Re: [Cooker-firewall] Can't Access Site
On Mercredi 02 Mai 2001 19:54, you wrote : > My local machine is the Web Server. I am running LM 8.0 on my local > computer and it is running my home web site. I can get to it if I type > "http://localhost"; or if I type the internal IP address. I can't get to it > if I type "http://www.mydomain.org"; from my computer. However, if I go out > to the local library and use their computer to type > "http://www.mydomain.org"; I can get my website up. If I'm on a computer on > the internal network I should be able to use the registered domain name of > the Firewall. It should send my internal requests out to the DNS server on > the internet which then turns the packets around to the firewall destined > on port 80. Port 80 on the firewall then should forward the packets to my > web server behind it. > > It does this if I'm logged on to a computer outside the firewall on the > internet. It does not do this if I try to call up the web server useing > it's url or the firewalls IP address from an internal computer. > We've got the exact same problem here: forwarding from the outside works, but forwarding from the masqueraded network does not work (I can imagine this to be very tricky in ip frames handling code !). Internally you should use the local ip address of your web server, or set up an internal dns for your internal hosts only, to avoid going through the firewall and back (masquerading a local connexion to port-forward it back might be a bit too much). Regards, Your faithful firewall team :-)
Re: [Cooker-firewall] Can't Access Site
My local machine is the Web Server. I am running LM 8.0 on my local computer and it is running my home web site. I can get to it if I type "http://localhost"; or if I type the internal IP address. I can't get to it if I type "http://www.mydomain.org"; from my computer. However, if I go out to the local library and use their computer to type "http://www.mydomain.org"; I can get my website up. If I'm on a computer on the internal network I should be able to use the registered domain name of the Firewall. It should send my internal requests out to the DNS server on the internet which then turns the packets around to the firewall destined on port 80. Port 80 on the firewall then should forward the packets to my web server behind it. It does this if I'm logged on to a computer outside the firewall on the internet. It does not do this if I try to call up the web server useing it's url or the firewalls IP address from an internal computer. Steve On Wednesday 02 May 2001 17:20, you wrote: > On Wed, 2 May 2001, Stephen Thomas wrote: > > I just reread your response. I hope you do not misunderstand me. > > > > I have setup a web server on my network behind the firewall. This is the > > web that I can not access. > > > > > > I CAN access Mandrake Secerity's Web frontend for configuring the > > firewall with no problems. > > > > The problems I am having is accessing my Apache Web server from the > > internal network. > > Oh, this is easier. Because the firewall is not involved. Since your > local machines and the web server are (or should be) on the same subnet > then the question is why can you not see the Web server. > > 1. Try to ping the IP number of the web server e.g. 192.168.1.xx > > 2. Try to connect to the IP number of the web server from your browsers. > > 3. You can also ssh to the firewall and then see if you can make a text > only connection to your web server using the text web client lynx. > i.e. lynx 192.168.1.xx > > My suspicion is that these will all work. > > Since you are not likely to have a DNS server working on your local subnet > (e.g. 192.168.1.xx) you probably cannot connect via the host name. Your > web server will not have a name internally. You can make names work on the > local network by adding an entry to /etc/hosts on the local machine (the > one with the Web browser) if that will make your life easier. > > Now if the problem is that machines on the outside of the firewall cannot > see the web server then it is time to look back at the firewall. > > Eric
Re: [Cooker-firewall] Can't Access Site
On Wed, 2 May 2001, Stephen Thomas wrote: > I just reread your response. I hope you do not misunderstand me. > > I have setup a web server on my network behind the firewall. This is the web > that I can not access. > > I CAN access Mandrake Secerity's Web frontend for configuring the firewall > with no problems. > > The problems I am having is accessing my Apache Web server from the internal > network. Oh, this is easier. Because the firewall is not involved. Since your local machines and the web server are (or should be) on the same subnet then the question is why can you not see the Web server. 1. Try to ping the IP number of the web server e.g. 192.168.1.xx 2. Try to connect to the IP number of the web server from your browsers. 3. You can also ssh to the firewall and then see if you can make a text only connection to your web server using the text web client lynx. i.e. lynx 192.168.1.xx My suspicion is that these will all work. Since you are not likely to have a DNS server working on your local subnet (e.g. 192.168.1.xx) you probably cannot connect via the host name. Your web server will not have a name internally. You can make names work on the local network by adding an entry to /etc/hosts on the local machine (the one with the Web browser) if that will make your life easier. Now if the problem is that machines on the outside of the firewall cannot see the web server then it is time to look back at the firewall. Eric
