NeoRouter http://www.neorouter.com/forum/ |
|
Unable to Connect to Domain/External IP http://www.neorouter.com/forum/viewtopic.php?f=8&t=4377 |
Page 1 of 1 |
Author: | marks [ Sat Oct 02, 2010 1:16 pm ] |
Post subject: | Unable to Connect to Domain/External IP |
I have one last part of my NeoRoute install for which I need help. This is for a Tomato router server install using a Mac client locally. But first, I like to share the truly stupid things I've done to this point and solved in the hopes of helping someone else. Stupid Thing #1 - Tomato Router SSH Login It took me a bit to figure out how to ssh into my Tomato router. I found the setting to allow ssh within the lan at Tomato UI / Admin / Admin Access but kept trying to login with user 'admin'. Admin is used for the web interface. You have to login at root. ssh root@192.168.1.1 Stupid Thing #2 - Running NeoRouter Conifguration Explorer in Virtual Machine Since I couldn't ssh into my Tomato router I launched a virtual machine and ran the NeoRouter Configuration Explorer from there. This worked great in Parallels just remember to uninstall or shut it down or you have two servers running on your lan. After I discovered how to ssh into the router I no longer needed it. The CLI is very straightforward. Stupid Thing #3 - Old Port Forwards I previously had Hamachi installed and port forwarded to my main machine on port 32976. I saw it when I ran iptables -L in the router ssh session. Just a tip to double-check for old port forwards that may conflict with your new config. My Issue Now: I can connect to the internal IP (192.168.1.1) using the Mac client and a user I setup. I know nrserver is running, recognizes my users and authentication. I'm guessing this has something to do with the router config. I am not running an Apple firewall. I thought the Hamachi port forward was it but I still cannot connect to the Domain I established on the dashboard or via my external IP. Inbound connection logging is disabled. I'll copy my router ifconfig and iptables below. I'd appreciate any advice. Thanks. Code: # ifconfig
br0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:24372 errors:0 dropped:0 overruns:0 frame:0 TX packets:19502 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2655616 (2.5 MiB) TX bytes:5958068 (5.6 MiB) eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:90313 errors:0 dropped:0 overruns:0 frame:0 TX packets:25493 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9460252 (9.0 MiB) TX bytes:6888843 (6.5 MiB) Interrupt:4 Base address:0x1000 eth1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:34625 TX packets:1035 errors:11 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:360321 (351.8 KiB) Interrupt:2 Base address:0x5000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:706 errors:0 dropped:0 overruns:0 frame:0 TX packets:706 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:50983 (49.7 KiB) TX bytes:50983 (49.7 KiB) vlan0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:24383 errors:0 dropped:0 overruns:0 frame:0 TX packets:19502 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2753720 (2.6 MiB) TX bytes:6036076 (5.7 MiB) vlan1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:##.###.##.# Bcast:##.###.##.# Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:65926 errors:0 dropped:0 overruns:0 frame:0 TX packets:5991 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5080698 (4.8 MiB) TX bytes:852767 (832.7 KiB) # iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP 0 -- anywhere <redacted> DROP 0 -- anywhere anywhere state INVALID ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:32976 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere DROP 0 -- anywhere anywhere state INVALID TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460 ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED wanin 0 -- anywhere anywhere wanout 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere upnp 0 -- anywhere anywhere ACCEPT 0 -- anywhere 192.168.1.100 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain upnp (1 references) target prot opt source destination Chain wanin (1 references) target prot opt source destination ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:5900 ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:3283 ACCEPT udp -- anywhere 192.168.1.100 udp dpt:3283 ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:5988 ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:5900 ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:12975 ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:ssh ACCEPT udp -- anywhere 192.168.1.100 udp dpt:ssh ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:ssh ACCEPT udp -- anywhere 192.168.1.100 udp dpt:ssh Chain wanout (1 references) target prot opt source destination # |
