On Wed, 28 May 2003 [EMAIL PROTECTED] wrote:
> I added a rule alloing net2fw conection on tcp port 80.
>
> Added in sh-httpd.conf
> CLIENT_ADDRS="192.168.1. My.IP.Net."
> I tryed also to change the SERVER_NAME/ADDR to ppp0_IP
>
> In hosts.allow I added
> sh-httpd: My.IP.Net.0/255.255.255.0
> I tryed also to uncomment in hosts.deny the PARANOID
>
> restarted inetd
inetd doesn't look at hosts.allow, though it usually invokes tcpd which
does. Since tcpd gets re-invoked for every new connection, simply editing
hosts.allow and saving should be enough to activate that change.
>
> but still can't connect to weblet and no log in shorewall.log.
>
> What am I missing to get weblet listen on the external interface (for me ppp0) ?
I don't know, but this is what I would check:
a) no firewall blockage: sounds like you have looked through shorewall
files, but you may not have used "shorewall status" and looked for
relevant lines in the firewall rules.
b) no port 80 redirection: No DNAT to an internal server. Again, checking
"shorewall status" should confirm this.
Note that a) and b) can be eliminated as potential problem sources if you
"shorewall clear" for testing.
c) /etc/inetd.conf file has appropriate entry to activate weblet:
www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
d) /etc/hosts.allow has appropriate entry: you have obscured the entry
above, but it does seem odd that you appear to want to expose it on the
external interface _and not the internal interface_. Why exclude internal
access?
e) sh-httpd is executable:
------
# ls -l /usr/sbin/sh-httpd
-rwxr-xr-x 1 root root 8028 May 27 2001 /usr/sbin/sh-httpd
------
f) confirm that you can connect to it... use telnet from a host in the
appropriate source network. Note response to attempted connection ...
this can be a clue to where the problem is.
-------
$ telnet myrouter 80
Trying 192.168.0.1...
Connected to myrouter.my.localnet.
Escape character is '^]'.
GET / HTTP/1.0
{http response should start here}
--------
Remember the extra blank line after you type the GET command.
g) try looking in the logfile (/var/sh-log/sh-httpd.log) for indications
of connection attempts.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
