web access fails (only) from my local network

Posted on 2001-08-12
Last Modified: 2010-03-18
after much ado, I am pleased to have my home network working lately.. an NT workstation, a W2K workstation, and a RH Linux 7.1 server/router connected to DSL.  I have configured ipchains to do the routing which, for the most part, works.

But there is one web site (I expect others, but we haven't run into them yet,) that will not
load on the client machines.  If I switch the
cables and configuration to eliminate the
router (connecting W2K or NT to the DSL modem
directly,) the site comes up fine.  The site is ""..

Any idea why this site gets stuck behind the router?  (not just their home page, but also direct links..)

Thanks, George
Question by:gljr
  • 4
  • 2
  • 2
  • +2

Expert Comment

ID: 6378684
How is your ipchains setup? Can you give me the hole script?

Expert Comment

ID: 6378852

The only thing I can guess is because there is re-direction going on from the home page that maybe causes a firefall problem (for example packets back from different address to that sent to) ....

This is the raw HTML of the home page :

HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Mon, 13 Aug 2001 07:13:51 GMT Connection: close Location: /default.asp?hm=on Content-Length: 139 Content-Type: text/html Cache-control: private  <head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?hm=on">here</a>.</body>

Does it make a difference if clients do :


Author Comment

ID: 6383902
fobzz, ifincham, thanks for your posts..

ipchains is set as
Policy=ACCEPT for inpupt/forward/output
forward rule="ipchains -A forward -j MASQ -s -i eth1"

it makes no difference if I reference the sub-page.

But since it seems plausible for this to be a firewall
problem, it seems odd to me that despite this "open firewall", I cannot connect via telnet or ftp from either internal or external clients...?

as always, your help is apreciated.


Expert Comment

ID: 6384369
Have you turned on ipforwarding? If there is a 0 in the file /proc/sys/net/ipv4/ip_forward then it will not route anything through it. Type:
echo 1 > /proc/sys/net/ipv4/ip_forward

And see if that sorts it? It's always the one that I forget to do.

Author Comment

ID: 6384607

Thank you for your interest, but it should be clear from the fact that ONLY 1 web site has this problem, that I have enabled IP forwarding (the command you suggested).
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.


Expert Comment

ID: 6384816
Are you using a proxy server squid or something?
Also could you try going to and Do these 2 work?
I am working on a similar problem too at the moment, but with iptables not ipchains. What version of the kernel are you on?

Author Comment

ID: 6384904

I have no problem going to either of the sites you mentioned.  And as far as your similar problem, I will be happy to review it, once you have posted a question.  If you don't mind, I'd like to keep this question focussed on the problem at hand.

Thanks, George

Accepted Solution

ifincham earned 50 total points
ID: 6385577

Interesting one this. I'm using ip masquerading but with iptables instead of ipchains and I can connect from a win98 client via RH7.1 masquerading to that site ( or or without any apparent problems. It uses IIS 5 and javascript but thats really irrelevant if it works by direct connection. Perhaps theres a timeout of some kind.

If you have a 2.4.x kernel and iptables you could always try iptables instead of ipchains and see if it makes any difference :

echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/modprobe ip_conntrack ip_conntrack_ftp
/sbin/modprobe ipt_LOG ipt_state
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s -j MASQUERADE

(If any problem with the modules just load them all via : '/sbin/insmod/lib/modules/2.4.2/kernel/net/ipv4/netfilter/*' - where 2.4.2 is your actual kernel as per 'uname -r'. )

It looks more complicated but the main difference is that iptables comes with lots of optional modules - so you need to load the ones you need first !

Anyway, clearly from what you say there is something different going on with the masqueraded connex compared to direct connection. If you were really interested you could try to log the transactions to and from their ip address, i.e. . If you're want to try this I'll give you the syntax...



Expert Comment

ID: 9078702
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Author Comment

ID: 9079973

I can't actually say if your answer works as I don't have this setup any longer.... but I figure your effort is worth the 50 pts.

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Layer 7 Transparent cookie checker 22 60
Linux DNS problems 23 351
Measure data download 2 92
Help needed with BIND9 DNS on Ubuntu. 22 92
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now