Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


web access fails (only) from my local network

Posted on 2001-08-12
Medium Priority
Last Modified: 2010-03-18
after much ado, I am pleased to have my home network working lately.. an NT workstation, a W2K workstation, and a RH Linux 7.1 server/router connected to DSL.  I have configured ipchains to do the routing which, for the most part, works.

But there is one web site (I expect others, but we haven't run into them yet,) that will not
load on the client machines.  If I switch the
cables and configuration to eliminate the
router (connecting W2K or NT to the DSL modem
directly,) the site comes up fine.  The site is "www.realtor.com"..

Any idea why this site gets stuck behind the router?  (not just their home page, but also direct links..)

Thanks, George
Question by:gljr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2

Expert Comment

ID: 6378684
How is your ipchains setup? Can you give me the hole script?

Expert Comment

ID: 6378852

The only thing I can guess is because there is re-direction going on from the home page that maybe causes a firefall problem (for example packets back from different address to that sent to) ....

This is the raw HTML of the home page :

HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Mon, 13 Aug 2001 07:13:51 GMT Connection: close Location: /default.asp?hm=on Content-Length: 139 Content-Type: text/html Cache-control: private  <head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?hm=on">here</a>.</body>

Does it make a difference if clients do :



Author Comment

ID: 6383902
fobzz, ifincham, thanks for your posts..

ipchains is set as
Policy=ACCEPT for inpupt/forward/output
forward rule="ipchains -A forward -j MASQ -s -i eth1"

it makes no difference if I reference the sub-page.

But since it seems plausible for this to be a firewall
problem, it seems odd to me that despite this "open firewall", I cannot connect via telnet or ftp from either internal or external clients...?

as always, your help is apreciated.

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 6384369
Have you turned on ipforwarding? If there is a 0 in the file /proc/sys/net/ipv4/ip_forward then it will not route anything through it. Type:
echo 1 > /proc/sys/net/ipv4/ip_forward

And see if that sorts it? It's always the one that I forget to do.

Author Comment

ID: 6384607

Thank you for your interest, but it should be clear from the fact that ONLY 1 web site has this problem, that I have enabled IP forwarding (the command you suggested).

Expert Comment

ID: 6384816
Are you using a proxy server squid or something?
Also could you try going to www.jungle.com and www.btinternet.com. Do these 2 work?
I am working on a similar problem too at the moment, but with iptables not ipchains. What version of the kernel are you on?

Author Comment

ID: 6384904

I have no problem going to either of the sites you mentioned.  And as far as your similar problem, I will be happy to review it, once you have posted a question.  If you don't mind, I'd like to keep this question focussed on the problem at hand.

Thanks, George

Accepted Solution

ifincham earned 100 total points
ID: 6385577

Interesting one this. I'm using ip masquerading but with iptables instead of ipchains and I can connect from a win98 client via RH7.1 masquerading to that site (http://www.realtor.com or http://lib.realtor.com or without any apparent problems. It uses IIS 5 and javascript but thats really irrelevant if it works by direct connection. Perhaps theres a timeout of some kind.

If you have a 2.4.x kernel and iptables you could always try iptables instead of ipchains and see if it makes any difference :

echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/modprobe ip_conntrack ip_conntrack_ftp
/sbin/modprobe ipt_LOG ipt_state
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s -j MASQUERADE

(If any problem with the modules just load them all via : '/sbin/insmod/lib/modules/2.4.2/kernel/net/ipv4/netfilter/*' - where 2.4.2 is your actual kernel as per 'uname -r'. )

It looks more complicated but the main difference is that iptables comes with lots of optional modules - so you need to load the ones you need first !

Anyway, clearly from what you say there is something different going on with the masqueraded connex compared to direct connection. If you were really interested you could try to log the transactions to and from their ip address, i.e. . If you're want to try this I'll give you the syntax...



Expert Comment

ID: 9078702
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Author Comment

ID: 9079973

I can't actually say if your answer works as I don't have this setup any longer.... but I figure your effort is worth the 50 pts.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question