Url not found ....

Url not found ....

[Patrick Petermair]

Hi!

I've installed a firewall/gateway with RedHat 7.3 and iptables. I've set up 
masquerading for my internal lan and some basic firewall rules.
Everything works fine (icq, ftp, http,...) but there is ONE homepage which I 
cannot acces (a friend of mine can).

http://stud4.tuwien.ac.at/-e9625216/html/projects.html

When I try to access this page with client in my lan all I get is "not found - 
The requested URL [...] was not found on this server."
After taking a look in my firewall log I found this entry:

Jul  6 22:45:11 wormhole kernel: IN=ppp0 OUT= MAC= SRC=193.170.75.21 
DST=213.225.44.140 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=46360 DF PROTO=TCP 
SPT=80 DPT=36827 WINDOW=32768 RES=0x00 ACK FIN URGP=0

And if you try to ping stu4.tuwien.ac.at you'll find out, that the IP is 
193.170.75.21 - so the answer from the server gets dropped at my firewall.

So the big question is WHY? All homepages I tried so far are working, but not 
this one, so I doubt that it's a problem with the firewall rules.....

Any hints/comments?

Regards,
Patrick

-- 
http://www.petermair.com

Re: Url not found ....

[Antony Stone]

On Saturday 06 July 2002 9:58 pm, Patrick Petermair wrote:

> Hi!
>
> I've installed a firewall/gateway with RedHat 7.3 and iptables. I've set up
> masquerading for my internal lan and some basic firewall rules.
> Everything works fine (icq, ftp, http,...) but there is ONE homepage which
> I cannot acces (a friend of mine can).
>
> http://stud4.tuwien.ac.at/-e9625216/html/projects.html
>
> When I try to access this page with client in my lan all I get is "not
> found - The requested URL [...] was not found on this server."
> After taking a look in my firewall log I found this entry:
>
> Jul  6 22:45:11 wormhole kernel: IN=ppp0 OUT= MAC= SRC=193.170.75.21
> DST=213.225.44.140 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=46360 DF PROTO=TCP
> SPT=80 DPT=36827 WINDOW=32768 RES=0x00 ACK FIN URGP=0
>
> And if you try to ping stu4.tuwien.ac.at you'll find out, that the IP is
> 193.170.75.21 - so the answer from the server gets dropped at my firewall.
>
> So the big question is WHY? All homepages I tried so far are working, but
> not this one, so I doubt that it's a problem with the firewall rules.....
>
> Any hints/comments?

1. Are you on a PPPoE link, or maybe something else which uses a strangely 
small MTU ?

2. Are you allowing all relevant ICMP packets back in through your firewall, 
just in case something somewhere along the way is saying "please fragment" 
because it can't cope with the packet size ?

You might find the following helpful:

http://lists.samba.org/pipermail/netfilter/2002-July/024515.html

 

Antony.

Re: Url not found ....

[John Adams]

On Saturday 06 July 2002 04:58 pm, Patrick Petermair wrote:
> Hi!
>
> I've installed a firewall/gateway with RedHat 7.3 and iptables. I've set
> up masquerading for my internal lan and some basic firewall rules.
> Everything works fine (icq, ftp, http,...) but there is ONE homepage
> which I cannot acces (a friend of mine can).
>
> http://stud4.tuwien.ac.at/-e9625216/html/projects.html
>
> When I try to access this page with client in my lan all I get is "not
> found - The requested URL [...] was not found on this server."
>

I get the same response.  No firewall entries and ethereal indicates no 
dropped packets.  Maybe you mis-typed the URL?

johna

Re: Url not found ....

[Antony Stone]

On Saturday 06 July 2002 10:13 pm, John Adams wrote:

> On Saturday 06 July 2002 04:58 pm, Patrick Petermair wrote:
> > Hi!
> >
> > I've installed a firewall/gateway with RedHat 7.3 and iptables. I've set
> > up masquerading for my internal lan and some basic firewall rules.
> > Everything works fine (icq, ftp, http,...) but there is ONE homepage
> > which I cannot acces (a friend of mine can).
> >
> > http://stud4.tuwien.ac.at/-e9625216/html/projects.html
> >
> > When I try to access this page with client in my lan all I get is "not
> > found - The requested URL [...] was not found on this server."
>
> I get the same response.  No firewall entries and ethereal indicates no
> dropped packets.  Maybe you mis-typed the URL?

