Problem accessing custom ports from outside of LAN

Hello,

I installed today the Suse Enterprise Server 32-bit as a VM on a VMWare
ESXi server. Then:

  • I installed on it a product (IBM Rational Team Concert) that I
    configured to listen both on ports 14443 (https) and 14080 (http).
  • I assigned a fixed IP address to the Suse Enterprise server
  • I configured my router to forward the incoming request to ports 14443
    and 14080 to the SuSE server
  • I configured a dynamic domain name service to assign a specific
    domain name to my router IP public address

When, being local on the SuSE server, if I access the product using the
web browser pointing to a service running on port 14443; no probs. When,
being on another physical workstation connected to the same LAN as teh
SUSE server, trying to access the same service running on port 14443; if
I use the IP address of the server, it is ok. But as soon as I try to
connect to it using the public (Internet) address or URI of the router
(that should redirect requests) it fails. I’ve the impression the SuSE
server does not allow incoming requests on port 14443 or 14080 when
tehse request are relayed by the router. So, what should I do in order
to allow the SuSE sever accept incoming requests on these ports when the
source is not issued from 192.168.x.x (local) machine but instead from
Internet?

Regards,
Olivier Béghain


obeghain

obeghain’s Profile: http://forums.novell.com/member.php?userid=117916
View this thread: http://forums.novell.com/showthread.php?t=446393

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A machine getting requests via your router should not see them as coming
from the Internet but rather from the router itself so your suspicion
about it disliking Internet-sourced traffic should not apply. What may
apply is a DNS issue; you explicitly mentioned another machine on your
LAN could access these ports via IP address but did not mention DNS or
hostname; if DNS/hostname work that would be useful to know about, even
from within your LAN.

It may also be useful to know exactly how the service shows up in
netstat as a listening service. Let’s get the output of the following
commands from your server:

ip addr
ip route
grep -v ‘^#’ /etc/resolv.conf
netstat -planet | grep 'LISTEN ’

Testing the ports with netcat would also be useful from your other LAN
machine:

netcat -zv ip.address.goes.here 14080 14443

Finally, if nothing else stands out after posting all of that we may
want to see how tcpdump sees things differently depending on the connection:

sudo /usr/sbin/tcpdump -n -s 0 -i eth0 port 14080 or port 14443

One suspicion I have is that your router was told to forward to a DNS
name rather than an IP address and if that DNS name does not resolve to
the IP address within your network then anything coming through the
router will fail, while accessing it from the LAN by IP address will
work as you described.

Good luck.


Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOkhWHAAoJEF+XTK08PnB5iMMP/i8NWNf1UuD1Bx6MO5E1xTnK
tW2j/cFU8FLvWwD2IEjd92rrUIDCw0i1yfI1HqX6PxTs9qg1OndIct4eyAvVUEO4
y2So9yRF/Nn2DU5o/G4JxI0N1OgkjU7CP/FKIKoufx9Nve34IRg4ceX69YfA/HLL
7o0vz48ox2aGvoBHWz+2OPP76OpJamZ5PFI0m4n/HOHsjWtP/uqXStKtMfkQabbX
Hau/Htrw4kPVHWagZrLlCyOoEKkoHNc2LMfex02ytm2f7Mm6kubLje2u6VocdUSU
of7Enzfy+zCNN0sLj70YcVmwULyXDNJB2oozN2GkQR3rQ1hMiJCKBwjQJrUPLPmm
ciu26GmdOqGAo0wDi58x9QtrsziN7ZCpHoaV0ndBSqT8Auz/w3ws9Ljk4OnO+vnZ
MfHuCaaFfe6pK6BMozI6LmiIrzecsHsBvtyXAQtgEgusf2FRgKtuUOFbPH1slAJF
XMU0TSsMVsfiHb7LcGTpBqf/0jk3HVfoTh0R+PrlVsxCoK0LMP3Mwi6qSQmUEoMT
yntQAKhgTjRcCK3R7GgST5u7JPafVcZcZFEIRoaJiXlxgRjsTTrLk2qoIefz4O6z
MT7gK9CtBZ4+0F7jI2huRD59GGtyA8YRVdn8QPYdyp27r9K+H3UiiPNZIsinTpEo
SGd8AnGDmNNOMyUTFU0E
=LFTJ
-----END PGP SIGNATURE-----

[color=blue]

  • I assigned a fixed IP address to the Suse Enterprise server
  • I configured my router to forward the incoming request to ports
    14443 and 14080 to the SuSE server[/color]
    Did you assign your router LAN address as the default gateway for Suse
    server?
    This is the most common problem with port forwarding, because your Suse
    server will send its reply for packets with internet addresses to
    default gateway.


andy_s

andy_s’s Profile: http://forums.novell.com/member.php?userid=67489
View this thread: http://forums.novell.com/showthread.php?t=446393