Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel
laRue
geissele
skd
SDS
fightlite
GS
jt
delton
JRH
aim
brownells
vortex
VP
springfield
troy
silencerShop
RS
midwest
primaryArms
CA
Hit
palmetto
bravocompany
magpul

gray
jt
bravocompany
Pro2A
ar15com
RS
cmmg
primaryArms
Faxxon
blackhills
brownells
JRH
THBRD
palmetto
dsa
silencerShop
LAPG
CA
LAPG
springfield
fightlite
SAS
geissele
bravocompany
cmmg
tnvc
trijicon
geissele
Users Online7499 Online
bravocompany missing Hydra
Page General » General Discussion
Archived [ARCHIVED THREAD] - need networking help, please (edit: problem solved) :)
Posted: 4/12/2006 4:48:27 PM EDT
update: problem solved

setup:

Internet --> DSL modem with built in firewall --> wireless router --> Linux (Fedora Core 5) box

I'm trying to see if I can setup a web server on my system.  I disabled the firewall on the DSL modem, put the Linux box's IP address in the DMZ on the router, and disabled the Linux firewall.


[root@localhost sbin]# ./iptables -F
[root@localhost sbin]# ./iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination
[root@localhost sbin]#



When I run an online port scan, all ports come up as "Stealth" (screenshot below).



I've done this before, but can't remember what fixed it.

I realize that I'll need to close it back down and use port forwarding (or something like that), but for right now, I'd like to see some port accessible from the outside world.

what am I doing wrong? any ideas?

Link Posted: 4/12/2006 4:51:54 PM EDT
[#1]
Is anything open?  What does 'netstat -tanp' show?

Link Posted: 4/12/2006 4:57:46 PM EDT
[#2]
Quoted:
Is anything open?  What does 'netstat -tanp' show?


it shows:

[root@localhost sbin]# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:6880              0.0.0.0:*                   LISTEN      9321/java
tcp        0      0 0.0.0.0:29697               0.0.0.0:*                   LISTEN      9321/java
tcp        0      0 0.0.0.0:53770               0.0.0.0:*                   LISTEN      1898/rpc.statd
tcp        0      0 127.0.0.1:45100             0.0.0.0:*                   LISTEN      9321/java
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1879/portmap
tcp        0      0 127.0.0.1:50000             0.0.0.0:*                   LISTEN      2117/hpiod
tcp        0      0 127.0.0.1:50002             0.0.0.0:*                   LISTEN      2122/python
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2134/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2193/sendmail: acce
tcp        0      0 127.0.0.1:50000             127.0.0.1:45028             ESTABLISHED 2117/hpiod
tcp        1      0 192.168.2.2:53707           193.1.193.67:80             CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:53708           193.1.193.67:80             CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:35051           193.219.28.2:80             CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:46651           134.53.131.9:80             CLOSE_WAIT  10263/python
tcp        0      0 192.168.2.2:54481           64.12.165.109:5190          ESTABLISHED 8917/gaim
tcp        0      0 127.0.0.1:45028             127.0.0.1:50000             ESTABLISHED 2122/python
tcp        1      0 192.168.2.2:36595           85.31.105.2:80              CLOSE_WAIT  9321/java
tcp        1      0 192.168.2.2:57709           128.153.144.19:80           CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:54124           209.132.177.50:80           CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:54119           209.132.177.50:80           CLOSE_WAIT  10263/python
tcp        1      0 192.168.2.2:54115           209.132.177.50:80           CLOSE_WAIT  10263/python
tcp        0      0 192.168.2.2:57152           69.95.2.69:80               ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:46973           69.95.2.67:80               ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:49128           69.95.2.77:80               ESTABLISHED 3088/firefox-bin
tcp        0    749 192.168.2.2:39175           69.95.2.67:80               FIN_WAIT1   -
tcp        0      0 192.168.2.2:53257           205.161.6.55:80             ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:53258           205.161.6.55:80             ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:39593           216.113.183.100:80          ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:35614           205.188.9.26:5190           ESTABLISHED 8917/gaim
tcp        0      0 192.168.2.2:46477           209.11.131.36:80            ESTABLISHED 3088/firefox-bin
tcp        0      0 192.168.2.2:36497           205.161.6.41:80             ESTABLISHED 3088/firefox-bin
tcp        0      0 :::22                       :::*                        LISTEN      2163/sshd



(but I can barely follow what the output means - reading man netstat)

Link Posted: 4/12/2006 5:02:19 PM EDT
[#3]
tag
Link Posted: 4/12/2006 5:04:00 PM EDT
[#4]
It shows what ports are open on the system using tcp.   See if you can ssh to your public IP address.

If not I guess it must be somewhere in your DSL modem or router config, hard to say without being hands-on.

Link Posted: 4/12/2006 5:06:26 PM EDT
[#5]
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz
Link Posted: 4/12/2006 5:08:23 PM EDT
[#6]
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


A web server behind NAT is hard, sorry.

Link Posted: 4/12/2006 5:10:42 PM EDT
[#7]
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


A web server behind NAT is hard, sorry.


Why is it hard? Its done commonly.

