You are not logged in.

#1 2009-04-25 01:00:00

darthmalis
Member
Registered: 2009-04-16
Posts: 7

Networking For Dummies

I am trying to gain access to my computer (and hopefully my wifes Vista powered laptop) from anywhere in the world via OpenSSH, FTP, HTTP and whatever else strikes my fancy. I have been searching for days and still don't know where to start. I have a Zone at http://zoneedit.com and it points to my IP. I have a script to update my dynamic IP with them. But when I browse to that domain (or my public IP) My browser just trys to load forever and never gets anywhere. This only happens if I browse to a port that I have forwaded in my WRT54GL. Otherwise, I get a server not found error.

I am sure there is a good explanation of why my browser is not getting through some where on this forum or the Arch Wiki but everything I've read seems like it's a liitle bit more advanced than what I am trying to do. I don't know if I'm suposed to change rules in iptables as I'm not exactly trying to setup a firewall and I am not sure if it I have a firewall and just need to create exceptions. It may be something else entirely. (maybe my router?)

I would appreciate any help you guys can offer. Thanks in advance.


There's no place like ~.

Offline

#2 2009-04-25 01:58:46

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Networking For Dummies

Run this on your computer while you try to connect via HTP from outside;

tcpdump -lnn -i ethX port 80

Replace ethX with the correct interface (probably eth0)

This will identify if it is your router or your computer. If you see some output (apart from the headers of the program) then it' your computer. If you only get the headers of the program, then it's your router.

Offline

#3 2009-04-25 02:33:05

darthmalis
Member
Registered: 2009-04-16
Posts: 7

Re: Networking For Dummies

Thanks.

[joey@NCC-1701-E /]$ sudo tcpdump -lnn -i lan0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan0, link-type EN10MB (Ethernet), capture size 96 bytes
20:24:59.355573 IP 208.78.68.70.80 > 192.168.1.101.34606: Flags [S.], seq 1609563102, ack 2847992278, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS val 954821797 ecr 33986868,sackOK,eol], length 0
20:24:59.355590 IP 192.168.1.101.34606 > 208.78.68.70.80: Flags [.], ack 1, win 46, options [nop,nop,TS val 33986900 ecr 954821797], length 0
20:24:59.355620 IP 192.168.1.101.34606 > 208.78.68.70.80: Flags [P.], ack 1, win 46, options [nop,nop,TS val 33986900 ecr 954821797], length 106
20:24:59.465408 IP 208.78.68.70.80 > 192.168.1.101.34606: Flags [P.], ack 107, win 33304, options [nop,nop,TS val 954821908 ecr 33986900], length 259
20:24:59.465418 IP 192.168.1.101.34606 > 208.78.68.70.80: Flags [.], ack 260, win 54, options [nop,nop,TS val 33986933 ecr 954821908], length 0
20:24:59.465421 IP 208.78.68.70.80 > 192.168.1.101.34606: Flags [F.], seq 260, ack 107, win 33304, options [nop,nop,TS val 954821908 ecr 33986900], length 0
20:24:59.465483 IP 192.168.1.101.34606 > 208.78.68.70.80: Flags [F.], seq 107, ack 261, win 54, options [nop,nop,TS val 33986933 ecr 954821908], length 0
20:24:59.572911 IP 208.78.68.70.80 > 192.168.1.101.34606: Flags [.], ack 108, win 33303, options [nop,nop,TS val 954822016 ecr 33986933], length 0
20:25:00.248029 IP 192.168.1.101.34607 > 208.78.68.70.80: Flags [s], seq 2868335748, win 5840, options [mss 1460,sackOK,TS val 33987168 ecr 0,nop,wscale 7], length 0

I would assume this means it is my computer.

Does this tell me what I need to do?


There's no place like ~.

Offline

#4 2009-04-25 06:22:04

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Networking For Dummies

That actually shows that it's working properly... There is packets going both ways (ie, you initiate the connection, then your computer responds and a 2-way 'conversation' happens').

Does it work when you try to load it on your local comptuer (ie, not remotely)? Can you find any errors in your HTTP error logs?

Offline

#5 2009-04-25 09:23:28

darthmalis
Member
Registered: 2009-04-16
Posts: 7

Re: Networking For Dummies

Does it work when you try to load it on your local comptuer (ie, not remotely)?

If I browse to localhost:xxxx I can get to xampp if thats what you meam. But if I try my public IP or the domain name from the same machine, it does not work.

Can you find any errors in your HTTP error logs?

I checked my Apache error logs and there is nothing. I also looked in /var/log for any http errors and didn't find anything. Is there someplace else I should be looking?


There's no place like ~.

Offline

#6 2009-04-25 11:55:04

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Networking For Dummies

Perhaps a tcp wrapper issue -- have you looked in /etc/hosts.allow and /etc/hosts.deny?

What is the output of `iptables -nvL`?

Offline

#7 2009-04-25 12:26:23

Urfaust
Member
From: Germany
Registered: 2009-01-30
Posts: 164

Re: Networking For Dummies

You are trying to reach a service from your own network via your WAN-IP, is this correct? I think you have to enable NAT-Loopback in your router otherwise it won't work from your internal network. Have you tried to access your machine from another computer outside your internal network?

Offline

#8 2009-04-25 16:25:18

darthmalis
Member
Registered: 2009-04-16
Posts: 7

Re: Networking For Dummies

You are trying to reach a service from your own network via your WAN-IP, is this correct? Have you tried to access your machine from another computer outside your internal network?

