measure again. > | > | // 192.168.0.2 is on ed0 card going to internal network > | //192.168.2.1 is on ed2 card going to another network (eventually > | web server > | proper) > | > | At this point I'd like to mention something in my ifconfig readout. > | > | Now, ed0 ed2 lp0 ppp0 seem to me to be fine (and must be if internal > | network > | can browse internet etc) > | > | tun0 , although above suggests it is working fine , gives me an > | unusual > | alias address. :- > | > | tun0: flags=8051(UP,POINTTOPOINT,RUNNING,MULTICAST> mtu 1500 > | inet 14x1xx.xxx.xxx --> 172.31.22.152 netmask 0xffffff00. > | > | Ok, I've masked my ISP assig ed IP address for now as it is > | semi-permanent, > | but why has it aliased with a Class C > | internal IP address, when all my network is Class B 192.x.x.x > | addresses , > | can this be the cause of why external visitors can not access my > | sites.??? > | > | What other information do you need ??? > | > | Thanks in advance , speedy help is appreciated as a family member > | has > | trusted me to host his personal website and he cant get on it :( > | > | Gav... > | > | > | --- > | Checked for Viruses (Viri) , Gav... > | Checked by AVG anti-virus system (http://www.grisoft.com). > | Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003 > | > | _______________________________________________ > | freebsd-questions@freebsd.org mailing list > | http://lists.freebsd.org/mailman/listinfo/freebsd-questions > | To unsubscribe, send any mail to > | "freebsd-questions-unsubscribe@freebsd.org" > | > | > > > --- > Checked for Viruses (Viri) , Gav... > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >