Date: Tue, 24 Jun 2003 21:58:47 +0800 From: "Gav...." <ipv6guru@bigpond.net.au> To: freebsd-questions@freebsd.org Subject: Web Server not allowing external visitors Message-ID: <001301c33a58$bbfb5690$0100a8c0@madaboutipv6>
next in thread | raw e-mail | index | archive | help
Hi, Subject says it all really, what good is a website if only I can view it? Ok, brief history of problem and setup details, I'm sure I'll leave something out you need. I had 3 computers all run MS and Apache2 Web Server was on the main one connecting to the net via ADSL and using dyndns.org client to update the dynamic IP address. No probs. I then decide to change my setup and add a FreeBSD Router/Firewall .and. a separate (NT) Web Server. I installed my dns update client onto the new web server , enabled NATd (am connected via PPPoA/E) , enabled port_forward tcp rules on port 80 to point to this Web Server machine. I also tried IPFW rules etc etc and could not get the outside world to connect. I thought I would instead put the Web Server (until I know better) onto the FreeBSD router machine. Still no go, All my internal machines can - by typing in the registered domain names, access the web server ok, the Apache Test page comes up ok. So by typing in www:mysite:com I get the sites ok. This I don't really understand. Surely my other computers must be going to the external www , getting the domain name resolved, getting the dynamic IP address allocated to me , and then coming back to my FreeBSD router where it gets served the web site. So why can't anyone else now access it.?? I'd love to give you a url to test it but this is a public forum and my router is still not very secure at the moment, however I do have trusted people testing it for me regularly. Now , settings I think of relevance (having tried all sorts of setups using different techniques , I may have mixed up some settings and probably have a cocktail of settings) are (syntax copied exactly) :- in /etc/rc.conf. ppp_nat="YES" defaultrouter="NO" firewall_enable="YES" firewall_type="OPEN" // (Yes I know but whilst testing!) natd_enable="YES" natd_interface="tun0" natd_flags="-f /etc/natd.conf" #hostname="mydomain" // I left this commented out for now ? There are other settings in this file of course but felt only the above relevant to this post. in /etc/natd.conf. interface tun0 dynamic yes in /etc/resolv.conf domain mydomain.com nameserver 11.2.333.44 nameserver 11.2.333.55 //above values changed! in /etc/rc.firewall /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 /sbin/ipfw add divert natd tcp from 192.168.0.2 80 to any /sbin/ipfw add divert natd tcp from any to 192.168.0.2 80 /sbin/ipfw add divert natd tcp from any to 192.168.2.1 80 /sbin/ipfw add divert natd tcp from 192.168.2.1 80 to any /sbin/ipfw add pass all from any to any // temporary measure again. // 192.168.0.2 is on ed0 card going to internal network //192.168.2.1 is on ed2 card going to another network (eventually web server proper) At this point I'd like to mention something in my ifconfig readout. Now, ed0 ed2 lp0 ppp0 seem to me to be fine (and must be if internal network can browse internet etc) tun0 , although above suggests it is working fine , gives me an unusual alias address. :- tun0: flags=8051(UP,POINTTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 14x1xx.xxx.xxx --> 172.31.22.152 netmask 0xffffff00. Ok, I've masked my ISP assig ed IP address for now as it is semi-permanent, but why has it aliased with a Class C internal IP address, when all my network is Class B 192.x.x.x addresses , can this be the cause of why external visitors can not access my sites.??? What other information do you need ??? Thanks in advance , speedy help is appreciated as a family member has trusted me to host his personal website and he cant get on it :( Gav... --- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.491 / Virus Database: 290 - Release Date: 18/06/2003
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001301c33a58$bbfb5690$0100a8c0>