Jump to content

How to open ports for Linux server


Recommended Posts

I can ping my WAN IP address from outside my network (maybe because its static)

I can ping the web address www.mysitename.com (could be same as above)

BUT

I cant access the website.

when i do

telnet mysite.name.com 80

it cant find it

 

 

I have added these two commands into my router

 

ip nat inside source static udp 192.168.1.10 53 192.168.5.5 53

ip nat inside source static tcp 192.168.1.10 80 192.168.5.5 80

 

And still cant access the sites from the internet

 

What am I doing wrong...

 

 

 

 

Here is my set up

 

..........................Internet

............................"

..........................."wan ip address

............................"

............................ADSL modem

............................"192.168.1.1

........................"(static ,no dhcp from adsl to firewal)

.........................."192.168.1.10

...........................Firewall Machine(with 2 NIC)

.........................."192.168.5.5

.............................".................... ..............................."

.............................".................... ................................"

.....................192.168.5.6 (Server)(static ip address)

  • Like 1
Link to post
Share on other sites

What distribution and version of Linux are you running? It is quite possible a firewall is set up to block incoming packets to port 80 by default. Firewall setups do differ across distros, though.

Link to post
Share on other sites

It's a good chance that you may not have network address translation (NAT) set up on your ADSL router/modem properly, or your gateway machine isn't forwarding to your internal webserver properly. But due to your setup, there are quite a number of stages to check and get right first....

 

However, some things to check:

 

From the webserver:

telnet localhost 80

telnet 192.168.5.6 80

 

From the gateway:

telnet 192.168.5.6 80

 

Check those, and post back results, and we can take this further.

 

nb: there are a number of web-based port scanners to check open ports on your ADSL end - try one of those to see if the port is viewable from outside (internet) and if that IS the case, then you'll know it's routing/network issues internally.

 

edit: just had a thought... when you say "it can't find it", what is the *it* we're talking about here? Your machine can't resolve that domain name, or you have no route through to the IP address? Can you post the output of your error message here?

Link to post
Share on other sites
It's a good chance that you may not have network address translation (NAT) set up on your ADSL router/modem properly, or your gateway machine isn't forwarding to your internal webserver properly. But due to your setup, there are quite a number of stages to check and get right first....

 

However, some things to check:

 

From the webserver:

telnet localhost 80 <-- see if apache is listening on 127.0.0.1

telnet 192.168.5.6 80 <-- see if apache is not just bound to localhost.

 

From the gateway:

telnet 192.168.5.6 80 <-- see if apache is accessible from an external IP (external to your webserver, that is)

 

Check those, and post back results, and we can take this further.

 

nb: there are a number of web-based port scanners to check open ports on your ADSL end - try one of those to see if the port is viewable from outside (internet) and if that IS the case, then you'll know it's routing/network issues internally.

 

edit: just had a thought... when you say "it can't find it", what is the *it* we're talking about here? Your machine can't resolve that domain name, or you have no route through to the IP address? Can you post the output of your error message here?

 

Thanks 'Dungeon-Dave'

 

telnet localhost 80 <-- see if apache is listening on 127.0.0.1 === works fine

telnet 192.168.5.6 80 <-- see if apache is not just bound to localhost. ===works fine

 

From the gateway:

telnet 192.168.5.6 80 <-- see if apache is accessible from an external IP (external to your webserver, that is)

You meant to say 192.168.5.5 === works fine

 

********************************

 

if i go to www.canyouseeme.org, i cant see web server port open

 

checked with isp port 80 is not closed at all

 

before i check the firewall how do i open the web server on cisco ....

 

if i open port 80 on the router,,,,

i should be able to see port 80 as open if i go to www.canyouseeme.org

 

is that right.

Because i am thinking of solving this from one stage to another

 

Here is my router config anything i should be looking at changing?

Will this config enable web server on port 80?

 

thom#sho configuration

Using 1639 out of 131072 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service dhcp

!

hostname thom

!

logging buffered 4096 debugging

enable secret ABCABCABACABACBACBACBACBQAC

enable password cdcdcdcdcdcdcdcdcdcd

!

ip subnet-zero

ip name-server 202.27.xxx.xx

ip name-server 203.97.xxx.xxx

ip dhcp excluded-address 192.168.1.254

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool dhcppool

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 203.97.xxx.xxx 203.97.xxx.xx

!

!

!

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 0/100

encapsulation aal5mux ppp dialer

dialer pool-membe

!

!

interface Dialer0

ip address negotiated previous

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username me@myisp.com password blablablablablabalabalabala

6C

ppp ipcp dns accept

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.10 80 203.97.xxx.xxx 80 extendable(203.97.xxx.xx is my static ip address)

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

line con 0

exec-timeout 0 0

stopbits 1

line vty 0 4

password XYZXYZXYZXYZXYZXYZXYCXZUTXTX

login

!

scheduler max-task-time 5000

end

 

thom#

 

 

Thanks

Link to post
Share on other sites
checked with isp port 80 is not closed at all

 

before i check the firewall how do i open the web server on cisco ....

I'm not sure on Cisco stuff - so the stuff you posted doesn't make much sense to me, sorry.

 

if i open port 80 on the router,,,,

i should be able to see port 80 as open if i go to www.canyouseeme.org

 

is that right.

Because i am thinking of solving this from one stage to another

 

Here is my router config anything i should be looking at changing?

Will this config enable web server on port 80?

Yup - if you go to www.canyouseeme.org it should show port 80 as open and listening (I use grc.com or telnet in from another internet-facing machine somewhere).

 

It looks like internal routing is fine from the earlier stuff you posted - just the NAT and port stuff is probably all that's blocking it.

 

note: if you don't have a FQDN set up for your external IP, try pointing a browser just at the external IP (from outside your home network, naturally).

 

Oh, may want to check that there's no firewall rule blocking it: iptables -L -n | more - just in case your LAN is whitelisted but external IPs aren't (thus throwing your checks out).

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...