Tech Geekery Inside (Linux server, unable to connect via remote) - Miata Turbo Forum - Boost cars, acquire cats.

Welcome to Miataturbo.net   Members
 


Gaming Discuss to your nerdy heart's content

Reply
 
 
 
LinkBack Thread Tools Search this Thread
Old 09-13-2012, 04:23 AM   #1
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default Tech Geekery Inside (Linux server, unable to connect via remote)

So, I've had various Linux servers running on this network for years. Since several people on here claim to be big Linux geeks, let's see if any of you can come up with things I've missed.

Recently, I've had a previous server running, but between a recent ISP change (A local ISP bought my old ISP out...), plus due to a few other factors (Moving...), my personal server's been down during this ISP change.

Everything is the gorramn same on my network. I've gone so far as to DMZ my Linux server. It's running a stock Ubuntu 12.04 Server install with webmin, LAMP, Java/gcc/g++/make/etc., and Samba.

I can ssh, connect via http/ftp/sftp/whatever perfectly fine if I'm in the local network. But as soon as I do any kind of remote connection, even from computers in the local network to my DynDNS host redirect or even directly connecting to my WAN IP address (Remember, it's DMZ'd, so it should be fine).... I get "connection timed out", as if the thing was behind my router and wasn't DMZ'd/et al'd.

At this point, I'm stumped. iptables even returns a standard setup. I want to start pointing fingers at this new ISP blocking any remote connections or something, because port forwarding doesn't work, virtual servers don't work, DMZ does not work, and it's a stock gorramn Ubuntu install that I just finished installing a little bit ago. Here's the kicker - ping works fine. The server responds to any ping from anything anywhere fine.

Thoughts? I'm freaking stumped after struggling with this most of the day. My hunch is that it is related to some obscure change in 12.04 that I missed/fatfingered or it Really Is just my retarded ISP.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 04:33 AM   #2
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

Too few details. DSL/Cable? Which router? Do you have a static or dynamic IP? What private subnet are you using? How many eth interfaces on the linux server? A topology diagram would help.
Reverant is offline   Reply With Quote
Old 09-13-2012, 10:46 AM   #3
mkturbo.com
iTrader: (24)
 
shuiend's Avatar
 
Join Date: May 2006
Location: Charleston SC
Posts: 13,775
Total Cats: 1,106
Default

What happens if you turn off iptables on the ubuntu server and try to connect?
shuiend is offline   Reply With Quote
Old 09-13-2012, 11:27 AM   #4
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

You mean flush the tables and set the default policy to ACCEPT?
Reverant is offline   Reply With Quote
Old 09-13-2012, 11:49 AM   #5
mkturbo.com
iTrader: (24)
 
shuiend's Avatar
 
Join Date: May 2006
Location: Charleston SC
Posts: 13,775
Total Cats: 1,106
Default

Quote:
Originally Posted by Reverant View Post
You mean flush the tables and set the default policy to ACCEPT?
I mean that would work to. I am just semi lazy and "#service iptables stop" test connection then "#service iptables start" would work. By no means is that the most secure way to do it, but it should work. I also have not spent to much time using Ubuntu as a server. I am mostly a RHEL guy so there might be a few differences.
shuiend is offline   Reply With Quote
Old 09-13-2012, 01:57 PM   #6
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by Reverant View Post
Too few details. DSL/Cable? Which router? Do you have a static or dynamic IP? What private subnet are you using? How many eth interfaces on the linux server? A topology diagram would help.
Neither, fiber. Dlink DIR-655V2. Dynamic, hence dynDNS. 192.168.0.* (LAN only network) and 192.168.1.* (WAN-connected network, the Linux server is only hooked up to this). One eth interface.

Topology is basically "Connect Linux server to router. Connect Router to internet".

Quote:
Originally Posted by Reverant View Post
You mean flush the tables and set the default policy to ACCEPT?
It is set that way already.

