Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Unable to Connect to Domain/External IP
PostPosted: Sat Oct 02, 2010 1:16 pm 
Offline

Joined: Sat Oct 02, 2010 12:51 pm
Posts: 3
I have one last part of my NeoRoute install for which I need help. This is for a Tomato router server install using a Mac client locally.

But first, I like to share the truly stupid things I've done to this point and solved in the hopes of helping someone else.

Stupid Thing #1 - Tomato Router SSH Login

It took me a bit to figure out how to ssh into my Tomato router. I found the setting to allow ssh within the lan at Tomato UI / Admin / Admin Access but kept trying to login with user 'admin'. Admin is used for the web interface. You have to login at root.

ssh root@192.168.1.1

Stupid Thing #2 - Running NeoRouter Conifguration Explorer in Virtual Machine

Since I couldn't ssh into my Tomato router I launched a virtual machine and ran the NeoRouter Configuration Explorer from there. This worked great in Parallels just remember to uninstall or shut it down or you have two servers running on your lan. After I discovered how to ssh into the router I no longer needed it. The CLI is very straightforward.

Stupid Thing #3 - Old Port Forwards

I previously had Hamachi installed and port forwarded to my main machine on port 32976. I saw it when I ran iptables -L in the router ssh session. Just a tip to double-check for old port forwards that may conflict with your new config.

My Issue Now:

I can connect to the internal IP (192.168.1.1) using the Mac client and a user I setup. I know nrserver is running, recognizes my users and authentication. I'm guessing this has something to do with the router config. I am not running an Apple firewall. I thought the Hamachi port forward was it but I still cannot connect to the Domain I established on the dashboard or via my external IP. Inbound connection logging is disabled.

I'll copy my router ifconfig and iptables below. I'd appreciate any advice.

Thanks.
Code:
# ifconfig
br0        Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx 
           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:24372 errors:0 dropped:0 overruns:0 frame:0
           TX packets:19502 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:2655616 (2.5 MiB)  TX bytes:5958068 (5.6 MiB)

eth0       Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx 
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:90313 errors:0 dropped:0 overruns:0 frame:0
           TX packets:25493 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:9460252 (9.0 MiB)  TX bytes:6888843 (6.5 MiB)
           Interrupt:4 Base address:0x1000

eth1       Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx   
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:34625
           TX packets:1035 errors:11 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:0 (0.0 B)  TX bytes:360321 (351.8 KiB)
           Interrupt:2 Base address:0x5000

lo         Link encap:Local Loopback 
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:706 errors:0 dropped:0 overruns:0 frame:0
           TX packets:706 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:50983 (49.7 KiB)  TX bytes:50983 (49.7 KiB)

vlan0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx   
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:24383 errors:0 dropped:0 overruns:0 frame:0
           TX packets:19502 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:2753720 (2.6 MiB)  TX bytes:6036076 (5.7 MiB)

vlan1      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx   
           inet addr:##.###.##.#  Bcast:##.###.##.#  Mask:255.255.255.128
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:65926 errors:0 dropped:0 overruns:0 frame:0
           TX packets:5991 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:5080698 (4.8 MiB)  TX bytes:852767 (832.7 KiB)

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       0    --  anywhere             <redacted>
DROP       0    --  anywhere             anywhere            state INVALID
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:32976

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere           
DROP       0    --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
wanin      0    --  anywhere             anywhere           
wanout     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere           
upnp       0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             192.168.1.100       

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain upnp (1 references)
target     prot opt source               destination         

Chain wanin (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:5900
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:3283
ACCEPT     udp  --  anywhere             192.168.1.100       udp dpt:3283
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:5988
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:5900
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:12975
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:ssh
ACCEPT     udp  --  anywhere             192.168.1.100       udp dpt:ssh
ACCEPT     tcp  --  anywhere             192.168.1.100       tcp dpt:ssh
ACCEPT     udp  --  anywhere             192.168.1.100       udp dpt:ssh

Chain wanout (1 references)
target     prot opt source               destination         
#



Top
 Profile  
 
 Post subject: Re: Unable to Connect to Domain/External IP
PostPosted: Sat Oct 02, 2010 8:43 pm 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
Hi marks,

So you have the NeoRouter for Tomato running. Did you open the port 32976 in firewall of the box?

