Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't connect from OS world to local machine 1

Status
Not open for further replies.
franke

franke

Instructor
May 16, 2002
490
0
0
US
I have a small network with 5 static public IP addresses and connected to the internet thru a DSL line. I've set up one of the computers to accept telnet requests on port 23 via the /etc/inetd.conf file. All works fine internally. It also works it I telnet from the internet into the router and then telnet from the router to the local machine, however, when I telnet the public IP address directly I get no connection. As a further note, when I run tcpdump on the local machine, I see the request come in for the telnet session.

Sorry for the long story. I've just started working with FreeBSD. Any tips or pointers on where to start looking would be greatly appreciated.

Thanks in advance...

franke
 
Sort by date Sort by votes
franke,

Out of curiosity, those five computers should all have public IP addresses provided by your ISP, and not internal addresses provided by your router. Is that the case?

Also, is there a specific reason why you're using a router (whose purpose is to connect separate networks) instead of a hub (whose purpose is to connect segments of the same network)?

Wishdiak
 
Upvote 0 Downvote
Wishdiak,
Yes, SBC assigned us 5 public addresses. We will be using one for a web server and one for an email server. The router is used to covert the 'public' addresses provided by SBC to the 'private' addresses of our LAN. After a frustrating 2 days, I finally loaded an old copy of Windows NT on an equally old computer, along with Microsofts IIS, and shazaam, the default web page came right up, both internally and exteranaly (guess I'll have to give kudos to MS :( ), and responding only to ports 80 and 443 via the routers NAT tables. My guess is that I jazzed up the FreeBSD somehow in my fervor to feed my ego. As pennance, I've reloaded the FreeBSD from scratch and with a few modifications to the FAQ's posted on this forum, I got the PPoE to work (hurray). Now I've loaded the 'Postfix' email server package and will see if I can get it to respond both internally and externally to email requests.

I'm not sure where I messed up and being new to FreeBSD, I'm not familiar enough with the commands to test anything. If I can get the Postfix to work, I suppose I'll retry the Web server as I'd prefer to be running Apache rather than IIS.

franke
 
Upvote 0 Downvote
Perhaps you've already ifconfig'd everything, but it sounds to me like you need to put an entry in the routing tables. But if you can get into the box from the router, it sounds like the router may not know how to find your BSD box from the outside network, even though it knows where it is once you're inside your router.

`man ifconfig` to see all the options on setting up the routing tables on the freeBSD box -- there's quite a few.

And you might want to turn off telnet on an outside accessible box -- run openssh instead (in /usr/ports/security/openssh). You can get a Windows SSH client from (free non-commercial verison).
 
Upvote 0 Downvote
ducksoup,
Thanks for the advice and the link. I turned off the telnet option.

I actually ended up working on the web server first, though I thought it would be the most difficult, and it actually works. I am going bald, however, from all the head scratching.
Watching the logs, it's amazing how many people try to access area's they're not supposed to.

Any hoo, the mail server is next.

Thanks again.

franke
 
Upvote 0 Downvote
If you're getting hit hard and want to know more than /var/log is currently telling you, you may want to make snort ( out of the ports/security collection.

Be sure to shut down services like finger in /etc/inetd.conf too -- if black-hatters see those ports open, they will try to use them. I don't start any services from inetd, personally.
 
Upvote 0 Downvote
franke,

I'm sorry I dropped the ball back there...got a little busy with other things.

Is the router that you're using a NAT box or an appliance-type dedicated router? Portforwarding your router in either case shouldn't be that difficult, just be careful which ports you forward.

Wishdiak
 
Upvote 0 Downvote
Wishdiak,
Yes, it's a NAT router. I was able to map the public address, ports 80 and 443 to the local address of our web-server. At this point, all other incoming traffic should be blocked.

As I mentioned above, the next project is the email server.

Thanks for the input.

franke
 
Upvote 0 Downvote
franke,

I'm glad to hear that things are working out. You'll need to portforward TCP/UDP 25 to your mail server's private IP, and also TCP/UDP 110 if you want users to be able to pop their mail.



Wishdiak
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
113
spamjim
spamjim
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
74
Stephen_Hawk
Stephen_Hawk
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
51
kasperelectronics
kasperelectronics
malpa
  • Locked
  • Question
block incoming snmp traps from ip
Replies
1
Views
72
malpa
malpa
waydown
  • Locked
  • Question
Unable to connect to server
Replies
4
Views
86
RhythmAce
RhythmAce

Part and Inventory Search

Sponsor

Back
Top