CentOS Icon CentOS Logo
CentOS Text
   
  
www.centos.org Forum Index
   CentOS 6 - Networking Support
  Can' see any ports on external IP address

 

 Bottom   Previous Topic   Next Topic
  •  Rate Thread
      Rate this Thread
      Excellent
      Good
      Average
      Bad
      Terrible
Poster Thread
  •  TexasJJJJJ
      TexasJJJJJ
Can' see any ports on external IP address
#1
Newbie
Joined: 2012/6/2
From
Posts: 3
I am trying to config my machine so people on the outside world can access ports 80 and 25565(minecraft).

I have spent the better part of the afternoon googling and searching the forums, but so far no go.

Topology

ISP --> ARRIS TG852 (Cable Modem/Router combo) -+- wired connection --> to CentOS 6.2 box

I have port forwarding set up on the router.

Things I can do
- access the apache web server and minecraft from machines on the internal subnet 192.168.0.2.
- ping the public IP www.xxx.yyy.zzz

Things I can't do
- access the apache web server and minecraft from machines on www.xxx.yyy.zzz.

Other points of note.
godadday diagnostics thinks all is well
canyouseeme.org thinks ports 80 and 25565 are open and available.

SELinux is in permissive mode
The firewall has the proper ports open, but I have even tried turning iptables off with no change in behavior.
I have put my machine in the DMZ on the router with both iptables off and SELinux in permissive and still cannot access the ports

I have talked to both godaddy and ISP tech support and they believe all is fine.

I am out of ideas at this point.

Any ideas greatly appreciated.
Posted on: 2012/6/2 22:59
Create PDF from Post Print
Top
  •  vonskippy
      vonskippy
Re: Can' see any ports on external IP address
#2
Professional Board Member
Joined: 2006/12/30
From Colorado, USA
Posts: 472
You've provided no real networking info, yet you're asking a question about how to setup your network.

As a guess, I'd say you're not forwarding the correct ports from the modem's PUBLIC IP to your CentOS's PRIVATE IP.
Posted on: 2012/6/2 23:13
Create PDF from Post Print
Top
  •  TexasJJJJJ
      TexasJJJJJ
Re: Can' see any ports on external IP address
#3
Newbie
Joined: 2012/6/2
From
Posts: 3
Here's more info. Let me know what else would be useful

ifconfig
eth0      Link encap:Ethernet  HWaddr E4:11:5B:12:B3:81  
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::e611:5bff:fe12:b381/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5097600 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8078950 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:416818392 (397.5 MiB)  TX bytes:11758434815 (10.9 GiB)
          Interrupt:18


iptables
[root@tralfaz conf]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         state NEW udp dpt:5353 
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:631 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:631 
7    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:631 
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139 
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445 
12   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 
13   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25565 
18   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:4242 
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5902 
20   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination


SELinux
[root@tralfaz conf]# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_read_user_content --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off


portforwarding
Virtual Servers
 	Description	Inbound Port	Type	Private IP Address	Local Port
	Web443	        443-443	        TCP    	192.168.0.2      	443-443
	Web80	          80-80	        TCP   	192.168.0.2	          80-80
	Minecraft   	25565-25565	Both  	192.168.0.2	     25565-25565
Posted on: 2012/6/2 23:32
Create PDF from Post Print
Top
  •  TrevorH
      TrevorH
Re: Can' see any ports on external IP address
#4
Moderator
Joined: 2009/9/24
From Brighton, UK
Posts: 6560
Are you trying to access your own internal machines on their own external IP address? For example, on 192.168.0.3, going out through the same connection to the outside, you then try to access your own external IP address and get redirected to 192.168.0.2? If so then you probably cannot do that - it's what's called a hairpin connection and very few routers support such a thing. You'd need to test your external connection from a machine that didn't belong inside the same LAN and came from a different external source.
_________________
Linux/VoIP Systems Administrator
Posted on: 2012/6/2 23:43
Create PDF from Post Print
Top
  •  vonskippy
      vonskippy
Re: Can' see any ports on external IP address
#5
Professional Board Member
Joined: 2006/12/30
From Colorado, USA
Posts: 472
Quote:

TrevorH wrote:
it's what's called a hairpin connection and very few routers support such a thing.

That's the first time I heard it called "a hairpin connection" - I've always heard it called "NAT Reflection".

Ironically it's the open source firewalls (like PFSense) that support it. Cisco recommends using a split-DNS solution.
Posted on: 2012/6/3 0:02
Create PDF from Post Print
Top
  •  TexasJJJJJ
      TexasJJJJJ
Re: Can' see any ports on external IP address
#6
Newbie
Joined: 2012/6/2
From
Posts: 3
Thanks!
Posted on: 2012/6/3 1:41
Create PDF from Post Print
Top
 Top   Previous Topic   Next Topic

 

 You cannot start a new topic.
 You can view topic.
 You cannot reply to posts.
 You cannot edit your posts.
 You cannot delete your posts.
 You cannot add new polls.
 You cannot vote in polls.
 You cannot attach files to posts.
 You cannot post without approval.




"Linux" is a registered trademark of Linus Torvalds. | All other trademarks are property of their respective owners. | All other content is Copyright @ 2004-2009 by the CentOS Project or "each individual contributor (forums, comments, etc.) unless otherwise assigned".| Theme based on a theme by 7dana.com