0

I need to open my webserver to internet. I have no idea whats wrong with my config but no ports opened to internet, and server does not respond to ping.

I have debian squeeze webserver with following interfaces:

eth0 - main internet connection
eth1 - connection by second ISP (for PPP) eth2 - guest VLAN
eth3 - local network
ppp0 - PPP connection with white IP

PPP coneection work nicely

root@gate:~# ping -I ppp0 -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 31.207.64.201 ppp0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=50 time=4.99 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.997/4.997/4.997/0.000 ms

But i have no responce from outer address

root@gate:~# ping -I eth0 -c 1 31.207.64.201
PING 31.207.64.201 (31.207.64.201) from 172.23.62.140 eth0: 56(84) bytes of data.

--- 31.207.64.201 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Nmap says my does not up

root@gate:~# nmap -T4 -e eth0 31.207.64.201

Starting Nmap 6.00 ( http://nmap.org ) at 2014-09-18 19:44 MSK
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.48 seconds

My iptables config

# flush tables
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X
iptables -X -t nat
iptables -X -t mangle

echo Old rules flushed

# allow lo
iptables -A INPUT -i lo                     -j ACCEPT
iptables -A INPUT -i eth1                   -j ACCEPT
iptables -A INPUT -i eth2 -s 192.168.8.0/23 -j ACCEPT
iptables -A INPUT -i eth3 -s 192.168.0.0/23 -j ACCEPT

iptables -A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i ppp0 -j ACCEPT

iptables -P OUTPUT ACCEPT

# Block vlan10 -> local traffic
iptables -A FORWARD -i eth2 -o eth3 -j DROP

# Allow transit packets
iptables -A FORWARD -i eth0 -o eth2 -d 192.168.8.0/23 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth3 -d 192.168.0.0/23 -j ACCEPT

iptables -A FORWARD -i eth2 -o eth0 -s 192.168.8.0/23 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -s 192.168.0.0/23 -j ACCEPT

iptables -P FORWARD DROP

# Enable NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/23 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.8.0/23 -o eth0 -j MASQUERADE


iptables -A INPUT -p udp --dport 1812 -j ACCEPT
iptables -A INPUT -p tcp --dport 1812 -j ACCEPT
iptables -A INPUT -p tcp --dport 1812 --syn -j ACCEPT

iptables -A INPUT -i ppp0 -j LOG --log-prefix "input tcp: "

iptables -P INPUT DROP

route output

root@gate:~# ip route
default via 172.23.62.129 dev eth0
10.0.0.1 dev ppp0  proto kernel  scope link  src 31.207.64.201
172.18.0.0/17 dev eth1  proto kernel  scope link  src 172.18.99.103
172.23.62.128/26 dev eth0  proto kernel  scope link  src 172.23.62.140
192.168.0.0/23 dev eth3  proto kernel  scope link  src 192.168.0.3
192.168.8.0/24 dev eth2  proto kernel  scope link  src 192.168.8.1

I have nginx listening port 80

root@gate:~# netstat -tlp | grep http
tcp        0      0 *:http                  *:*                     LISTEN      23453/nginx: master

You can see that I have tried to log packets incoming to ppp0, but I have nothing related in /var/log/messages while try to ping or scan with nmap

SQReder
  • 1
  • 1

1 Answers1

0

Regarding your query disable the firewall in your machine and check whether you are able to ping the server from the outer network. If you facing the ping issue then this might be due to Ip routing issue fir the DSN name. If you are able to ping the servers then flush the rules from iptables or UFW and check

BDRSuite
  • 400
  • 1
  • 9