Quote:
Originally Posted by shuiend View Post
I mean that would work to. I am just semi lazy and "#service iptables stop" test connection then "#service iptables start" would work. By no means is that the most secure way to do it, but it should work. I also have not spent to much time using Ubuntu as a server. I am mostly a RHEL guy so there might be a few differences.
Already tried that. First thing I tried in fact, SHOES!

Thanks guys. Still stumped, I'm baffled and confused. I've been setting up Linux servers for a longer time then most would believe, and Ubuntu from 9.x to 11.10 worked perfect for me. This new server running 12.04 is blowing chunks for me so far though. What baffles me is that the connection is /timing out/ instead of being refused. If I un-DMZ/un-port forward/etc. everything, it just results in connection refused at the router itself.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 02:59 PM   #7
Elite Member
iTrader: (9)
 
Saml01's Avatar
 
Join Date: Jul 2007
Location: NYC
Posts: 5,730
Total Cats: 2
Default

Port forwarding seems like your problem. Are you using a new router or now two routers?
Saml01 is offline   Reply With Quote
Old 09-13-2012, 03:05 PM   #8
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by Saml01 View Post
Port forwarding seems like your problem. Are you using a new router or now two routers?
I have an Ubuntu 11.10 box acting as a router for my internal (LAN-only) network.

The external (WAN) network is the D-link, the new server shouldn't be affected by the LAN-only network in any way, shape, or form. It is not connected or otherwise touching my internal network. Notable note: Once I get this server working properly, it's replacing the D-link as a router for my WAN network.

I've gone so far as to disable port forwarding and just enable the DMZ, Sam. The second it was DMZ'd, that should have ended any router-specific problems.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:09 PM   #9
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

Traceroute from outside and see where the hops stop.
Reverant is offline   Reply With Quote
Old 09-13-2012, 03:14 PM   #10
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

1 75.125.232.57 (75.125.232.57) 0.509 ms 0.642 ms 0.571 ms
2 te1-4.dsr01.hstntx1.networklayer.com (207.218.223.5) 0.583 ms 0.448 ms 0.367 ms
3 po16.dsr02.hstntx2.networklayer.com (70.87.253.105) 0.907 ms 0.783 ms 0.824 ms
4 ae17.bbr02.sr02.hou02.networklayer.com (173.192.18.238) 0.543 ms 0.691 ms 0.532 ms
5 ae3.bbr02.eq01.dal03.networklayer.com (173.192.18.220) 10.407 ms 10.294 ms
6 ae7.bbr02.eq01.dal03.networklayer.com (173.192.18.209) 8.017 ms 8.006 ms 7.887 ms
7 ae1.bbr01.cs01.den01.networklayer.com (173.192.18.139) 22.590 ms 22.541 ms 22.401 ms
8 six.(secret).com (206.81.80.173) 61.656 ms 60.327 ms
9 206.130.137.1.(secret).com (206.130.137.1) 55.700 ms 58.571 ms 57.624 ms
10 CC-3-DHCP-96.46.18.40.(secret).net (96.46.18.40) 61.643 ms 59.321 ms
11 CC-3-DHCP-96.46.18.40.(secret).net (96.46.18.40) 67.827 ms 63.317 ms 58.880 ms
12 CC-3-DHCP-96.46.18.40.(secret).net (96.46.18.40) 59.146 ms * 59.431 ms
13 CC-3-DHCP-96.46.18.40.(secret).net (96.46.18.40) 59.128 ms 67.484 ms 59.139 ms

Nothing drops, it responds correctly to both ping and a traceroute Rev.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:20 PM   #11
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

Does your router have an http interface, and can you connect to it from outside?
Reverant is offline   Reply With Quote
Old 09-13-2012, 03:24 PM   #12
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Yes, Yes if I enable remote management.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:34 PM   #13
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

That means that this particular port is left accessible by your upstream ISP. Shut down the remote management, and setup apache on your server on that particular port. Then setup portforwarding in your router, so that particular port is forwarded to your linux box. Test the apache from inside first, then outside.
Reverant is offline   Reply With Quote
Old 09-13-2012, 03:36 PM   #14
mkturbo.com
iTrader: (24)
 
shuiend's Avatar
 
Join Date: May 2006
Location: Charleston SC
Posts: 13,775
Total Cats: 1,106
Default