Re: [Cooker-firewall] Can't Access Site
I just reread your response. I hope you do not misunderstand me. I have setup a web server on my network behind the firewall. This is the web that I can not access. I CAN access Mandrake Secerity's Web frontend for configuring the firewall with no problems. The problems I am having is accessing my Apache Web server from the internal network. Steve On Wednesday 02 May 2001 14:01, you wrote: > On Mardi 01 Mai 2001 22:24, you wrote : > > OK, I setup port forwarding so I can get to my internal site from outside > > the firewall. The problem is I can't access it using the URL from inside > > the firewall. If my system is outside the firewall and I type the url it > > works fine. Any of the systems inside the firewall get an error when they > > type the url. Is this a bug or a feature? > > Could you give us your exact configuration (what services do you forward > for instance ?). Is this an updated version of a beta or a plain RC1 ? > > We (the team) have set up different configurations for our personal use at > home (ftp forwarding to an internal ftp server for instance, as well as > opening ssh and 8443 from the outside on the firewall) and we can still > access the web frontend from the inside (which is mandatory, obviously) and > from the outside when 8443 is open. > > So if this is a bug it is quite critical. > > Regards, > Renaud
Re: [Cooker-firewall] Can't Access Site
Ooops, I did it again. I forgot to give you the specifics. Anyway, I am running it on my home dial-up system. It is forwarding TCP port 80/www. I am running the original RC1 with all security updates. I am running Squid and Snort on it. I have not added any other software. I haven't changed the default firewall settings. My computers can access the internet fine. I have tried from both Windows computers and Linux computers to access the web on my internal computer. I have tried the url as well as the Firewall IP address. Konqueror comes back with the error: "Could not connect to host" I've checked all of the files in the /var/log directory and it's sub-directories but nothing is being logged when I try to connect. I also tried to telnet to port 80 but the connection times out. I hope all this info helps. If you like I can attach files but I'm not sure which files to attach. Steve On Wednesday 02 May 2001 14:01, you wrote: > On Mardi 01 Mai 2001 22:24, you wrote : > > OK, I setup port forwarding so I can get to my internal site from outside > > the firewall. The problem is I can't access it using the URL from inside > > the firewall. If my system is outside the firewall and I type the url it > > works fine. Any of the systems inside the firewall get an error when they > > type the url. Is this a bug or a feature? > > Could you give us your exact configuration (what services do you forward > for instance ?). Is this an updated version of a beta or a plain RC1 ? > > We (the team) have set up different configurations for our personal use at > home (ftp forwarding to an internal ftp server for instance, as well as > opening ssh and 8443 from the outside on the firewall) and we can still > access the web frontend from the inside (which is mandatory, obviously) and > from the outside when 8443 is open. > > So if this is a bug it is quite critical. > > Regards, > Renaud
Re: [Cooker-firewall] Can't Access Site
On Mardi 01 Mai 2001 22:24, you wrote : > OK, I setup port forwarding so I can get to my internal site from outside > the firewall. The problem is I can't access it using the URL from inside > the firewall. If my system is outside the firewall and I type the url it > works fine. Any of the systems inside the firewall get an error when they > type the url. Is this a bug or a feature? Could you give us your exact configuration (what services do you forward for instance ?). Is this an updated version of a beta or a plain RC1 ? We (the team) have set up different configurations for our personal use at home (ftp forwarding to an internal ftp server for instance, as well as opening ssh and 8443 from the outside on the firewall) and we can still access the web frontend from the inside (which is mandatory, obviously) and from the outside when 8443 is open. So if this is a bug it is quite critical. Regards, Renaud