0

I want our webserver to be accessible from the outside world. We have a static IP - 176.35.XXX.XXX which is accessible when on the same network as the webserver, however times out externally.

When accessing this IP address externally I can see that some sort of connection is made to the webserver.

tcpdump -vvv -ni eth0 host 82.132.234.1

(82.132.234.1 is an external IP)

07:02:19.829368 IP (tos 0x0, ttl 52, id 21914, offset 0, flags [DF], proto TCP (6), length 60) 82.132.234.1.35140 > 192.168.2.1.http: Flags [S], cksum 0x176a (correct), seq 1704363497, win 14600, options [mss 1452,sackOK,TS val 3000815731 ecr 0,nop,wscale 9], length 0
07:02:19.829418 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 192.168.2.1.http > 82.132.234.1.35140: Flags [S.], cksum 0x799f (correct), seq 3334589114, ack 1704363498, win 14480, options [mss 1460,sackOK,TS val 2733074887 ecr 3000815731,nop,wscale 7], length 0
07:02:19.829536 IP (tos 0x0, ttl 255, id 42170, offset 0, flags [none], proto TCP (6), length 40) 82.132.234.1.35140 > 192.168.2.1.http: Flags [R.], cksum 0x717e (correct), seq 1, ack 1, win 14480, length 0

If I ping 8.8.8.8 from the webserver I get no response, which I'm assuming is the reason for the time out? netstat -rn returns the following:

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.16.1.9      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
172.16.0.0      172.16.1.9      255.255.255.0   UG        0 0          0 tun0
172.16.1.0      172.16.1.9      255.255.255.0   UG        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         192.168.2.2     0.0.0.0         UG        0 0          0 eth0

Any ideas on whats needed?

Lee
  • 101
  • 1
  • 3
    Your routing table shows only RFC 1918 private use address ranges and the link local range. You must configure either: **1)** some form of NAT to get internet acces for your server and vice versa, to allow the internet access to your server, or **2)** alternatively connect the system directly to the public internet with a public routable ip-address. – HBruijn Oct 06 '17 at 06:47
  • Thanks @HBruijn, I'm very new to this - can you point me to some further reading regarding point 1? I'm not sure what to search for. Thanks – Lee Oct 06 '17 at 06:54
  • Talk with you network administrator, but for some background: https://en.wikipedia.org/wiki/Network_address_translation – HBruijn Oct 06 '17 at 07:06
  • We don't really know your IT infrastructure. Can you give some more details? Like do you have a firewall? Is it the same as the DHCP server? That public IP is for everyone on the network or is it specifically given to you? – Bert Oct 06 '17 at 08:40

0 Answers0