[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

web access fails (only) from my local network

after much ado, I am pleased to have my home network working lately.. an NT workstation, a W2K workstation, and a RH Linux 7.1 server/router connected to DSL.  I have configured ipchains to do the routing which, for the most part, works.

But there is one web site (I expect others, but we haven't run into them yet,) that will not
load on the client machines.  If I switch the
cables and configuration to eliminate the
router (connecting W2K or NT to the DSL modem
directly,) the site comes up fine.  The site is "www.realtor.com"..

Any idea why this site gets stuck behind the router?  (not just their home page, but also direct links..)

Thanks, George
0
gljr
Asked:
gljr
  • 4
  • 2
  • 2
  • +2
1 Solution
 
fobzzCommented:
How is your ipchains setup? Can you give me the hole script?
0
 
ifinchamCommented:
Hi,

The only thing I can guess is because there is re-direction going on from the home page that maybe causes a firefall problem (for example packets back from different address to that sent to) ....

This is the raw HTML of the home page :

HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Mon, 13 Aug 2001 07:13:51 GMT Connection: close Location: /default.asp?hm=on Content-Length: 139 Content-Type: text/html Cache-control: private  <head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?hm=on">here</a>.</body>

Does it make a difference if clients do :

http://www.realtor.com/default.asp?hm=on

Rgds
0
 
gljrAuthor Commented:
fobzz, ifincham, thanks for your posts..

ipchains is set as
Policy=ACCEPT for inpupt/forward/output
forward rule="ipchains -A forward -j MASQ -s 192.168.1.0/24 -i eth1"

it makes no difference if I reference the sub-page.

But since it seems plausible for this to be a firewall
problem, it seems odd to me that despite this "open firewall", I cannot connect via telnet or ftp from either internal or external clients...?

as always, your help is apreciated.

George
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
BoringCommented:
Have you turned on ipforwarding? If there is a 0 in the file /proc/sys/net/ipv4/ip_forward then it will not route anything through it. Type:
echo 1 > /proc/sys/net/ipv4/ip_forward

And see if that sorts it? It's always the one that I forget to do.
0
 
gljrAuthor Commented:
Boring,

Thank you for your interest, but it should be clear from the fact that ONLY 1 web site has this problem, that I have enabled IP forwarding (the command you suggested).
0
 
BoringCommented:
Sorry,
Are you using a proxy server squid or something?
Also could you try going to www.jungle.com and www.btinternet.com. Do these 2 work?
I am working on a similar problem too at the moment, but with iptables not ipchains. What version of the kernel are you on?
0
 
gljrAuthor Commented:
Boring,

I have no problem going to either of the sites you mentioned.  And as far as your similar problem, I will be happy to review it, once you have posted a question.  If you don't mind, I'd like to keep this question focussed on the problem at hand.

Thanks, George
0
 
ifinchamCommented:
Hi,

Interesting one this. I'm using ip masquerading but with iptables instead of ipchains and I can connect from a win98 client via RH7.1 masquerading to that site (http://www.realtor.com or http://lib.realtor.com or http://206.131.171.11) without any apparent problems. It uses IIS 5 and javascript but thats really irrelevant if it works by direct connection. Perhaps theres a timeout of some kind.

If you have a 2.4.x kernel and iptables you could always try iptables instead of ipchains and see if it makes any difference :


echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/modprobe ip_conntrack ip_conntrack_ftp
/sbin/modprobe ipt_LOG ipt_state
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 172.16.16.0/24 -j MASQUERADE


(If any problem with the modules just load them all via : '/sbin/insmod/lib/modules/2.4.2/kernel/net/ipv4/netfilter/*' - where 2.4.2 is your actual kernel as per 'uname -r'. )

It looks more complicated but the main difference is that iptables comes with lots of optional modules - so you need to load the ones you need first !

Anyway, clearly from what you say there is something different going on with the masqueraded connex compared to direct connection. If you were really interested you could try to log the transactions to and from their ip address, i.e. 206.131.171.11 . If you're want to try this I'll give you the syntax...


Regards


0
 
CleanupPingCommented:
gljr:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
gljrAuthor Commented:
ifincham,

I can't actually say if your answer works as I don't have this setup any longer.... but I figure your effort is worth the 50 pts.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now