[Techtalk] ADSL NB5 gateway webserver problems

Kathryn Andersen kat_lists at katspace.com
Tue May 31 06:12:15 EST 2005 

On Mon, May 30, 2005 at 03:06:49PM +0200, Rudy Zijlstra wrote:
> Kathryn Andersen wrote:
> 
> >This is my setup - I'm going into detail because I have no idea what is
> >causing the problem:
> >ADSL modem: NetComm NB5
> >PC is attached to modem via ethernet.
> >Modem is configured to treat PC as a DMZ.
> >Domain (with static IP): katspace.homelinux.org (courtesy of dyndns.org)
> >Webserver: Apache
> >Linux: GenToo 2005.0 (recently updated)
> >Firewall: shorewall
> >IP address of modem: 192.168.1.1
> >IP address of ethernet card: 192.168.1.11
> >Gateway of PC is the IP address of the modem.
> >
> >This is my problem: My website at http://katspace.homelinux.org
> >*is* visible to the outside world.  But it isn't visible to me.
> >When I use that URL (and *also* when I use the actual static IP address
> >shown to the outside world) I get the ADSL-modem-setup page.
> >
> > 
> >
> <snip>
> 
> I strongly suspect you have done port forwarding to get http from the 
> modem to the PC. Now when you try to access 
> http://katspace.homelinux.org you access the http port of the modem (its 
> the modem that actually has this IP address on its public port) from the 
> inside. Which is where it is listening on to be configured, thus you get 
> its configuration screen.
> 
> By the way, considering how port forwarding works, even if it would not 
> give you its config screen, you still would not get your website: 
> packets would simply be dropped, as there would be no configured route.
> 
> Before having ADSL the dyndns actually pointed to the machine itself (or 
> rather, the telephone dial in connection, which is logically on the PC 
> itself. Now this address points to the ADSL modem/router combo, and not 
> to your PC anymore

Okay, so I understand this:
- the 202.yadda.yadda.yadda address is the address of the modem
- the modem port-forwards to get http from the modem to the PC (yes, if
that's what being a DMZ does -- it's supposed to forward all traffic)
- so when I look at that address I get the http of the modem
- which is listening on that port
- but only listens on that port from the inside connection
- and when it gets traffic on that port from the *outside* connection,
  it *isn't* listening, and forwards it.

Okay.

So what can I do about it?

Looking at the modem config, it's possible to have access control so
that one can turn off the http port listening -- but then one can't
configure the modem to turn it on again!  I thought maybe if I could get
ssh access, I could figure out how to turn it on again, but I can't get
ssh access, since I don't have the root password.

Okay, maybe one could set up the access control so that it listens for
the, say, 192.168.1.10 IP, but not the 192.168.1.11 IP, and then
disconnect one machine and connect the other when I wanted to configure
it -- except that I only have one machine.
 
(sigh)

Kathryn Andersen
-=-=-=-=-=-=-=-=-
Q:	Why is Poland just like the United States?
A:	In the United States you can't buy anything for zlotys and in
	Poland you can't either, while in the U.S. you can get whatever
	you want for dollars, just as you can in Poland.
		-- being told in Poland, 1987
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe

More information about the Techtalk mailing list