In tomato UI – Administration – scripts – Firewall, add following lines:
iptables -t nat -A PREROUTING -p tcp --dport 32976 -j ACCEPT
iptables -A INPUT -p tcp --dport 32976 -j ACCEPT

For more details, please refer to:
http://www.neorouter.com/wiki/index.php ... o_firmware

Thanks,
KevinZ - NeoRouter


Top
 Profile  
 
 Post subject: Re: Unable to Connect to Domain/External IP
PostPosted: Sat Oct 02, 2010 10:36 pm 
Offline

Joined: Sat Oct 02, 2010 12:51 pm
Posts: 3
kevinz:

Thank you for the reply. Yes I did that and also have UPNP enabled on the Tomato router.

Doesn't this line from my iptable mean that port 32976 is open?

ACCEPT tcp -- anywhere anywhere tcp dpt:32976


Top
 Profile  
 
 Post subject: Re: Unable to Connect to Domain/External IP
PostPosted: Sat Oct 02, 2010 11:05 pm 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
Would you post the results "iptables -t nat -L"?

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
 Post subject: Re: Unable to Connect to Domain/External IP
PostPosted: Sun Oct 03, 2010 3:14 am 
Offline

Joined: Sat Oct 02, 2010 12:51 pm
Posts: 3
see below and thanks...

Code:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DROP       0    --  anywhere             192.168.1.0/24     
DNAT       icmp --  anywhere             user-xxxxxx.cable.mindspring.com to:192.168.1.1
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:5900 to:192.168.1.100
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:3283 to:192.168.1.100
DNAT       udp  --  anywhere             user-xxxxxx.cable.mindspring.com udp dpt:3283 to:192.168.1.100
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:5988 to:192.168.1.100
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:https to:192.168.1.100:5900
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:12975 to:192.168.1.100
DNAT       tcp  --  anywhere             user-xxxxx.cable.mindspring.com tcp dpt:ssh to:192.168.1.100
DNAT       udp  --  anywhere             user-xxxxx.cable.mindspring.com udp dpt:ssh to:192.168.1.100
DNAT       tcp  --  anywhere             user-xxxxxx.cable.mindspring.com tcp dpt:https to:192.168.1.100:22
DNAT       udp  --  anywhere             user-xxxxxx.cable.mindspring.com udp dpt:https to:192.168.1.100:22
upnp       0    --  anywhere             user-xxxxxx.cable.mindspring.com
DNAT       0    --  anywhere             user-xxxxxx.cable.mindspring.com to:192.168.1.100
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:32976

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:5900 to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:3283 to:24.223.###.##
SNAT       udp  --  192.168.1.0/24       192.168.1.100       udp dpt:3283 to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:5988 to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:5900 to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:12975 to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:ssh to:24.223.###.##
SNAT       udp  --  192.168.1.0/24       192.168.1.100       udp dpt:ssh to:24.223.###.##
SNAT       tcp  --  192.168.1.0/24       192.168.1.100       tcp dpt:ssh to:24.223.###.##
SNAT       udp  --  192.168.1.0/24       192.168.1.100       udp dpt:ssh to:24.223.###.##
MASQUERADE  0    --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain upnp (1 references)
target     prot opt source               destination         
DNAT       udp  --  anywhere             anywhere            udp dpt:29017 to:192.168.1.100:29017
DNAT       tcp  --  anywhere             anywhere            tcp dpt:29017 to:192.168.1.100:29017


Top
 Profile  
 
 Post subject: Re: Unable to Connect to Domain/External IP
PostPosted: Sun Oct 03, 2010 9:38 am 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1878
Hi marks,

In your box, please try the following rules:

Quote:
iptables -t nat -A PREROUTING -p tcp -m tcp -d [use your vlan1 inet addr] --dport 32976 -j DNAT --to-destination 192.168.1.1:32976
iptables -A INPUT -p tcp -d 192.168.1.1 --dport 32976 -j ACCEPT


If it works, put those lines to the UI – Administration – scripts – Firewall and remove the original rules.

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 23 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron