Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web server access from internet: Why doesn't this work?

jasperf
Hi,

I am trying to figure out why I am not able to reach the web server behing my UTM9 (Home) Firewall. Everything appears to be setup correctly, but I keep receiving "...could not open the page because the server stopped responding." I can reach the web server internally, but when I try to reach it over the internet, it doesn't want to work.


My setup:

internet -> W723V (VDSL) -> UTM9.100.16 -> web server

Port forwarding is being done on the W723V and I am able to reach the webadmin without any problems. I'm probably missing something very small [:S] and it's frustrating.

The connection is reaching the webserver (see packets coming in using tcpdump on the webserver). I've tried practically every solution here in the portal without success :frown:.

Any help would be greatly appreciated.

THank you.

jasperf

Here is the NAT Rule

Position: 2
Rule Type: DNAT
Matching Condition
For traffic from: Any
Using service: HTTP
Going to: Freeman-Ext (WAN) (Address)
Action
Change the destination to: NASBD636B


And the service to: HTTP
Automatic Firewall rule NO
Comment:
Advanced
Log initial packets YES

The RULESET

ANY ->HTTP->WebServer

This is what I am seeing in the logs.

2013:06:06-16:36:26 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:26 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:27 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:29 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:29 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:30 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:30 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:33 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:36 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"
2013:06:06-16:36:38 JMFUTM9 ulogd[4989]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcip="192.168.1.13" dstip="98.240.173.93" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="80" dstport="34122" tcpflags="ACK SYN"


This thread was automatically locked due to age.
Parents
  • 0
    Thanks for the replies.

    I believe I tried using PPPoE on v8.*** and had problems with all of my wireless devices. When I set the DSL device to DSL Modem, none of the wireless devices could access the internet. Also, if I am not mistaken, I read somewhere, maybe here in the forum, that if I set the W723V to DSL Modem, then the WLAN would not be protected.

    At this time, since port forwarding is working on the DSL devices, I'm thinking about setting up a ruleset to allow access to the webserver and maybe using Web Server Protection.

    I just have to put on my 'investigative hat' and try things out. What I noticed in tcpdump is that the connection is coming in, but is being blocked when going out or the packets aren'T sure when to go.

    Anyway. I will continue experimenting.

    Greetings from Stuttgart.

    Jasperf
Reply
  • 0
    Thanks for the replies.

    I believe I tried using PPPoE on v8.*** and had problems with all of my wireless devices. When I set the DSL device to DSL Modem, none of the wireless devices could access the internet. Also, if I am not mistaken, I read somewhere, maybe here in the forum, that if I set the W723V to DSL Modem, then the WLAN would not be protected.

    At this time, since port forwarding is working on the DSL devices, I'm thinking about setting up a ruleset to allow access to the webserver and maybe using Web Server Protection.

    I just have to put on my 'investigative hat' and try things out. What I noticed in tcpdump is that the connection is coming in, but is being blocked when going out or the packets aren'T sure when to go.

    Anyway. I will continue experimenting.

    Greetings from Stuttgart.

    Jasperf
Children
No Data