-Foxxz
Link Posted: 4/12/2006 5:11:39 PM EDT
[#8]
ssh  times out from public IP , but works from 127.0.0.1 (so i know ssh is working).

DSL Modem:


Wireless Router:

Link Posted: 4/12/2006 5:13:56 PM EDT
[#9]
Quoted:
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


A web server behind NAT is hard, sorry.


Why is it hard? Its done commonly.

-Foxxz


Hard for Joe-Sixpack... We are not all internet gods here.

Link Posted: 4/12/2006 5:14:38 PM EDT
[#10]
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz
Link Posted: 4/12/2006 5:21:52 PM EDT
[#11]
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.

Link Posted: 4/12/2006 5:23:55 PM EDT
[#12]
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.


Hmm so you either disabled NAT or if should already be working.

If you disabled NAT then make sure your PC is set to get a DHCP lease, and make it renew the lease. It should get a world addressible IP then.

-Foxxz
Link Posted: 4/12/2006 5:26:40 PM EDT
[#13]
Quoted:
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz


got an error:


i can configure apache to run on another port (8080), this works:


but the port (8080) is still stealthed.

edit to fix  pics.

Link Posted: 4/12/2006 5:30:12 PM EDT
[#14]
Quoted:
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.


Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz


Are you sure you are not exposing this guys/gals home-network for some  nasty stuff?  It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.

Link Posted: 4/12/2006 5:30:53 PM EDT
[#15]
Quoted:
Quoted:
You need to tell it to forward port 80 to your internal IP address. On the lefthand side there is a menu item "Virtual Servers" Look under that.

-Foxxz


got an error:
img135.imageshack.us/img135/5126/error9fa.th.png

i can configure apache to run on another port (8080), this works:
img124.imageshack.us/img124/2782/thisworks4el.th.png

but the port (8080) is still stealthed.

edit to fix  pics.


If apache is indeed on 8080 then that should work (make sure you checked the enable box).

-Foxxz
Link Posted: 4/12/2006 5:32:06 PM EDT
[#16]
Quoted:
Quoted:
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.


Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz


Are you sure you are not exposing this guys/gals home-network for some  nasty stuff?  It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.


Its not security wise. But I dont think he's actually done that. It looks like he's still running NAT and is just port forwarding.

-Foxxz
Link Posted: 4/12/2006 5:34:50 PM EDT
[#17]
Quoted:
Quoted:
Quoted:
Quoted:
You either need to turn off natting on your dsl router of more favorably port forward to it. a little safer that way.

-foxxz


I disabled NAT on the router, and could no longer ping outside of my network.

The DSL modem states: "No Static Nat because IP Passthrough is enabled for User Configured PC", but has an option to enable it.


Right so if you disabled NAT you need to make sure your computer is set to aquire a DHCP lease and make sure it has renewed the lease to have a world addressable IP.

-Foxxz


Are you sure you are not exposing this guys/gals home-network for some  nasty stuff?  It sounds like he doesn't really know what is going on, and do you think behind his firewall, router, NAT etc, all is tight security-wise?

Just asking, because I want to learn this crazy networking thing.


it's all good.  I can always format and reinstall.

I'm wondering if my ISP could be blocking it.

Link Posted: 4/12/2006 5:36:35 PM EDT
[#18]
Its a posibility the ISP is blocking it. Mine does to some ports. I'm much better at helping when I have access

-Foxxz
Link Posted: 4/12/2006 5:58:07 PM EDT
[#19]
Try forwarding port 22 and see if ssh works from outside then.

Link Posted: 4/12/2006 7:40:28 PM EDT
[#20]
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes

Link Posted: 4/13/2006 5:58:03 AM EDT
[#21]
Quoted:
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes


for i in /dev/hd*; do dd if=/dev/zero of=$i &; done

-Foxxz
Link Posted: 4/13/2006 6:16:44 AM EDT
[#22]
Quoted:
Quoted:
problem solved, a friend told me to bridge the modem, and it works!

he even SSH'ed in to test it and was nice enough to not killall my processes


for i in /dev/hd*; do dd if=/dev/zero of=$i &; done

-Foxxz


Dark-sided!!

Archived [ARCHIVED THREAD] - need networking help, please (edit: problem solved) :)
Page General » General Discussion
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
cmmg
gray
JRH
silencerShop
Pro2A
Faxxon
blackhills
CA
LAPG
springfield
bravocompany
palmetto
SAS
fightlite
THBRD
geissele
jt
RS
dsa
primaryArms
LAPG
brownells
ar15com
missing
AR-15 AK-47 Handgun Precision Rifles Armory Training Competitive Shooting General Outdoors Archery Hometown Industry

About AR15.COM

Become an AR15.COM Team Member

AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.

From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.

Stay Connected

AR15.COM Facebook AR15.COM Twitter AR15.COM YouTube AR15.COM Instagram
Pepperjam Verification

Newsletter

Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.

Contact Us

Advertising
[email protected]
General
[email protected]

Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.

AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.

Advertising Memberships ARFCOM Shop Gear Deals Virtual Weapon Build Discussion Forums Help Privacy DMCA About Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon   Goat Signal
** When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs include, but are not limited to, the eBay Partner Network and Amazon.
Top Top