1

I've got a Fedora server running Subversion and svnserve on port 3690. My repo is at /var/svn/project_name. I have my router forwarding port 3690 to the local server (as well as port 80, 21, 22 and a few others). When I connect locally to svn://192.168.0.2/project_name it works great. When I connect from an external server to svn://my.static.ip/project_name I get a time out connecting to the host. However, if I http://my.static.ip there is no problem, so port forwarding is working (at least for port 80).

I don't want to run WebDAV or svn via HTTP/s. I'd like it to work using svnserve, as documented in the svn book. What have I misconfigured?

EDIT Here is the last part of my iptables dump. I'm not an expert, but it looks OK to me:

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:svn
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:svn
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpts:6680:6699
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:6680:6699
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

EDIT 2 Results from sudo netstat -tulpn

tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      1455/svnserve
Tom Auger
  • 341
  • 2
  • 5
  • 14
  • 3
    Are you sure you want to use svnserve over the internet? Everything about the connection including authentication data is sent in clear text. – Shane Madden Jul 09 '12 at 16:28
  • Yes, quite sure. – Tom Auger Jul 09 '12 at 17:41
  • Alright. When you say access is working locally, do you mean from the server itself or another system on the local network? Any iptables rules set up on the server? What's it look like when you scan your external IP - is 22 connecting, or just 80? – Shane Madden Jul 09 '12 at 18:01
  • How about taking a tcpdump while checking out your project outside your local network? It will narrow the problem and reduce the amount of guessing. – thevilledev Jul 09 '12 at 18:04
  • @Shane Madden I can connect to the repo from any other computer on the LAN. This makes me think it's either a router issue, or something funky on the server configuration. – Tom Auger Jul 10 '12 at 15:02
  • @vtorhonen I don't think the external pull request even reaches my server, so running tcp dump on my server probably won't bring up anything useful. – Tom Auger Jul 10 '12 at 15:03
  • @TomAuger How about running it on the connecting client? How about iptables rules or connections to other open ports? – Shane Madden Jul 10 '12 at 16:43
  • @Shane Madden I don't have root access on the external server so tcpdump won't be accessible to me. – Tom Auger Jul 11 '12 at 13:50
  • @ShaneMadden iptables **looks** ok to me (see my edits, above), but then again I'm no expert. – Tom Auger Jul 11 '12 at 13:55
  • open up your router to allow all ports to forward, then test. If it works, it definitely is the router config/port forwarding. If you have the ability to gather the traffic logs and see which ports are actually being used, that could help you determine which ones you didn't allow through correctly. -- But honestly, why not connect over SSH first and then grab the repository? – TheCleaner Jul 11 '12 at 14:01
  • @TheCleaner I'll try setting the server to DMZ temporarily at the router, see if that does anything. In the meantime, how could I use an open SSH connection from the external server to the local server to checkout or update the repository? – Tom Auger Jul 11 '12 at 14:16
  • 2
    Tom, see here: http://queens.db.toronto.edu/~nilesh/linux/subversion-howto/ I'm not the expert though. I just know others here setup ours and we simply use svn+ssh:// to get to ours. It looks like there are tons of serverfault questions on SVN over SSH. – TheCleaner Jul 11 '12 at 14:23
  • @TheCleaner sorry, now I get what you mean - set up svnserve for svn+ssh. That may have to be an option. – Tom Auger Jul 11 '12 at 14:59

1 Answers1

0

In this case, it was the server itself (service provider: Bluehost.com) that is blocking port 3690 on their end. The solution was either to pay an additional $$ to have a static IP set up and then they could open that port, or to simply use svn+ssh to access, since SSH port 22 is already open.

Hope this is at least useful to anyone else experiencing this kind of issue from a shared hosting environment.

Tom Auger
  • 341
  • 2
  • 5
  • 14