Yes. I have tried it from work and I still get a server timeout error. I work for UPS and wonder if their network just didn't like mine or what. I will have a friend try from his home in a couple of hours and see if he can get to it. I will update then.

I think you have to enable NAT-Loopback in your router otherwise it won't work from your internal network.

Apparently My router doesn't support this. I searched Google and only found referances to third-party firmware. I even resorted to RTFM and found nothing on NAT loopback. This leads me wonder if I shouldn't install DD-WRT or OpenWRT. It seems like I may need something like this even if I have no need for NAT loopback other than for testing purposes. Does antbody have any advice related to this?

EDIT: Woops! I didn't read fukawi2s post.

Perhaps a tcp wrapper issue -- have you looked in /etc/hosts.allow and /etc/hosts.deny?

Ok I did have ALL: ALL: DENY in /etc/hosts.deny. That could have been the problem from work. I commented it out and tried it locally with the same results as before.

What is the output of `iptables -nvL`?

[joey@NCC-1701-E /]$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Last edited by darthmalis (2009-04-25 16:52:22)


There's no place like ~.

Offline

#9 2009-04-25 16:54:57

Urfaust
Member
From: Germany
Registered: 2009-01-30
Posts: 164

Re: Networking For Dummies

I also have a WRT54GL. I installed the tomato firmware and you can enable it there. I never tested open- or dd-wrt but I think it is more complicated to configure everything, search for the right version, web-gui etc....(no offend against *wrt users!). Though, tomato has some kind of a more restrictive license and not everything is released under the GPL. But maybe you want to give it a try...

Offline

#10 2009-04-25 17:12:26

Pudge
Arch Linux f@h Team Member
Registered: 2006-01-23
Posts: 300

Re: Networking For Dummies

First of all, shouldn't this be in the "Networking, Server, and Protection" section instead of Newbie Corner?

Second, you have never established exactly what service or daemon you are running and what port that service is listening on.  In the OP you talk about "OpenSSH, FTP, HTTP and whatever else strikes my fancy" and in a later post "I checked my Apache error logs and there is nothing"  Not really helpful for someone trying to assist you.

If you are trying to use HTTP then your Internet Service Provider MAY be blocking the ports associated with HTTP because most ISPs do not want you to be hosting a web site on what I am assuming is a residential ISP service.  Same goes for FTP.  Your ISP may be blocking the ports associated with FTP for the same reason.  They do not want you hosting a FTP server on residential ISP service.

The best way would be to utilize OpenSSH and use a tunnel.  The default port that ssh listens on is port 22.  All the crackers know that and you will be bombarded with login attempts on port 22.  Choose a port with a high number, such as 35231 and forward that port to the home computer you want to connect to.  Then set up ssh to listen on that port.  There is a WIKI page for setting up ssh tunnels.

Pudge

Edit:  You said you want to be able to access this computer from anywhere in the world.  If you do this, be sure to use really strong passwords, set up some RSA keys with ssh-keygen, and when ssh-keygen asks for a passphase, do use a passphrase and also make it a strong one.  Because your password and passphrase will be the only things keeping other people out of your computer.

Last edited by Pudge (2009-04-25 17:29:10)

Offline

#11 2009-04-25 18:06:37

darthmalis
Member
Registered: 2009-04-16
Posts: 7

Re: Networking For Dummies

Urfaust:

I will check out Toamto. However, I think I want to stick with something Linux based for educational purposes. But if Tomato totally rocks...

Pudge:

First of all, shouldn't this be in the "Networking, Server, and Protection" section instead of Newbie Corner?

I posted this in newbie corner because I have no experience with networking (other than sharing folders in XP/Vista) and felt that the questions I would be asking would be very noob. I apologize if this was not the correct approach. It wouldn't hurt my feelings if my post was moved.

Second, you have never established exactly what service or daemon you are running and what port that service is listening on.  In the OP you talk about "OpenSSH, FTP, HTTP and whatever else strikes my fancy" and in a later post "I checked my Apache error logs and there is nothing"  Not really helpful for someone trying to assist you.

Right now the only thing that is listening on any ports is XAMPP. I tried to be very general because I am trying to get some help with the first step: connecting to my computer from the outside world. I figure that once I can connect through one port, I would be better equipped to help myself with the rest of them. Again I apologize if this was not the correct approach. If SSH HTTP and others are all going to be very different and I need to focus only to begin with, I have only tried HTTP and that is probably the best place to start if you have any advice. I will however be trying OpenSSH this weekend.

The best way would be to utilize OpenSSH and use a tunnel.  The default port that ssh listens on is port 22.  All the crackers know that and you will be bombarded with login attempts on port 22.  Choose a port with a high number, such as 35231 and forward that port to the home computer you want to connect to.  Then set up ssh to listen on that port.  There is a WIKI page for setting up ssh tunnels.

I will try that. I am sure that the Amazing Arch Wiki can can get me where I need to be. I have already leaned a lot from it.

You said you want to be able to access this computer from anywhere in the world.  If you do this, be sure to use really strong passwords, set up some RSA keys with ssh-keygen, and when ssh-keygen asks for a passphase, do use a passphrase and also make it a strong one.  Because your password and passphrase will be the only things keeping other people out of your computer.

Thank you for the advice. I have no intention of leaving any ports open that I am not using. I just want to be able to give myself access when I am going somewhere that know I am could use it. I will definitely be reading a lot more about security while I get all of this set up so thank you for the suggestions.


There's no place like ~.

Offline

Board footer

Powered by FluxBB