All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ralph Brugger <sitecopy@public.linkpool.de>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: Debian Sarge Server with iptables behind D-Link Router
Date: Tue, 31 Jan 2006 15:21:14 +0000	[thread overview]
Message-ID: <drnv8p$35p$1@sea.gmane.org> (raw)

Hi,

> try next:
> - Put d-link ADSL as "modem"
> - Make PPPoE call under Linux

Yes I've already tried this - that's my current configuration since one
week;)

But I want to understand why it's not possible to use the D-Link as a
router, and for what kind of problem the tcpdump results stand for.

Ralph

> 
> 
> 
> ->
> -> Hi,
> ->
> -> I have the shown (end of this post) net work configuration.
> ->
> -> In a "few" words: My Debian Sarge server is connected to a D-Link ADSL
> -> Router (DSL-562T). DMZ is enabled for the Debian Sarge IP on the Router.
> ->
> -> My Linux server has two NIC's.
> -> ethlan = internal Net
> -> ethdsl = external -> D-Link
> ->
> -> My Linux server is configured to make NAT via iptables.
> ->
> -> Current state - what's working:
> -> - Access from internal LAN to Internet is working (http, https, ftp, etc)
> -> - Access inside the LAN is working
> -> - Access inside the LAN to the linux server is working (http, https,
> -> IMAP and SSH)
> -> - Access from outside the LAN (from internet) to the Linux server is
> -> working for https, IMAP and SSH
> ->
> -> ***BUT***:
> -> Same Problem simular for SSH, https and IMAP:
> -> On an internet browser inside the lan I can't access the webserver on
> -> the Linux Server when I enter the external URL of the Linux server
> -> (dynDNS domain name).
> -> The https-page won't be opened. A simple ping to the linux server with
> -> the same dynDSN domain name works. Trying to enter the external IP of
> -> the linux server in the browser also won't work.
> -> The page won't be opened in the browser.
> ->
> -> Die Seite wird im Browser dann nicht geöffnet.
> -> Via telnet auf https ider ssh oder IMAP wird ebenso keine Verbindung
> -> aufgebaut, wenn ich als Ziel den dynDSN Domainnamen angebe.
> -> Wie gesagt, gebe ich statt des dynDNS Domainnamens den lokalen Namen
> -> oder die lokale IP ein, dann geht es.
> ->
> -> iptables schould log dropped pakets. But there aren't any
> -> dropped packets.
> -> Ifconfig also does not show any errors (dropped packets) for ethlan /
> -> ethdsl.
> ->
> -> So I've tried to understand what tcpdumd shows for port 443. But I'm
> -> bound to say that I'm absolutety not firm with tcpdump.
> -> Here's what tcpdump shows:
> ->
> ->
> -> tcpdump for port 443:
> -> Not working access from inside the lan to the servers external Name /
> -> the servers external IP:
> -> => no connection
> -> ==================
> -> p54BE15A1.dip0.t-ipconnect.de.https: S 1859848764:1859848764(0) win
> -> 65535 <mss 1260,nop,nop,sackOK>
> -> 18:43:41.477631 IP lp-java.linkpool.3491 >
> -> p54BE15A1.dip0.t-ipconnect.de.https: S 1859848764:1859848764(0) win
> -> 65535 <mss 1260,nop,nop,sackOK>
> -> 18:43:41.479358 IP p54BE15A1.dip0.t-ipconnect.de.https >
> -> lp-java.linkpool.3491: R 0:0(0) ack 1859848765 win 0
> -> 18:43:41.967525 IP lp-java.linkpool.3491 >
> -> p54BE15A1.dip0.t-ipconnect.de.https: S 1859848764:1859848764(0) win
> -> 65535 <mss 1260,nop,nop,sackOK>
> -> 18:43:41.969239 IP p54BE15A1.dip0.t-ipconnect.de.https >
> -> lp-java.linkpool.3491: R 0:0(0) ack 1 win 0
> -> 18:43:42.468301 IP lp-java.linkpool.3491 >
> -> p54BE15A1.dip0.t-ipconnect.de.https: S 1859848764:1859848764(0) win
> -> 65535 <mss 1260,nop,nop,sackOK>
> -> 18:43:42.470116 IP p54BE15A1.dip0.t-ipconnect.de.https >
> -> lp-java.linkpool.3491: R 0:0(0) ack 1 win 0
> ->
> ->
> -> tcpdump for port 443:
> -> WORKING access from inside the lan to the servers INTERNAL Name / the
> -> servers INTERNAL IP:
> -> => Successful connection
> -> ==================
> -> 18:45:38.773997 IP lp-java.linkpool.3492 > lp-komodo.LINKPOOL.https: S
> -> 1505679381:1505679381(0) win 65535 <mss 1260,nop,nop,sackOK>
> -> 18:45:38.774478 IP lp-komodo.LINKPOOL.https > lp-java.linkpool.3492: S
> -> 189223170:189223170(0) ack 1505679382 win 5840 <mss 1460,nop,nop,sackOK>
> -> 18:45:38.774062 IP lp-java.linkpool.3492 > lp-komodo.LINKPOOL.https: .
> -> ack 1 win 65535
> -> 18:45:38.774608 IP lp-java.linkpool.3492 > lp-komodo.LINKPOOL.https: P
> -> 1:106(105) ack 1 win 65535
> -> 18:45:38.774660 IP lp-komodo.LINKPOOL.https > lp-java.linkpool.3492: .
> -> ack 106 win 5840
> -> 18:45:38.813185 IP lp-komodo.LINKPOOL.https > lp-java.linkpool.3492: P
> -> 1:1055(1054) ack 106 win 5840
> -> 18:45:38.927284 IP lp-java.linkpool.3492 > lp-komodo.LINKPOOL.https: .
> -> ack 1055 win 64481
> ->
> -> Is there any one who can interpret those results? Are these enough
> -> informations to see where the problem may ve?
> -> Wrong Routing? Linux server iptables problem? Problem inside the D-Link
> -> Router?
> -> Any suggestions are welcome!
> ->
> ->      Internet
> ->          |
> ->         DSL
> ->          |
> ->          |
> ->    D-Link DSL-562T
> ->     192.168.200.5
> ->          |
> ->          |
> ->   ------------------------------------
> ->   | Dev=ethdsl      Linux Server     |
> ->   | 192.168.200.2   lp-komodo        |
> ->   |     |                            |
> ->   |   route + iptables               |
> ->   |     |                            |
> ->   | 192.168.240.2                    |
> ->   | Dev=ethlan                       |
> ->   |-----------------------------------
> ->                   |
> ->                   |
> ->             Switch 10/100/1000
> ->                   |
> ->                   |
> ->   ------------------------------------
> ->   |Dev=LAN            Windows Client |
> ->   |                   XP Pro SP2     |
> ->   |192.168.240.010    lp-java        |
> ->   |                                  |
> ->   -----------------------------------|
> ->
> ->
> -> Regards,
> ->
> -> Ralph
> ->
> -> _______________________________________________
> -> LARTC mailing list
> -> LARTC@mailman.ds9a.nl
> -> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

             reply	other threads:[~2006-01-31 15:21 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-31 15:21 Ralph Brugger [this message]
2006-02-01 22:11 ` [LARTC] Re: Debian Sarge Server with iptables behind D-Link Router LinuXKiD
2006-02-01 22:37 ` Philippe Latu
2006-02-02  8:41 ` LinuXKiD

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='drnv8p$35p$1@sea.gmane.org' \
    --to=sitecopy@public.linkpool.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.