Author: | kevinz [ Sat Oct 02, 2010 8:43 pm ] |
Post subject: | Re: Unable to Connect to Domain/External IP |
Hi marks, So you have the NeoRouter for Tomato running. Did you open the port 32976 in firewall of the box? In tomato UI – Administration – scripts – Firewall, add following lines: iptables -t nat -A PREROUTING -p tcp --dport 32976 -j ACCEPT iptables -A INPUT -p tcp --dport 32976 -j ACCEPT For more details, please refer to: http://www.neorouter.com/wiki/index.php ... o_firmware Thanks, KevinZ - NeoRouter |
Author: | marks [ Sat Oct 02, 2010 10:36 pm ] |
Post subject: | Re: Unable to Connect to Domain/External IP |
kevinz: Thank you for the reply. Yes I did that and also have UPNP enabled on the Tomato router. Doesn't this line from my iptable mean that port 32976 is open? ACCEPT tcp -- anywhere anywhere tcp dpt:32976 |
Author: | kevinz [ Sat Oct 02, 2010 11:05 pm ] |
Post subject: | Re: Unable to Connect to Domain/External IP |
Would you post the results "iptables -t nat -L"? Thanks, KevinZ - NeoRouter team |
Author: | marks [ Sun Oct 03, 2010 3:14 am ] |
Post subject: | Re: Unable to Connect to Domain/External IP |
see below and thanks... Code: # iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination DROP 0 -- anywhere 192.168.1.0/24 DNAT icmp -- anywhere user-xxxxxx.cable.mindspring.com to:192.168.1.1 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:5900 to:192.168.1.100 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:3283 to:192.168.1.100 DNAT udp -- anywhere user-xxxxxx.cable.mindspring.com udp dpt:3283 to:192.168.1.100 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:5988 to:192.168.1.100 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:https to:192.168.1.100:5900 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:12975 to:192.168.1.100 DNAT tcp -- anywhere user-xxxxx.cable.mindspring.com tcp dpt:ssh to:192.168.1.100 DNAT udp -- anywhere user-xxxxx.cable.mindspring.com udp dpt:ssh to:192.168.1.100 DNAT tcp -- anywhere user-xxxxxx.cable.mindspring.com tcp dpt:https to:192.168.1.100:22 DNAT udp -- anywhere user-xxxxxx.cable.mindspring.com udp dpt:https to:192.168.1.100:22 upnp 0 -- anywhere user-xxxxxx.cable.mindspring.com DNAT 0 -- anywhere user-xxxxxx.cable.mindspring.com to:192.168.1.100 ACCEPT tcp -- anywhere anywhere tcp dpt:32976 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:5900 to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:3283 to:24.223.###.## SNAT udp -- 192.168.1.0/24 192.168.1.100 udp dpt:3283 to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:5988 to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:5900 to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:12975 to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:ssh to:24.223.###.## SNAT udp -- 192.168.1.0/24 192.168.1.100 udp dpt:ssh to:24.223.###.## SNAT tcp -- 192.168.1.0/24 192.168.1.100 tcp dpt:ssh to:24.223.###.## SNAT udp -- 192.168.1.0/24 192.168.1.100 udp dpt:ssh to:24.223.###.## MASQUERADE 0 -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain upnp (1 references) target prot opt source destination DNAT udp -- anywhere anywhere udp dpt:29017 to:192.168.1.100:29017 DNAT tcp -- anywhere anywhere tcp dpt:29017 to:192.168.1.100:29017 |
Author: | kevinz [ Sun Oct 03, 2010 9:38 am ] |
Post subject: | Re: Unable to Connect to Domain/External IP |
Hi marks, In your box, please try the following rules: Quote: iptables -t nat -A PREROUTING -p tcp -m tcp -d [use your vlan1 inet addr] --dport 32976 -j DNAT --to-destination 192.168.1.1:32976 iptables -A INPUT -p tcp -d 192.168.1.1 --dport 32976 -j ACCEPT If it works, put those lines to the UI – Administration – scripts – Firewall and remove the original rules. Thanks, KevinZ - NeoRouter team |
Page 1 of 1 | All times are UTC - 5 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |