0

I have an ubuntu box at a local IP behind an Arris router from my ISP. I've setup port forwarding on the router for port 80 such that it forwards TCP/UPD to the local IP of the ubuntu box.

However, I cannot telnet using the public IP, and I can't access apache's welcome page on ubuntu via the public IP. I can telnet to ubunut's local ip from my mac on port 80 and can ssh into it as well. I have also disabled the firewall on Ubuntu for testing, yet I'm still unable to access ubuntu via the public IP.

I have checked and port 80 is open on the public IP so is 22, but not 21.

Not sure where to go from here. Any advice?

Edit: The output of traceroute is as follows:

traceroute to 72.24.237.82 (72.24.237.82), 30 hops max, 60 byte packets
praha-4d-c1-vl55.masterinter.net (77.93.199.253)  0.499 ms  0.493 ms  0.544 ms
ae-5-5.car1.KansasCity1.Level3.net (4.69.135.229)  149.079 ms           
CABLEONE.car1.KansasCity1.Level3.net (4.53.32.30)  146.839 ms  146.722 ms
CABLEONE.car1.KansasCity1.Level3.net (4.53.32.30)  146.163 ms  146.822 ms *
* * *
* * *

Which I think means that CABLEONE.car1.KansasCity1.Level3.net is not allowing anything to get past it. But what does that mean exactly?

mgorven
  • 30,036
  • 7
  • 76
  • 121
Sam Hammamy
  • 189
  • 5
  • 17
  • Install a packet inspecting program like wireshark. Look to see if you can see incoming packets coming from the internet. See if you can see outgoing packets leaving the server. – ponsfonze Jul 27 '12 at 15:43
  • Your ISP may be blocking port 80 packets to your IP address. To test this try changing the forwarding port. Forward all port #### traffic to your server. Then access it in the web page www.mywebsite.com:#### – ponsfonze Jul 27 '12 at 16:13
  • the tracereoute above with the * means they are blocking the ICMP that traceroute uses, but if you do something like tcptraceroute to port 80, it completes fine .(lots of places block ICMP, for some odd reason) – Doon Jul 27 '12 at 19:02
  • If you are doing this testing from your internal network trying to connect to the external IP, you will likely need to modify your firewall to allow this kind of traffic. See the duplicate answer MadHatter refers to. – Rex Feb 21 '14 at 18:27

3 Answers3

3

Many routers don't support this sort of back-traversal.
(Connecting to the outside from a machine on the inside.)
That may be part of your problem.

Further more: For telnet you need port 23, 22 is SSH and 21 (together with 20) is FTP.

To check that the port-forwarding is actually working properly you can use something like ShieldsUp! (www.grc.com, Click on the ShieldUp! logo and on the next page it is in the "services" menu.)

Tonny
  • 6,252
  • 1
  • 17
  • 31
  • It appears that the IP address you listed is answering on both 80 and 22. A lot of devices cannot "hairpin" traffic as @tonny said. So you will only be able to access it via its external IP when you are outside your local network, from inside, you will need to use the internal address. – Doon Jul 27 '12 at 18:49
0

ICMP echo from outside to the router IP. You can use traceroute or ping to do that. If it reaches the router then check if the apache is running, if it listening on port 80.

netstat -patn

I think the problem might be in forwarding rule. it might be setup to the non-existing ip or to wrong port. I don't really see any other option.

Well to be honest i do not see the issue. I have just connected to the IP http: // 72 . 24.237.82/ and it is working totaly fine.

this is my request:

GET http:// 72 . 24 . 237 . 82 / HTTP/1.1
Host: 72.24.237.82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive

And this is the response from your server:

HTTP/1.1 200 OK
Date: Fri, 27 Jul 2012 18:40:44 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Fri, 27 Jul 2012 06:40:58 GMT
ETag: "5427ef-b1-4c5c9feaa5dc5"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 177
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>

Is it possible that you try to use the external IP address from whithin the network that you want to connect to? So is the router that you want to connect through the same that you are passing while connecting the internet? If so - this is impossible in many cases.

mnmnc
  • 203
  • 1
  • 8
-2

Have you tried to disable selinux? Or at least put it into permissive mode?

I find if i ever have an issue like this, the normal resolution is disabling selinux!

bob
  • 1