At 04:54 PM 3/9/02 +0530, barwals wrote: >Hi everybody, > >Please Please help me....! I'm trying to do it since last One month but could not then only I have sent a mail to this mailing list.
As a general matter, it is unclear at this point whether you have a LEAF problem or a Win2K problem or a Web-server-application (IIS? or what server app?) problem. To pin this down, first check the logs on the LEAF router to see if they report any DENY'd packets to 111.222.333.444:80 (or whatever real IP address this conceals) or from 10.24.33.150:80. If they do not, consider running a sniffer on the LAN while you try to make an external connection to the Web server, and see where the traffic fails to complete. I looked through this and your prior post (as well as the responses to it) and, if the older report you posted remains valid (specifically the ipchains ruleset you list there), I don't see a problem on the LEAF system. This leads me to ask these questions: 1. Is the Web server on the Win2K server (or workstation) configured correctly? (Can you access it from the LAN, using its actual LAN IP address?) Passing the test I mentioned in parentheses does not prove that the Win2K server is configured correctly -- it may still not respond to off-LAN requests, and for that you'll need Win2K or server-app help, not LEAF help -- but failing it does prove it is not. 2. This was asked before, but I didn't see an answer: are you testing the availability of the Web server using an off-LAN browser? Trying to "loop back" through the router from on-LAN commonly doesn't work. 3. The entries for external address appear muddled. I assume that this "111.222.333.444" nonsense is an attempt to keep secret your public IP address. But later, you report an entry for "203.163.160.2", which I'm guessing is the real address. (It's ping'able but does not respond on port 80.) Might you be obscuring a setting error with this effort at secrecy? 4. With respect to your actual posting, I do not understand the meaning of: >When I see in weblet through brouser I'm seeing this. > >but no byte(packet) in Chain port forward policy. What is "this"? And what does the second line mean? (Anyway, don't tell us what *you* see -- quote it completely so *we* can see it.) >I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the >external traffice which is coming to my valid IPaddr (eth0) to my internal >web server which is a windows 2000 server. I have allready gone through all >the related mailing list archive but could not solve the problem and hence >I'm writing to this list. The error I'm getting in my browser is "Connection >faild".... "Connection timed out". > >My configuration is as follows. > >EXTERN_IP=111.222.333.444 >EXTERN_IF =eth0 >INTERNAL_IP=10.24.33.224 >INTERNAL_IF =eth1 >INT_NET = 10.0.0.0/8 >IPFWDING_KERNEL= FILTER_ON >IPALWAYSDEFRAG_KERNEL = YES >CONFIG_HOSTNAME = YES >CONFIG_HOSTSFILE = YES >CONFIG_DNS = NO >IPFILTER_SWITCH = firewall >SNMP_BLOCK = YES >EXTERN_DHCP = NO >EXTERN_DHCP = NO >EXTERN_TCP_PORT0="0/0 www 111.222.333.444" >INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www" > >My IPCHAINS RULES looks like they are accepting the connection at >111.222.333.444. But could not find the solution. Could anybody help me in >that regard. >When I see in weblet through brouser I'm seeing this. > >but no byte(packet) in Chain port forward policy. > > >:: Masqueraded Connections :: >IP masquerading entries >prot expire source destination ports >tcp 0:58.64 10.24.33.150 203.163.160.2 80 2678 (80) > > > > >Regards . >Thanks. > >Sudhir > > >Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com > > Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in > > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user > -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user