Re: forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2004-05-18 at 11:12, alucard@xxxxxxxxx wrote:
> > Although it probably did, are you sure nmap scanned port 8080? How about
> > nmap -sT -p 8080 10.73.219.156
> >
> > I would then trace both the wire and the iptables rules to find out
> > where it is breaking - John
> 
> Yes, it filters now but now it seems that the problem is in the 2nd server
> because I try to telnet to server 1's 8080 port and I get no response. Is
> it any missconfiguration on the router? take a look at this:
> ----
> root@mail:~# nmap -sT -p 8080 10.73.219.156
> 
> Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-05-18 11:06 VET
> Interesting ports on mail.aeropostal.com.ve (10.73.219.156):
> PORT     STATE    SERVICE
> 8080/tcp filtered http-proxy
> ----
> 
> the webserver in server 2 is working perfectly but im not able to reach it
> from server one, look at this in server 2, maybe im doing something wrong
> 
> [root@linserv root]# route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
> 10.73.216.0     *               255.255.252.0   U     0      0        0 eth0
> 169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
> 127.0.0.0       *               255.0.0.0       U     0      0        0 lo
> default         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
<snip>
At first glance, the routing looks correct but I hope you are not trying
to access the web server from the Linux box.  You will have more
accurate results if you try to access through it.
If you try to telnet from the Linux box, you may find it uses a source
address of 10.73.219.156. The web server will then try to respond out
interface eth0.  I believe there is an option to override the source
port of telnet - -b I think.  You will also need to ensure that nothing
is interfering in the INPUT and OUTPUT chains.  I would suggest testing
through the Linux Box rather than from it - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@xxxxxxxxxxxxx
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux