Smoothwall may not be forwarding port 80

I'm not sure if this is a smoothie problem or not. We have smoothwall express 2.0 (fixes 7). On the red interface is an adsl router. On the orange interface is a hub with m/cs 172.24.0.x. We've setup port forwarding, port 22 to go to 172.24.0.19 and port 80 to 172.24.0.18. If I ssh to the i/p address given to us by our isp, I get to the "19" machine (file repository). However if I use a web browswer to access the i/p address I get a 504 error. If I logon to the "18" machine (web server), fire up a web browser and access localhost, up pops the web pages, so we know the the httpd daemon is running on the "18" box.

If I nmap the i/p address from the outside world I see PORT STATE SERVICE

22/tcp open ssh 80/tcp filtered http

which probably explains why the web site doesn't appear. There is no firewall on the webserver (iptables has no rules). Any ideas as to where we look to resolve the problem? I did try connecting another box on the network and running ethereal on it but this showed no packets, even when I did a successful ssh session; clearly ethereal is either lying or not capturing any packets.

Many thanks in advance.

-- Martin Woolley ICT Support Handsworth Grammar School Isis Astarte Diana Hecate Demeter Kali Inanna

Reply to
martin.woolley
Loading thread data ...

I'd suggest a systematic approach. The nmap result and the "Gateway Timeout" error suggest IMHO that either some router on your LAN is dropping the packets, or that the forwarding does not work correctly.

  1. Check on which interfaces it's listening (netstat -ntl) to make sure it's accessible on the public interface.
  2. Check the actual packet filter configuration (iptables -nL, iptables -t nat -nL, iptables -t mangle -nL) to make sure that it's really not the packet filter on the host itself. Keep the default policies in mind!
  3. Make a portscan from a host on the same network segment to check whether access from some other host is possible at all.
  4. Check the configuration of any router/firewall between the web server and your border router.
  5. Check the router/firewall configuration (port forwarding as well as filtering rules).
  6. Check your private DNS config. Maybe it's an internal name resolution issue.

I'd suspect that you made some mistake there, because ethereal should at least show the outgoing packets, even if there are no replies.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

If you're getting an HTTP status messages, it would seem that you're reaching the web server. Are your browser or firewall configured to use a proxy server, perchance?

-Gary

504 Gateway Timeout

The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.

Note: Note to implementors: some deployed proxies are known to return 400 or 500 when DNS lookups time out.

formatting link

Reply to
Gary

Thanks for your responses. I've fixed the problem. The ADSL router needs port forwarding enabled too. Did this and up popped the website. Lovely!

Reply to
martin.woolley

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.