Author Topic: Issue with Port exposure  (Read 2409 times)

usaf-lt-g

  • Veteran
  • ***
  • Posts: 75
    • View Profile
Issue with Port exposure
« on: August 18, 2009, 03:35:15 pm »
Hey guys,

I'm having an issue getting one of my application servers (which is a web server) exposed properly to the outside world. I noticed LMCE 710 already has some rules for 80 and 8080, and I'm wondering if that's what's screwing this up.

Basically my network looks like this:

Internet <---> Wi-Fi / Phone System External Network (XXX.XXX.3 subnet router) <---> LMCE Internal Network (XXX.XXX.80 subnet) <---> Web Server (XXX.XXX.80.249 should be port 80).

The router is already setup and configured to my dyndns hostname. If I ping it, it returns the correct IP address of the router.

I've attempted to setup port forwarding on 80 at both the External Network router and LMCE internal network firewall rules, however, I can't seem to work around it.

I've also attempted port re-directs, and have tried to access the webserver via IE on a specific port (5050) that re-routes it to 80 at the webserver end... this also doesn't work.

The only place I can access the web page from currently is from either the server, or a PC on the internal network.

Any help?

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
Re: Issue with Port exposure
« Reply #1 on: August 18, 2009, 04:11:07 pm »
LMCE also NATs the internal network to the external network in the same way that you broadband router does. So you need to set up 2 NATs (virtual servers, IP forwarders, whatever terminology you wish to use)

Your broadband router needs to forward port 80 traffic to the external IP address of your LMCE core. Then you just set up another forward on your core's firewall (in the web admin) to forward port 80 traffic to the internal IP address of your web server.

Say your core has the external IP address 192.168.3.10 and your web server has the IP address 192.168.80.251

Setup a forward on your broadband router to send all port 80 traffic to port 80 on 192.168.3.10. Then set up another forward (make sure it is port_forward, not core_input) on your core to send port 80 traffic to the IP address 192.168.80.251 and you are done. Nothing else is required, certainly not any remapping of ports - just be aware that you will only be able to connect to your web admin on the internal IP address (192.168.80.1)