Problems w/ setting up a Linux DMZ Server behind a Linksys Router

Hello !

This seemingly simple problem is giving me a hard time. I have a
regular Optimum Online Cable connection. It is routed using a 4 port
Linksys router. I have turned off DCHP, the firewall, all router
filters and turned on DMZ for the server IP, NAT is turned on. All the
computers running on the local network (192.168.2.x, same as Server)
can connect just fine to the internet and the server (SSH). In
hosts.allow I have SSH: ALL.

Still, when I try to connect using SSH from the internet I get a
connection timeout response. I can ping the WAN IP, but I dont know if
that response if from the router or the server.

I suspect this has to do with some Network security setting on the
Linux box, but I'm far from sure where. Any ideas ? I'm Running RH 8

Thanks a lot !


By the way, Optimum Online is blocking incoming traffic on ports 80,
1080, 8080, 25, 3128, 135-139, and 445. That should not be a problem,
right?

o.blomqvist:
RH8 was not that great. My recollection of getting the network to work is
it was not easy.

If you have the time/energy to reintall Linux, Fedora 3, looks very much
like RH8...the way it should have been. (Looks very much the same, just
better).

I have a linksys router and from the install, one or two click did the job
with FC3, everything worked on the network connection in one minute.

I am not sure that what you want to hear but if you have broadband
connection downloading the ISO and creating the CD's is not that hard.
After the install you must run up2date (lots of changes).
Good Luck.
AFC3

ps: From my experience a reinstall from scratch is preferable to an upgrade,
but upgrade is a (bd) option.
----------------
(E-Mail Removed) wrote:

> Hello !
>
> This seemingly simple problem is giving me a hard time. I have a
> regular Optimum Online Cable connection. It is routed using a 4 port
> Linksys router. I have turned off DCHP, the firewall, all router
> filters and turned on DMZ for the server IP, NAT is turned on. All the
> computers running on the local network (192.168.2.x, same as Server)
> can connect just fine to the internet and the server (SSH). In
> hosts.allow I have SSH: ALL.
>
> Still, when I try to connect using SSH from the internet I get a
> connection timeout response. I can ping the WAN IP, but I dont know if
> that response if from the router or the server.
>
> I suspect this has to do with some Network security setting on the
> Linux box, but I'm far from sure where. Any ideas ? I'm Running RH 8
>
> Thanks a lot !
>
>
> By the way, Optimum Online is blocking incoming traffic on ports 80,
> 1080, 8080, 25, 3128, 135-139, and 445. That should not be a problem,
> right?

On Mon, 13 Dec 2004 09:13:01 -0800, o.blomqvist wrote:

> Hello !
>
> This seemingly simple problem is giving me a hard time. I have a
> regular Optimum Online Cable connection. It is routed using a 4 port
> Linksys router. I have turned off DCHP, the firewall, all router
> filters and turned on DMZ for the server IP, NAT is turned on. All the
> computers running on the local network (192.168.2.x, same as Server)
> can connect just fine to the internet and the server (SSH). In
> hosts.allow I have SSH: ALL.
>
> Still, when I try to connect using SSH from the internet I get a
> connection timeout response. I can ping the WAN IP, but I dont know if
> that response if from the router or the server.

You modem/router is NATing - hence the ping reply is from the modem. It
would only be the server if you were operating in bridging mode.

>
> I suspect this has to do with some Network security setting on the
> Linux box, but I'm far from sure where. Any ideas ? I'm Running RH 8
>

If you can SSH in internally, then it *really* should work. Try looking at
your firewall on the server and see what the rules are on port 22.

# iptables -L

Here a working line for my SSH that works through my NAT router:

hackbox:/home/tmccoy# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Where as, if you have no firewall, you'll get:

freeton:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

> Thanks a lot !
>
>
> By the way, Optimum Online is blocking incoming traffic on ports 80,
> 1080, 8080, 25, 3128, 135-139, and 445. That should not be a problem,
> right?

These ports won't cause any issues. But why-oh-why would they block WWW on
port 80? That's just mean :P

The only other thing I can think of is the DMZ is playing a little havoc.
It's supposed to be used for this purpose (I think?) but I run all my NAT
SSH machines purely on my internal network. Maybe try moving it off the
DMZ and see what happens?

Cheers

Tim


--
"Linux... because rebooting is for adding new hardware!"

http://home.swiftdsl.com.au/~tmccoy
MSN: (E-Mail Removed)
ICQ: 160341067

On 13 Dec 2004 09:13:01 -0800, (E-Mail Removed) wrote:

>Hello !
>
>This seemingly simple problem is giving me a hard time. I have a
>regular Optimum Online Cable connection. It is routed using a 4 port
>Linksys router. I have turned off DCHP, the firewall, all router
>filters and turned on DMZ for the server IP, NAT is turned on. All the
>computers running on the local network (192.168.2.x, same as Server)
>can connect just fine to the internet and the server (SSH). In
>hosts.allow I have SSH: ALL.
>
>Still, when I try to connect using SSH from the internet I get a
>connection timeout response. I can ping the WAN IP, but I dont know if
>that response if from the router or the server.
>
>I suspect this has to do with some Network security setting on the
>Linux box, but I'm far from sure where. Any ideas ? I'm Running RH 8
>
>Thanks a lot !
>
>
>By the way, Optimum Online is blocking incoming traffic on ports 80,
>1080, 8080, 25, 3128, 135-139, and 445. That should not be a problem,
>right?

You DO realize that there are numerous bugs in the Linksys, right?
Including the inability to leave streams going to the "DMZ" the hell
alone, no matter what you turn off, disable, and otherwise configure.
There's also a weird one where certain things don't work until after
you ping the linksys.

Do some research - this is old news. Linksys is suitable for lusers
trying to protect windoze boxes - in no way do you want to try to
actually use it as a router, because it's not - it's a crufty NAT
layer. Period.

Mike-

--
If you can keep your head while those around you are losing theirs...
You may have a great career as a network administrator ahead!
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,