Hi, Thanks to you all for reply. But sorry for not replying early since I was out on vacation. Dear Ray here are the answers of your Q's:
Q1: Is the Web server on the Win2K server (or workstation) configured correctly? (Can you access it from the LAN, using its actual LAN IP address?) Passing the test I mentioned in parentheses does not prove that the Win2K server is configured correctly -- it may still not respond to off-LAN requests, and for that you'll need Win2K or server-app help, not LEAF help -- but failing it does prove it is not. Ans: yes I have checked it up and the win2k webserver is working fine from LAN. If I put that server on internet then also I'm able to access it from Cyber Cafe (other route...i.e. not my LAN). So I hope that webserver is configured properly. Q2: This was asked before, but I didn't see an answer: are you testing the availability of the Web server using an off-LAN browser? Trying to "loop back" through the router from on-LAN commonly doesn't work. Ans: Yes, I have checke it from other route. As joe mentioned to check it from outside of my MASQ m/c. I have checked it from other route as you can see from the IP address 203.163.160.2. Q3: The entries for external address appear muddled. I assume that this "111.222.333.444" nonsense is an attempt to keep secret your public IP address. But later, you report an entry for "203.163.160.2", which I'm guessing is the real address. (It's ping'able but does not respond on port 80.) Might you be obscuring a setting error with this effort at secrecy? Ans: Yes you are right 203.163.160.2 is a real IP address of proxyy server from where I have tried to acceess my Dachstein floppy firewall's external IP address. Yes the IP address 111.222.333.444 is a fake IP address. Since I do not permanently make on the IP firewall m/c I have changed that. Q4: With respect to your actual posting, I do not understand the meaning of: When I see in weblet through brouser I'm seeing thi8s. but no byte(packet) in Chain port forward policy. What is "this"? And what does the second line mean? (Anyway, don't tell us what *you* see -- quote it completely so *we* can see it.) Ans: As you might be knowing that weblet is module through which you can see IPChain rules, Log's etc.(Through LAN Only).So I was trying to say that when I hit the extern IP of LEAF it shows me that It is accepting packets in input chians but in forward rules of ipchains (MASQ) it is not showing anything there. Dear Joe, Thanks. HaHa..!!! I have checked that also but not working. Will Charls reply. Thanks. Sudhir "Ray Olszewski" wrote: At 04:54 PM 3/9/02 +0530, barwals wrote: Hi everybody, Please Please help me....! I'm trying to do it since last One month but could not then only I have sent a mail to this mailing list. As a general matter, it is unclear at this point whether you have a LEAF problem or a Win2K problem or a Web-server-application (IIS? or what server app?) problem. To pin this down, first check the logs on the LEAF router to see if they report any DENY'd packets to 111.222.333.444:80 (or whatever real IP address this conceals) or from 10.24.33.150:80. If they do not, consider running a sniffer on the LAN while you try to make an external connection to the Web server, and see where the traffic fails to complete. I looked through this and your prior post (as well as the responses to it) and, if the older report you posted remains valid (specifically the ipchains ruleset you list there), I don't see a problem on the LEAF system. This leads me to ask these questions: 1. Is the Web server on the Win2K server (or workstation) configured correctly? (Can you access it from the LAN, using its actual LAN IP address?) Passing the test I mentioned in parentheses does not prove that the Win2K server is configured correctly -- it may still not respond to off-LAN requests, and for that you'll need Win2K or server-app help, not LEAF help -- but failing it does prove it is not. 2. This was asked before, but I didn't see an answer: are you testing the availability of the Web server using an off-LAN browser? Trying to "loop back" through the router from on-LAN commonly doesn't work. 3. The entries for external address appear muddled. I assume that this "111.222.333.444" nonsense is an attempt to keep secret your public IP address. But later, you report an entry for "203.163.160.2", which I'm guessing is the real address. (It's ping'able but does not respond on port 80.) Might you be obscuring a setting error with this effort at secrecy? 4. With respect to your actual posting, I do not understand the meaning of: When I see in weblet through brouser I'm seeing thi8s. but no byte(packet) in Chain port forward policy. What is "this"? And what does the second line mean? (Anyway, don't tell us what *you* see -- quote it completely so *we* can see it.) I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the external traffice which is coming to my valid IPaddr (eth0) to my internal web server which is a windows 2000 server. I have allready gone through all the related mailing list archive but could not solve the problem and hence I'm writing to this list. The error I'm getting in my browser is "Connection faild".... "Connection timed out". My configuration is as follows. EXTERN_IP=111.222.333.444 EXTERN_IF =eth0 INTERNAL_IP=10.24.33.224 INTERNAL_IF =eth1 INT_NET = 10.0.0.0/8 IPFWDING_KERNEL= FILTER_ON IPALWAYSDEFRAG_KERNEL = YES CONFIG_HOSTNAME = YES CONFIG_HOSTSFILE = YES CONFIG_DNS = NO IPFILTER_SWITCH = firewall SNMP_BLOCK = YES EXTERN_DHCP = NO EXTERN_DHCP = NO EXTERN_TCP_PORT0="0/0 www 111.222.333.444" INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www" My IPCHAINS RULES looks like they are accepting the connection at 111.222.333.444. But could not find the solution. Could anybody help me in that regard. When I see in weblet through brouser I'm seeing this. but no byte(packet) in Chain port forward policy. :: Masqueraded Connections :: IP masquerading entries prot expire source destination ports tcp 0:58.64 10.24.33.150 203.163.160.2 80 2678 (80) Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