What does your hosts.allow and hosts.deny files say? Also what does "#ssh -vvv server" tell you when you try to connect?
shuiend is offline   Reply With Quote
Old 09-13-2012, 03:39 PM   #15
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by Reverant View Post
That means that this particular port is left accessible by your upstream ISP. Shut down the remote management, and setup apache on your server on that particular port. Then setup portforwarding in your router, so that particular port is forwarded to your linux box. Test the apache from inside first, then outside.
:80, :8080, :8181 are all blocked somewhere outside of my router if I enable remote management and direct it to those ports.

(Edit) I take it back. Inteeeresting, :8181 is not blocked now. Setting up a virtual server on port 8181 to forward to 80 on the new server.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:45 PM   #16
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Remote management enabled, set to port 80 or 8080: Timed out.

Remote management enabled, port 8181: Connects fine.

Port 8181, set as a virtual server to forward to port 80 on the new server: "Problem Loading Page, unable to connect". No longer timing out.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:48 PM   #17
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by shuiend View Post
What does your hosts.allow and hosts.deny files say? Also what does "#ssh -vvv server" tell you when you try to connect?
The hosts.allow and hosts.deny are all blank.

ssh -vvv server from a server remote to my network (SSH to remote server, to SSH back to the network) gives a (edit, correction) connection refused error.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:50 PM   #18
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

Timing out is an indication that packages are actively being droped somewhere. Where as a connection denied means that the host is replying that a service ia not setup on the server (unless of course the firewall is configures to REJECT rather than DROP).

Can you connect to 80 from localnet?
Reverant is offline   Reply With Quote
Old 09-13-2012, 03:51 PM   #19
Elite Member
Thread Starter
iTrader: (6)
 
blaen99's Avatar
 
Join Date: Sep 2010
Location: Seattle, WA
Posts: 4,112
Total Cats: 27
Default

Quote:
Originally Posted by Reverant View Post
Timing out is an indication that packages are actively being droped somewhere. Where as a connection denied means that the host is replying that a service ia not setup on the server (unless of course the firewall is configures to REJECT rather than DROP).

Can you connect to 80 from localnet?
The server works perfectly if I connect from my 192.168.1.* IPs.

The SQL server, apache, even my gorramn custom-written servers all connect perfectly. If, however, I use 96.46.21.149 to connect instead of 192.168.1.2 it all goes to ****.

Please remember that everything was set up identically two weeks ago and worked perfectly except for A) a new server box running 12.04 instead of 11.10 Ubuntu, and B) An ISP change due to being bought out. My router isn't either option. It hasn't changed since it worked perfectly with my setup 2 weeks ago.
blaen99 is offline   Reply With Quote
Old 09-13-2012, 03:55 PM   #20
Supporting Vendor
iTrader: (10)
 
Reverant's Avatar
 
Join Date: Jun 2006
Location: Athens, Greece
Posts: 5,440
Total Cats: 197
Default

I dont know about your router, but on mine if I hit my public IP from the inside, portforwarding works fine. Can you test portforwarding with a production server?
Reverant is offline   Reply With Quote
 
 
Reply

Related Topics
Thread Thread Starter Forum Replies Last Post
Project Gemini - Turbo Civic on the Cheap Full_Tilt_Boogie Build Threads 57 07-19-2017 05:11 PM
Another Cast Manifold Corky Bell Prefabbed Turbo Kits 18 11-22-2016 10:01 PM
OTS Bilstein to motorsports ASN conversion stoves Suspension, Brakes, Drivetrain 5 04-21-2016 04:00 PM
My solution for Oiltemp and Oilpressure input into Megasuirt (MS3) Zaphod MEGAsquirt 41 01-24-2016 01:25 PM
Bizarre connection issue? nick470 MEGAsquirt 1 09-30-2015 11:32 PM


Tags
joe perez

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 07:46 AM.