# Servers and such...

## sirtoast

I'm trying to set up my gentoo box to be accessable from the net, either via ssh, or apache/squirrelmail as per the desktop-installation readme from the site here.  I've got everything set up, and running fine, or so it would seem.

I'm on a high speed internet connection (DSL) but not PPPoE.  My IP is set via DHCP (currently inet addr:10.50.129.227  Bcast:10.50.129.239  Mask:255.255.255.240) and the ISP assigns a different IP to all outgoing (as in outside the ISP's LAN) traffic.  Some funky IP translation/forwarding/masqerading or whatever it's called, going on.

I've setup a domain on dyndns.org, and installed a client to update (dyndnsupdate), and have set crond to run the ipcheck/update hourly.

Everything should be fine...yes?

I can't get any communication back ot my PC, by pinging the external IP, or by trying use http or ssh.  If i use ssh/http to my internal ip, it works fine.  I can't seem to get in from outside the local IPs.

Any suggestions?  I don't think it's a setup problem with my system, although it certainly wouldn't be a surpise, I'm a fairly bottom-level linux user, and this is the longest I stuck with ANY dist (been using RH/Mandrake/slackware/Corel on and off since 1996...

Any help would be appreciated

----------

## klieber

 *sirtoast wrote:*   

> My IP is set via DHCP (currently inet addr:10.50.129.227  

 

This is your problem -- that's not a publicly-addressable IP address.  Any IP address that starts with 10.x.x.x, 192.168.x.x or 172.16.x.x through 172.31.x.x aren't addressable from the internet.

What happens is your ISP turns that into a "real" IP address at their router or firewall.  You need to find out what that "real" IP address is.  In your case, your "real" IP is:

```
142.177.186.117
```

Or, at least it was when you posted your question.  It may change, depending on how your ISP is set up.

You need to contact your ISP and ask them how they translate IP addresses and whether or not what you want to do is possible.  (they may tell you it isn't supported, but you need to get them to tell you if it's even technically possible given their network setup.)

--kurt

----------

## sirtoast

Exactly, as of now, my real-world IP is 142.177.140.216, and even though I have apache and sshd running, by pointing to that IP, it's not letting me log on from outside the the router.  I can get http headers from network-tools.com for the realworld IP.  Maybe I'm misunderstanding, but if I can see that I'm running apache, the communication is getting through right?

Header are: 

HTTP/1.1 200 OK

Date: Tue, 07 May 2002 00:09:23 GMT

Server: Apache/1.3.24 (Unix) PHP/4.1.2 mod_ssl/2.8.8 OpenSSL/0.9.6c

----------

## klieber

 *sirtoast wrote:*   

> Maybe I'm misunderstanding, but if I can see that I'm running apache, the communication is getting through right?

 

except that a lot of servers run apache, so you may be looking at someone else's server.  However, I just went to that page and got the default apache install page.  If you check your httpd logs and see that someone hit your page, then you know that part is working.  Then, we can focus on other areas as the potential cause of the problem.

--kurt

----------

## klieber

OK, I just tried to ssh to that IP address and got through just fine, so *something* is responding on port 22.

What is it that isn't working for you?'

EDIT:  just to clarify, I got an ssh challenge/response prompt on port 22 -- I didn't actually get into your box.  :Smile: 

--kurt

----------

## sirtoast

so would I not be able to bring up the http or ssh from the same pc, using the external IP?

The only reason why, would be to troubleshoot and ensure that the external ip is working...not that I generally want to ssh to the box i'm sitting at:)

I had asked someone from work to try and bring the IP up, but they couldn't, and then after you said you could, I called them back, and it worked, so maybe it was user error to begin with.  Sorry to waste your time, like i said...bottom level linux user:)

----------

## klieber

 *sirtoast wrote:*   

> so would I not be able to bring up the http or ssh from the same pc, using the external IP?

 

Might not -- your ISP might have things configured to not do that.  Depends.  (how's that for an answer.  :Smile: )

Sounds like you have it all set now, but if you need some further help testing the connection, send me a PM and we'll work out the details.

--kurt

----------

## Nitro

I can do a traceroute to your IP fine, and I can see your webserver fine.  

I'm a little confused here though, are you going from [internal pc] --> [server's WAN nic]?  If that is what you are trying to do, then I think it is an  issue with your routes.  Run route -n, and show us its output.

This computer functions as a router too right?

----------

## sirtoast

No, this just my home PC.  I'm trying to make it accessable from other locations, namely work and other PCs.  It's a standalone PC, on ADSL, with a DHCP assigned IP.  The IP is a 10.50.?.? address, and there is a router which dynamically assigns an external IP on a rotating basis (142.177.?.?)

My problem was that I didn't think my apache or ssh servers were working correctly, because if i tried to connect to the external ip (142.177.?.?) it wasn't working.  I could connect by using the internal ip however.

Turns out that the servers were and are running correctly, but when i asked a friend to try from work, he said it wasn't coming up, but that was a keying error when he was keying the IP.

As it stands now, I know the servers are live, but I guess I can't connect to them via the external IP.

As for the route -n output

crouton root # route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.50.129.224   0.0.0.0         255.255.255.240 U     0      0        0 eth0

0.0.0.0         10.50.129.225   0.0.0.0         UG    0      0        0 eth0

----------

## Nitro

Try running: 

```
route add -host <your-external ip> dev eth0
```

That should send the requests to your eth0 interface (lo would be better...) instead of out to your ISP's routers.

By the way, where is your loopback device?

----------

## sirtoast

here's what comes up with ifconfig, is that what you were inquiring about for loopback?

crouton root # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:60:97:21:F4:79

          inet addr:10.50.129.227  Bcast:10.50.129.239  Mask:255.255.255.240

          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1

          RX packets:1033180 errors:0 dropped:0 overruns:0 frame:0

          TX packets:9265 errors:0 dropped:0 overruns:0 carrier:0

          collisions:25 txqueuelen:100

          RX bytes:1383939970 (1319.8 Mb)  TX bytes:1577058 (1.5 Mb)

          Interrupt:5 Base address:0xe800

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:427 errors:0 dropped:0 overruns:0 frame:0

          TX packets:427 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:34641 (33.8 Kb)  TX bytes:34641 (33.8 Kb)

----------

## Nitro

I guess you're all fine.  I just was expecting to see it in the route listing.

By the way, did that route command work for you?

----------

## sirtoast

I didn't run the route command, only because my external IP is always changing.  It was 142.177.140.216 when you were looking at it a few messages ago, now it's flipped to 142.177.181.231, so to add it would make it out of date within an hour more than likely.

Nitro, I really want to thank you and klieber for your help.  It's great to have a supportive community here

----------

