Saturday, December 6, 2014

apache 2.2 - Port forwarding not working properly



I'm trying to host a small web server from my home network; however, I have not been able to successfully port forward ports to the local server. My current network topology looks like this:



Cable Modem/Router -> Secondary Wireless Router -> Many computers (including server)



The modem/router I'm using is a Cisco (Scientific Atlantic) DPC2100, provided by my ISP. The wireless router that I'm using as the central hub to my home network is a Linksys E3000. The computer being used as a server is running Ubuntu 10.04 Server Edition. The main issue is that I can't access the server remotely, using my WAN IP address. I have port forwarded my wireless router; however, I believe that I need to somehow set my modem to bridge mode. As far as I can tell though, this isn't possible.




Here are the various IP address settings:



DPC2100



WAN: 69.xxx.xxx.xxx
Internal IP: 192.168.100.1
Internal Network: 192.168.7.0



E3000



IP Address: 192.168.7.2
Gateway: 192.168.7.1
Internal IP: 192.168.1.1
Internal Network: 192.168.1.0


Server




IP Address: 192.168.1.123
Gateway: 192.168.1.1


Now I can do an nmap at various nodes, and here are the results (from the server):
nmap localhost: 22,25,53,80,110,139,143,445,631,993,995,3306,5432,8080 open
nmap 192.168.7.2: 22,25,80 (filtered),110,139,445 open (ports I have forwarded in the E3000)*
nmap 69.xxx.xxx.xxx: 1720 open



**For some reason, I can SSH into the server at 192.168.7.2, but not view the website.*



Here are also some other settings:




/etc/hosts/



127.0.0.1       localhost
127.0.1.1       servername
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters



/etc/apache2/sites-available/default snippet




        DocumentRoot /srv/www/
        
                Options FollowSymLinks
                AllowOverride None
        
        

                ...
        
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        
                ...
        
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
    Alias /doc/ "/usr/share/doc/"

    
        ...



Let me know if you need any other information; some stuff probably slipped my mind.


Answer



You need to forward all ports (or at least the ones you want thru to your server) from the public port on the DPC2100 to the E3000.




But, is there a reason why you want TWO NAT-levels? If you can live with the E3000 just being an "antenna" for your local network, you can turn of its DHCP server, and connect the DPC to one of its LAN ports.



NAT = hassle, and two levels = more hassle...


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...