• DMZ not working on Linksys WRT610n
    7 replies, posted
I have an ubuntu server displaying video feed from a surveillance camera and I my dad wants to be able to view it at work. I can connect to it just fine in the local area network, but when I try to access the server from anywhere else (yes, using my external IP address, not the local 192.168.1.x address) it essentially returns the message that the connection was refused. I've forwarded HTTP to my server (static ip, 192.168.1.109), that didn't work. I decided that I was going to try DMZ just to see if it works at all. I set it up like this: [img]http://img89.imageshack.us/img89/7546/dmzi.png[/img] still, attempting to connect to it from my cell phone, a proxy, or having a friend connecting to my external IP will result in a connection refused error. Even ping/tracert refuses the connection. Any possible way of getting this to work? NOTE: I'm not handing out my external IP unless it's necessary, I have ways of connecting to it outside my LAN already.
If it's an Apache server and you have mod_security running, it could be the problem. mod_security blocks attempts to access the webserver if you try to request it with an IP address instead of a domain name. Check the logs for Apache, it will tell you what's going on.
I'm pretty sure there is a group of check boxes in Security or Access Restrictions that prevent external pinging (I flashed DD-WRT onto my WRT54g ages ago so I'm a tad rusty with the vanilla Linksys firmware), though, I don't think that would be the problem because your accessing the port rather than pinging it. Anyways: Are you calling the specific port your using? If you call your IP through your standard web browser, your router will handle that like your want to go to the standard HTML port 80. I'm not sure if you are using Apache and broadcasting the feed to a standard web page on port 80, or if you have some special broadcast on a specific port. If you are broadcasting to a specific port, point your browser using YOUR.IP.IS.HERE:PORTHERE Also, I'm pretty sure there is a command in Apache (if you went this way) that forces local only connections, check that. Also, like GiGaBiTe said, check the server logs, that should lead you to your solution. (I can't believe I didn't think of that)
[QUOTE=GiGaBiTe;21092576]If it's an Apache server and you have mod_security running, it could be the problem. mod_security blocks attempts to access the webserver if you try to request it with an IP address instead of a domain name. Check the logs for Apache, it will tell you what's going on.[/QUOTE] I don't have mod_security running, I can access it fine as 192.168.1.109. I have a feeling it's something else with apache that's blocking external connections. Whenever I try connecting to it from anywhere else, it doesn't show up in access.log or error.log. That or it's something on my router. I'm going to try a remote desktop to my desktop from a laptop (iphone tethering) to see if it's the router that's doing some sort of block. It's late now, I think I'm going to get some sleep first.
I haven't messed with Linksys routers in years because they're so shitty, but I remember a bug in their firmware where you had to use port range forwarding (or uPnP, can't remember) to forward an outgoing port because static port forwarding didn't work. If you had a wired Linksys router, I'd have suggested just putting two NICs in a Linux box and use it as a router like I do.
Check to see if the firewall on the router is off.
A little update: I've disabled the firewall on my router, upgraded it's firmware, then disabled a few other security settings (Home Network Defender and SIP ALG). I turned off DMZ and switched to forwarding just port 80 to my server. I'm still getting an error on my iPhone, as well as a friend who I asked to connect to my server. Both times, it returned "The connection to the server was reset while the page was loading." Interestingly enough, I can ping the server just fine, and tracert gets to my IP, but strangely enough doesn't show any hops except for my external IP... I'm still unsure as to if it's my router or my server, I've been able to host game servers fine, and Remote Desktop Connection worked fine. [editline]02:20AM[/editline] the tracert thing was my PDAnet trial expiring and only allowing http, I managed to get my internet tethering working, tracert only gets 8 hops before it starts timing out repeatedly [editline]02:27AM[/editline] I re-enabled DMZ and attempted to open an SFTP connection to it from my laptop with internet tethering, it worked just fine and I have access, it's definitely some setting with apache2 that's restricting HTTP connection. here's the auth.log entries for the SFTP connection, not sure if this helps at all: [code] Apr 4 02:25:59 SurveillanceCenter sshd[1656]: Address ***.***.***.*** maps to mobile-***-***-***-***.mycingular.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Apr 4 02:26:01 SurveillanceCenter sshd[1656]: Accepted password for robert from ***.***.***.*** port 34730 ssh2 Apr 4 02:26:01 SurveillanceCenter sshd[1656]: pam_unix(sshd:session): session opened for user robert by (uid=0) Apr 4 02:26:02 SurveillanceCenter sshd[1708]: subsystem request for sftp [/code] I *'d out my iphone's IP, the log shows it as my IP, not ***.***.***.*** [editline]04:20AM[/editline] Another thing I noticed, Firefox will load the page significantly slower on a wireless connection to my router than from my wired desktop, but only on the first time I connect to the server. Should I up the timeout max or something?
-snip- double post
Sorry, you need to Log In to post a reply to this thread.