Okay.   I didn't try the URL myself before posting the last suggestion.

I've just tried now, and I get an error 404, which is definitely *not* a 
netfilter problem - it means the remote server *has* been contacted (ie all 
the routing has worked), and the remote server has said "I do not have that 
page".

I'd suggest you check those digits in the middle of the URL.

 

Antony.

RE: Url not found ....

[Dennis Cardinale]

You are right...he needs to change to dash (-) to a tilda (~).

-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of Antony Stone
Sent: Saturday, July 06, 2002 5:31 PM
To: netfilter@lists.samba.org
Subject: Re: Url not found ....


On Saturday 06 July 2002 10:13 pm, John Adams wrote:

> On Saturday 06 July 2002 04:58 pm, Patrick Petermair wrote:
> > Hi!
> >
> > I've installed a firewall/gateway with RedHat 7.3 and iptables. I've set
> > up masquerading for my internal lan and some basic firewall rules.
> > Everything works fine (icq, ftp, http,...) but there is ONE homepage
> > which I cannot acces (a friend of mine can).
> >
> > http://stud4.tuwien.ac.at/-e9625216/html/projects.html
> >
> > When I try to access this page with client in my lan all I get is "not
> > found - The requested URL [...] was not found on this server."
>
> I get the same response.  No firewall entries and ethereal indicates no
> dropped packets.  Maybe you mis-typed the URL?

Okay.   I didn't try the URL myself before posting the last suggestion.

I've just tried now, and I get an error 404, which is definitely *not* a
netfilter problem - it means the remote server *has* been contacted (ie all
the routing has worked), and the remote server has said "I do not have that
page".

I'd suggest you check those digits in the middle of the URL.



Antony.

Re: Url not found ....

[Patrick Petermair]

Am Samstag, 6. Juli 2002 23:35 schrieb Dennis Cardinale:
> You are right...he needs to change to dash (-) to a tilda (~).

Thnx, now it works (stupid me).
There is only one thing....I still get those log entries when accessing this 
page! Why is that?

Regards,
Patrick

Re: Url not found ....

[Antony Stone]

On Saturday 06 July 2002 11:03 pm, Patrick Petermair wrote:

> Am Samstag, 6. Juli 2002 23:35 schrieb Dennis Cardinale:
> > You are right...he needs to change to dash (-) to a tilda (~).
>
> Thnx, now it works (stupid me).
> There is only one thing....I still get those log entries when accessing
> this page! Why is that?

What are the logging rules on your firewall ?

 

Antony.

Re: Url not found ....

[Patrick Petermair]

Am Sonntag, 7. Juli 2002 00:03 schrieb Antony Stone:

> What are the logging rules on your firewall ?

[....]
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT 
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT 
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD 
$IPTABLES -t nat -F

#Allow only existing and related to INPUT
$IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow int. LAN to access firewall
$IPTABLES -A INPUT -i $INTIF -j ACCEPT

#Allow ADSL modem to talk to firewall (authentication)
$IPTABLES -A INPUT -i eth0 -s 10.0.0.138 -d 10.0.0.150 -j ACCEPT

#Allow loopback
$IPTABLES -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#Log the rest
$IPTABLES -A INPUT -j LOG

#FWD: Allow all connections OUT and only existing and related ones IN
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED 
-j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

#Enable masquerading
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE


The thing is that I get those log entries only at that specific page 
(stud4.tuwien.ac.at)...

Regards,
Patrick

Re: Url not found ....

[Antony Stone]

On Saturday 06 July 2002 11:49 pm, Patrick Petermair wrote:

> Am Sonntag, 7. Juli 2002 00:03 schrieb Antony Stone:
> > What are the logging rules on your firewall ?

[ ....... ]

> #FWD: Allow all connections OUT and only existing and related ones IN
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG

Hmmm.   Not so different from mine, really, and I don't get any log entries 
when I visit that site.

Can you run ethereal and capture the complete session to see whether, for 
example, there are multiple FIN packets at the end of the session ?

The log entry you posted has both FIN and ACK set, so I presume it's the very 
last packet at the end of the connection...?

 

Antony.