Problem accessing custom ports from outside of LAN


I installed today the Suse Enterprise Server 32-bit as a VM on a VMWare
ESXi server. Then:

  • I installed on it a product (IBM Rational Team Concert) that I
    configured to listen both on ports 14443 (https) and 14080 (http).
  • I assigned a fixed IP address to the Suse Enterprise server
  • I configured my router to forward the incoming request to ports 14443
    and 14080 to the SuSE server
  • I configured a dynamic domain name service to assign a specific
    domain name to my router IP public address

When, being local on the SuSE server, if I access the product using the
web browser pointing to a service running on port 14443; no probs. When,
being on another physical workstation connected to the same LAN as teh
SUSE server, trying to access the same service running on port 14443; if
I use the IP address of the server, it is ok. But as soon as I try to
connect to it using the public (Internet) address or URI of the router
(that should redirect requests) it fails. I’ve the impression the SuSE
server does not allow incoming requests on port 14443 or 14080 when
tehse request are relayed by the router. So, what should I do in order
to allow the SuSE sever accept incoming requests on these ports when the
source is not issued from 192.168.x.x (local) machine but instead from

Olivier Béghain


obeghain’s Profile:
View this thread:

Hash: SHA1

A machine getting requests via your router should not see them as coming
from the Internet but rather from the router itself so your suspicion
about it disliking Internet-sourced traffic should not apply. What may
apply is a DNS issue; you explicitly mentioned another machine on your
LAN could access these ports via IP address but did not mention DNS or
hostname; if DNS/hostname work that would be useful to know about, even
from within your LAN.

It may also be useful to know exactly how the service shows up in
netstat as a listening service. Let’s get the output of the following
commands from your server:

ip addr
ip route
grep -v ‘^#’ /etc/resolv.conf
netstat -planet | grep 'LISTEN ’

Testing the ports with netcat would also be useful from your other LAN

netcat -zv 14080 14443

Finally, if nothing else stands out after posting all of that we may
want to see how tcpdump sees things differently depending on the connection:

sudo /usr/sbin/tcpdump -n -s 0 -i eth0 port 14080 or port 14443

One suspicion I have is that your router was told to forward to a DNS
name rather than an IP address and if that DNS name does not resolve to
the IP address within your network then anything coming through the
router will fail, while accessing it from the LAN by IP address will
work as you described.

Good luck.

Want to yell at me in person?
Come to BrainShare 2011 in October:
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla -



  • I assigned a fixed IP address to the Suse Enterprise server
  • I configured my router to forward the incoming request to ports
    14443 and 14080 to the SuSE server[/color]
    Did you assign your router LAN address as the default gateway for Suse
    This is the most common problem with port forwarding, because your Suse
    server will send its reply for packets with internet addresses to
    default gateway.


andy_s’s Profile:
View this thread: