At 04:54 PM 3/9/02 +0530, barwals wrote:
>Hi everybody,
>
>Please Please help me....! I'm trying to do it since last One month but
could not then only I have sent a mail to this mailing list.
As a general matter, it is unclear at this point whether you have a LEAF
problem or a Win2K problem or a Web-server-application (IIS? or what server
app?) problem. To pin this down, first check the logs on the LEAF router to
see if they report any DENY'd packets to 111.222.333.444:80 (or whatever
real IP address this conceals) or from 10.24.33.150:80.
If they do not, consider running a sniffer on the LAN while you try to make
an external connection to the Web server, and see where the traffic fails to
complete.
I looked through this and your prior post (as well as the responses to it)
and, if the older report you posted remains valid (specifically the ipchains
ruleset you list there), I don't see a problem on the LEAF system. This
leads me to ask these questions:
1. Is the Web server on the Win2K server (or workstation) configured
correctly? (Can you access it from the LAN, using its actual LAN IP
address?) Passing the test I mentioned in parentheses does not prove that
the Win2K server is configured correctly -- it may still not respond to
off-LAN requests, and for that you'll need Win2K or server-app help, not
LEAF help -- but failing it does prove it is not.
2. This was asked before, but I didn't see an answer: are you
testing the availability of the Web server using an off-LAN browser? Trying
to "loop back" through the router from on-LAN commonly doesn't work.
3. The entries for external address appear muddled. I assume that
this "111.222.333.444" nonsense is an attempt to keep secret your public IP
address. But later, you report an entry for "203.163.160.2", which I'm
guessing is the real address. (It's ping'able but does not respond on port
80.) Might you be obscuring a setting error with this effort at secrecy?
4. With respect to your actual posting, I do not understand the meaning of:
>When I see in weblet through brouser I'm seeing this.
>
>but no byte(packet) in Chain port forward policy.
What is "this"? And what does the second line mean? (Anyway, don't tell us
what *you* see -- quote it completely so *we* can see it.)
>I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the
>external traffice which is coming to my valid IPaddr (eth0) to my internal
>web server which is a windows 2000 server. I have allready gone through all
>the related mailing list archive but could not solve the problem and hence
>I'm writing to this list. The error I'm getting in my browser is "Connection
>faild".... "Connection timed out".
>
>My configuration is as follows.
>
>EXTERN_IP=111.222.333.444
>EXTERN_IF =eth0
>INTERNAL_IP=10.24.33.224
>INTERNAL_IF =eth1
>INT_NET = 10.0.0.0/8
>IPFWDING_KERNEL= FILTER_ON
>IPALWAYSDEFRAG_KERNEL = YES
>CONFIG_HOSTNAME = YES
>CONFIG_HOSTSFILE = YES
>CONFIG_DNS = NO
>IPFILTER_SWITCH = firewall
>SNMP_BLOCK = YES
>EXTERN_DHCP = NO
>EXTERN_DHCP = NO
>EXTERN_TCP_PORT0="0/0 www 111.222.333.444"
>INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www"
>
>My IPCHAINS RULES looks like they are accepting the connection at
>111.222.333.444. But could not find the solution. Could anybody help me in
>that regard.
>When I see in weblet through brouser I'm seeing this.
>
>but no byte(packet) in Chain port forward policy.
>
>
>:: Masqueraded Connections ::
>IP masquerading entries
>prot expire source destination ports
>tcp 0:58.64 10.24.33.150 203.163.160.2 80 2678 (80)
>
>
>
>
>Regards .
>Thanks.
>
>Sudhir
>
>
>Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
>
> Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
>
>
>_______________________________________________
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
