ipcop support

community support forum
It is currently Wed Jun 19, 2013 2:07 pm

View unanswered posts | View active topics View unread posts


Board index » IPCop Software » IPCop & Servers

All times are UTC [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
joggienl
Unread postPosted: Wed Feb 08, 2012 4:52 pm 
New User

Joined: Wed Feb 08, 2012 4:37 pm
Posts: 2
Hello,

I have a question regarding to port forwarding under IPCOP v 2.0.2.

I have setup a machine with a RED / ORANGE / GREEN setup. RED has a static IP address to the Internet. ORANGE has been put under 10.1.0.1 and GREEN under 192.168.0.1.

In the ORANGE segment I'm running a httpd webserver (port 80) on 10.1.0.5. So I'm trying to allow outside visitors visit this website running on that webserver. By reading the IPCOP documentation and some threads here on this forum I tried to add a port forwarding rule. I choose to allow any address. Under "IPCop External Destination" I choose http (80) from the default services dropdown. Then for "Internal Destination" I choose ORANGE as my default interface, choose 10.1.0.5 as IP address and also choose http (80) from the default services dropdown.

After applying I noted that it didn't work. I did notice in the Firewall Logs a row saying "ANY ACCEPT" on wan-1 and the destination en Dst port showed the right parameters.

At the webserver the request did not arrive!

I really have no clue what I did wrong, so I'm hoping someone here can help me? Did I oversee something or made a mistake?

Thanks in advance!
Top
 Profile  
 
VonSkippy
Unread postPosted: Wed Feb 08, 2012 8:02 pm 
Site Moderator
User avatar

Joined: Sun Jun 06, 2004 3:38 am
Posts: 3756
Location: Colorado, USA
Moved to correct forum

//we REALLY need to close the BETA forum so that noobs don't stick things in it uselessly// - VS

_________________
For the 2.5^15th time :: Better Details = Better Answers
Top
 Profile  
 
weizen_42
Unread postPosted: Wed Feb 08, 2012 8:31 pm 
Expert

Joined: Sat Sep 23, 2006 11:23 am
Posts: 2321
Location: LDK | Hessen | Germany
Use tcpdump and wireshark to follow the packets.

_________________
Image

-=[ If you want answers: provide lots of information, including tiny details! ]=-
Top
 Profile  
 
joggienl
Unread postPosted: Thu Feb 09, 2012 10:11 am 
New User

Joined: Wed Feb 08, 2012 4:37 pm
Posts: 2
weizen_42 wrote:
Use tcpdump and wireshark to follow the packets.

I ran tcpdump and it showed me the result listed below:
Code:
21:45:20.502324 ARP, Request who-has 10.1.0.2 tell 10.1.0.1, length 28
21:45:20.502482 ARP, Reply 10.1.0.2 is-at 00:1b:21:4d:40:0d, length 46
21:45:20.502491 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900930635 ecr 0,sackOK,eol], length 0
21:45:21.520654 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900931657 ecr 0,sackOK,eol], length 0
21:45:22.524947 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900932658 ecr 0,sackOK,eol], length 0
21:45:23.530630 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900933658 ecr 0,sackOK,eol], length 0
21:45:24.634612 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900934747 ecr 0,sackOK,eol], length 0
21:45:25.737098 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900935836 ecr 0,sackOK,eol], length 0
21:45:27.846572 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 900937934 ecr 0,sackOK,eol], length 0
21:45:32.358796 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,sackOK,eol], length 0
21:45:40.871035 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,sackOK,eol], length 0
21:45:56.955469 IP 123.123.123.123.50326 > 10.1.0.2.80: Flags [S], seq 4202633727, win 65535, options [mss 1460,sackOK,eol], length 0
21:45:57.524752 IP 10.1.0.2.138 > 10.1.0.255.138: UDP, length 229
21:45:57.524812 IP 10.1.0.2.138 > 10.1.0.255.138: UDP, length 206
21:46:01.952288 ARP, Request who-has 10.1.0.2 tell 10.1.0.1, length 28
21:46:01.952430 ARP, Reply 10.1.0.2 is-at 00:1b:21:4d:40:0d, length 46

It looks to me that the 10.1.0.2 server doesn't reply? I'm no networking "specialist" so I'm not sure whether my interpretation is right...
Any ideas? I had this working in an other setting where I used just iptables statements to redirect to this server (and that worked fine).
Top
 Profile  
 
weizen_42
Unread postPosted: Thu Feb 09, 2012 5:43 pm 
Expert

Joined: Sat Sep 23, 2006 11:23 am
Posts: 2321
Location: LDK | Hessen | Germany
Your problem is the webserver, not IPCop.

_________________
Image

-=[ If you want answers: provide lots of information, including tiny details! ]=-
Top
 Profile  
 
up4fun
Unread postPosted: Fri Feb 10, 2012 2:53 am 
Pro User

Joined: Thu May 08, 2003 4:24 am
Posts: 3799
Location: London, UK
VonSkippy wrote:
//we REALLY need to close the BETA forum so that noobs don't stick things in it uselessly// - VS


Beta forum is now locked.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Board index » IPCop Software » IPCop & Servers

All times are UTC [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group