Fedora Linux Support Community & Resources Center
  #1  
Old 25th April 2005, 12:32 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Accessing a local service from the net - proxy - firewall

Hi, I have a little issue :

i have an application running port 4080 that is accessible via http from localhost.

I would like to access this application from my office, where i access to the internet through a proxy.
So set up my app to accept connections from the proxy (public ip), and allowed incoming traffic to port 4080 from this proxy in iptables.

However I still cannot acces my application from my office's browser (http://my.domain.name:4080).
I have apache running port 443, has this something to deal with my issue?

what have I done wrong?

Best regards,
Reply With Quote
  #2  
Old 25th April 2005, 12:39 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
You need to do some port forwarding on this "proxy" or some other gateway router. The aim is to get traffic touching your external IP's port 4080 *passed on* to your machine's port 4080; unless your machine is directly connected to the Internet with its own public IP then the external IP's port 4080 is nothing to do with your machine's port 4080 by default.

Have a poke around in your gateway router config for "port forwarding".
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #3  
Old 25th April 2005, 01:32 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Thak your for your fast reply, indeed my machine directly accesses the internet with a public IP. I'll look further in order to set up a forwarding rule that touches localhost:4080.
Reply With Quote
  #4  
Old 26th April 2005, 12:13 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Hello back, i still encounter the same issue, cannot access port 480 from my office. I set up a rule in iptables that allows port 4080 from my office's proxy, doesn't work. So i change this rule from INPUT to FORWARD, still the same.
When i locally nmap localhost, i don't see port 4080 as open, however i can access my app in http://localhost:4080.
I also set up a rule in apache that maps a sub-directory from web-root to localhost:4080, still it doesn't work when tryin to access from office.

Has anyone an idea on how i can pass this out? I can provide config files extracts if needed.

Thanks and best regards,
Reply With Quote
  #5  
Old 26th April 2005, 12:32 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
The question arises... on which interfaces has your app bound itself

Please post the results of

netstat -plutn | grep 4080
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #6  
Old 26th April 2005, 12:40 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
'netstat -pultn|grep 4080' gives
tcp 0 0 0.0.0.0:4080 0.0.0.0:* LISTEN 6615/mlnet
Reply With Quote
  #7  
Old 26th April 2005, 12:46 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
Yep, looking good.

What exactly did you give for your iptables line to let the world see 4080?
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #8  
Old 26th April 2005, 01:29 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
i tried this rule :
-A INPUT -p tcp -m tcp --dport 4080 -s <authorized_ip> -j ACCEPT
or this one
-A INPUT -p tcp -m tcp --dport 4080 -j ACCEPT

.. maybe i missed something as i am quite new to iptables..
Reply With Quote
  #9  
Old 26th April 2005, 01:38 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
You don't need the -m tcp switch.

I would also change the -A to -I

Try that and nmap yourself again.
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #10  
Old 26th April 2005, 01:48 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Ok, done, still the same. Port 4080 not seen as open.
What are the effects of changing -A to -I ?

Thank you very much for your attention.
Reply With Quote
  #11  
Old 26th April 2005, 01:54 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
-I sticks the rule at the top of the chain, -A adds it at the bottom. If there was a rule in the chain that rejected everything, adding your rule below it with -A would mean it would have no effect.

When you say "not seen as open", what is it seen as? Closed? or just dropping traffic?

Is there any other firewall between the nmap machine and the guy who wants to open port 4080?
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #12  
Old 26th April 2005, 02:03 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Indeed with 'iptables -L' the rule is at top of chain.

I presume the port is seen as cloed by nmap.
Yes there is my office's firewall between my office's computer and my home FC3 firewalled firewall.
Would it be necessary that I gain access in output port 4080 from office?

Perhaps I can try to change my app's 4080 listening port to something standard?
Reply With Quote
  #13  
Old 26th April 2005, 02:08 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
Closed has a specific meaning, either that the firewall is set to REJECT, or that nothing is listening at this port. If the packet is being DROPped by the firewall, that's a different action altogether.

Quote:
Yes there is my office's firewall between my office's computer and my home FC3 firewalled firewall.
Gah!!! Yes it matters, your office firewall is dropping your port 4080 traffic, no matter that you are willing on the other side of it.

Which machine is running the port 4080 app? Your home machine or the machine at the office?

If it is the office machine, you need to set up a port forwarding on your office firewall: TCP 4080 incoming ---> Your machine's IP port 4080.
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
  #14  
Old 26th April 2005, 03:02 PM
syn Offline
Registered User
 
Join Date: Apr 2005
Posts: 20
no it's my home machine that hosts the application.
but as i want to get it via http://my.home.computer:4080, does my office computers goes out through port 4080 of the firewall? i would not think so, since errors i get on my browser when connecting to home computer are not generated by the office's squid,
Reply With Quote
  #15  
Old 26th April 2005, 03:04 PM
AndyGreen Offline
Registered User
 
Join Date: Apr 2005
Location: Northants, UK
Posts: 2,026
Okay, what is the setup at your home, your Fedora machine just goes straight out into the Internet or you have a router/firewall/gateway device?
__________________
Freelance RedHat Certified Engineer - http://northantsIT.com
Reply With Quote
Reply

Tags
accessing, firewall, local, net, proxy, service

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing SSH from behind a proxy server rbkool Servers & Networking 3 29th June 2007 11:15 AM
Yum behind firewall not proxy kmfrench Servers & Networking 6 9th August 2006 12:31 AM
Allowing accessing through Firewall for CVS Sunrunner Using Fedora 3 28th September 2005 05:18 AM
Firewall settings for accessing XP workgroup Chuck White Servers & Networking 7 29th June 2005 01:28 AM
Accessing a local area network kumarannair Servers & Networking 7 4th December 2004 02:25 AM


Current GMT-time: 17:20 (Thursday, 18-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Zmajevac Vidikovac - Applebee's | UNION 2 (JEFFERSON AVE) - Kings Beach Photos - I 85 North in South Carolina Travel Photos on Instagram