Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 4/12/2006 4:48:27 PM EDT
[Last Edit: 4/12/2006 7:43:31 PM EDT by david_g17]
update: problem solved

setup:

Internet --> DSL modem with built in firewall --> wireless router --> Linux (Fedora Core 5) box

I'm trying to see if I can setup a web server on my system. I disabled the firewall on the DSL modem, put the Linux box's IP address in the DMZ on the router, and disabled the Linux firewall.



[root@localhost sbin]# ./iptables -F
[root@localhost sbin]# ./iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
[root@localhost sbin]#




When I run an online port scan, all ports come up as "Stealth" (screenshot below).



I've done this before, but can't remember what fixed it.

I realize that I'll need to close it back down and use port forwarding (or something like that), but for right now, I'd like to see some port accessible from the outside world.

what am I doing wrong? any ideas?
Link Posted: 4/12/2006 4:51:54 PM EDT
Is anything open? What does 'netstat -tanp' show?
Link Posted: 4/12/2006 4:57:46 PM EDT
[Last Edit: 4/12/2006 4:59:57 PM EDT by david_g17]

Originally Posted By dolanp:
Is anything open? What does 'netstat -tanp' show?



it shows:

[root@localhost sbin]# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6880 0.0.0.0:* LISTEN 9321/java
tcp 0 0 0.0.0.0:29697 0.0.0.0:* LISTEN 9321/java
tcp 0 0 0.0.0.0:53770 0.0.0.0:* LISTEN 1898/rpc.statd
tcp 0 0 127.0.0.1:45100 0.0.0.0:* LISTEN 9321/java
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1879/portmap
tcp 0 0 127.0.0.1:50000 0.0.0.0:* LISTEN 2117/hpiod
tcp 0 0 127.0.0.1:50002 0.0.0.0:* LISTEN 2122/python
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2134/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2193/sendmail: acce
tcp 0 0 127.0.0.1:50000 127.0.0.1:45028 ESTABLISHED 2117/hpiod
tcp 1 0 192.168.2.2:53707 193.1.193.67:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:53708 193.1.193.67:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:35051 193.219.28.2:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:46651 134.53.131.9:80 CLOSE_WAIT 10263/python
tcp 0 0 192.168.2.2:54481 64.12.165.109:5190 ESTABLISHED 8917/gaim
tcp 0 0 127.0.0.1:45028 127.0.0.1:50000 ESTABLISHED 2122/python
tcp 1 0 192.168.2.2:36595 85.31.105.2:80 CLOSE_WAIT 9321/java
tcp 1 0 192.168.2.2:57709 128.153.144.19:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:54124 209.132.177.50:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:54119 209.132.177.50:80 CLOSE_WAIT 10263/python
tcp 1 0 192.168.2.2:54115 209.132.177.50:80 CLOSE_WAIT 10263/python
tcp 0 0 192.168.2.2:57152 69.95.2.69:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:46973 69.95.2.67:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:49128 69.95.2.77:80 ESTABLISHED 3088/firefox-bin
tcp 0 749 192.168.2.2:39175 69.95.2.67:80 FIN_WAIT1 -
tcp 0 0 192.168.2.2:53257 205.161.6.55:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:53258 205.161.6.55:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:39593 216.113.183.100:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:35614 205.188.9.26:5190 ESTABLISHED 8917/gaim
tcp 0 0 192.168.2.2:46477 209.11.131.36:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 192.168.2.2:36497 205.161.6.41:80 ESTABLISHED 3088/firefox-bin
tcp 0 0 :::22 :::* LISTEN 2163/sshd



(but I can barely follow what the output means - reading man netstat)
Link Posted: 4/12/2006 5:02:19 PM EDT
tag
Link Posted: 4/12/2006 5:04:00 PM EDT
It shows what ports are open on the system using tcp. See if you can ssh to your public IP address.

If not I guess it must be somewhere in your DSL modem or router config, hard to say without being hands-on.
Link Posted: 4/12/2006 5:06:26 PM EDT
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz
Link Posted: 4/12/2006 5:08:23 PM EDT
[Last Edit: 4/12/2006 5:09:03 PM EDT by capnrob97]

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



A web server behind NAT is hard, sorry.
Link Posted: 4/12/2006 5:10:42 PM EDT

Originally Posted By capnrob97:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



A web server behind NAT is hard, sorry.



Why is it hard? Its done commonly.

-Foxxz
Link Posted: 4/12/2006 5:11:39 PM EDT
ssh times out from public IP , but works from 127.0.0.1 (so i know ssh is working).

DSL Modem:


Wireless Router:
Link Posted: 4/12/2006 5:13:56 PM EDT

Originally Posted By Foxxz:

Originally Posted By capnrob97:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



A web server behind NAT is hard, sorry.



Why is it hard? Its done commonly.

-Foxxz



Hard for Joe-Sixpack... We are not all internet gods here.

Link Posted: 4/12/2006 5:14:38 PM EDT
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz
Link Posted: 4/12/2006 5:21:52 PM EDT

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.
Link Posted: 4/12/2006 5:23:55 PM EDT
[Last Edit: 4/12/2006 5:26:34 PM EDT by Foxxz]

Originally Posted By david_g17:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.



Hmm so you either disabled NAT or if should already be working.

If you disabled NAT then make sure your PC is set to get a DHCP lease, and make it renew the lease. It should get a world addressible IP then.

-Foxxz
Link Posted: 4/12/2006 5:26:40 PM EDT
[Last Edit: 4/12/2006 5:28:59 PM EDT by david_g17]

Originally Posted By Foxxz:
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz



got an error:


i can configure apache to run on another port (8080), this works:


but the port (8080) is still stealthed.

edit to fix pics.
Link Posted: 4/12/2006 5:30:12 PM EDT

Originally Posted By Foxxz:

Originally Posted By david_g17:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.



Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz



Are you sure you are not exposing this guys/gals home-network for some nasty stuff? It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.
Link Posted: 4/12/2006 5:30:53 PM EDT

Originally Posted By david_g17:

Originally Posted By Foxxz:
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz



got an error:
img135.imageshack.us/img135/5126/error9fa.th.png

i can configure apache to run on another port (8080), this works:
img124.imageshack.us/img124/2782/thisworks4el.th.png

but the port (8080) is still stealthed.

edit to fix pics.



If apache is indeed on 8080 then that should work (make sure you checked the enable box).

-Foxxz
Link Posted: 4/12/2006 5:32:06 PM EDT

Originally Posted By capnrob97:

Originally Posted By Foxxz:

Originally Posted By david_g17:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.



Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz



Are you sure you are not exposing this guys/gals home-network for some nasty stuff? It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.



Its not security wise. But I dont think he's actually done that. It looks like he's still running NAT and is just port forwarding.

-Foxxz
Link Posted: 4/12/2006 5:34:50 PM EDT

Originally Posted By capnrob97:

Originally Posted By Foxxz:

Originally Posted By david_g17:

Originally Posted By Foxxz:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz



I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.



Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz



Are you sure you are not exposing this guys/gals home-network for some nasty stuff? It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.



it's all good. I can always format and reinstall.

I'm wondering if my ISP could be blocking it.
Link Posted: 4/12/2006 5:36:35 PM EDT
Its a posibility the ISP is blocking it. Mine does to some ports. I'm much better at helping when I have access

-Foxxz
Link Posted: 4/12/2006 5:58:07 PM EDT
Try forwarding port 22 and see if ssh works from outside then.
Link Posted: 4/12/2006 7:40:28 PM EDT
[Last Edit: 4/12/2006 7:44:11 PM EDT by david_g17]
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes
Link Posted: 4/13/2006 5:58:03 AM EDT

Originally Posted By david_g17:
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes



for i in /dev/hd*; do dd if=/dev/zero of=$i &; done

-Foxxz
Link Posted: 4/13/2006 6:16:44 AM EDT

Originally Posted By Foxxz:

Originally Posted By david_g17:
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes



for i in /dev/hd*; do dd if=/dev/zero of=$i &; done

-Foxxz



Dark-sided!!

Top Top