Re: Has my router failed?

---

• From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
• Date: Thu, 05 Oct 2006 21:32:31 -0500

---

On 5 Oct 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<1160091418.772057.41750@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
coyoteboyuk@xxxxxxxxxxx wrote:

Moe Trin wrote:

OK, I think

Basically I was trying to imply exactly the same setup as i always had,
software-wise, obviously a config mistake somewhere.

Yeah, but it's not on the router.

From the server (10.0.0.S) i can access the website. From any other

10.0.0.X i can also access it. From 138.253.X.X I cant.
netstat -tupan | grep httpd > /results.txt gives (hope this comes out
OK,trimmed it a bit):

Well, your 'grep' failed for some reason, but that's good. I'll trim it a
little more (got rid of the Recv-Q Send-Q columns). I can see a problem.

Active Internet connections (servers and established)
Proto Local Address Foreign Address State PID/Program name
tcp 0.0.0.0:111 0.0.0.0:* LISTEN 1615/portmap

Do you need portmap? Most people don't.

tcp 127.0.0.1:50000 0.0.0.0:* LISTEN 1803/hpiod
tcp 127.0.0.1:50002 0.0.0.0:* LISTEN 1808/python
tcp 0.0.0.0:55795 0.0.0.0:* LISTEN 1634/rpc.statd

Same thing for rpc.statd Most people I work with don't need this. The
other problem is that both are accepting connections from the world. This
probably isn't a security problem for you, as your router probably isn't
forwarding packets to this port.

tcp 0.0.0.0:631 0.0.0.0:* LISTEN 1819/cupsd

Again, I don't like to let everyone on the Internet use my printer, but
maybe I'm just not sociable. ;-)

tcp 127.0.0.1:25 0.0.0.0:* LISTEN 2017/sendmail: acce
tcp 0.0.0.0:445 0.0.0.0:* LISTEN 2106/smbd

It would be nicer to restrict this to 10.0.0.1, but that's just me. Actually
I don't even have any windoze boxes, so this wouldn't be a problem anyway.

tcp 10.0.0.1:139 10.0.0.10:2090 ESTABLISHED 10384/smbd

Samba - looks fine. But here starts the problems.

tcp :::993 :::* LISTEN 10116/dovecot
tcp :::995 :::* LISTEN 10116/dovecot
tcp :::110 :::* LISTEN 10116/dovecot
tcp :::143 :::* LISTEN 10116/dovecot
tcp :::80 :::* LISTEN 2048/httpd
tcp :::22 :::* LISTEN 1850/sshd
tcp :::631 :::* LISTEN 1819/cupsd
tcp :::443 :::* LISTEN 2048/httpd

Notice the difference in the address formats. This is IPv6, not the IPv4
with the addresses of four "dotted quads" like "10.20.30.40". Without
seeing what output of '/sbin/ifconfig -eth0', I can't tell what address
you are listening to, but it's likely something that vaguely looks like
fe80::211:2fff:fe68:ee9a.

udp 10.0.0.255:123 0.0.0.0:* 1867/ntpd
udp 10.0.0.1:123 0.0.0.0:* 1867/ntpd
udp 127.0.0.1:123 0.0.0.0:* 1867/ntpd
udp 0.0.0.0:123 0.0.0.0:* 1867/ntpd

Network time protocol listening four different ways on IPv4.

So httpd is listening on ::::80

which is IPv6, instead of listening on 0.0.0.0:80 - that's your problem.

I think this is the key, as the problems im having occur with dovecot,
SSH and http (and printing but i hadnt realised that until that showed
up and i tested it)

Yes, this is the key. I suspect your ISP isn't giving you an IPv6
connection (even though GB has a bunch of allocations), never mind that
your router _PROBABLY_ isn't aware of IPv6. This might also explain your
external test - your router is forwarding the packets to 10.0.0.1:80, but
there is nobody listening to that port. If the ICMP Type 3 Code 3 "nobody
home" error message from your server is getting blocked/dropped someplace,
the remote thinks the server is there, but not responding.

Wheres my fault? Have i specified something incorrectly in the
configs?? I'll check through and see if i have any more news by the
time i hear back from you. Thanks for your help so far!!

Either, you are blocking IPv4 on the server (you said the firewall wasn't
doing that), or you have not told the daemons to listen to IPv4 instead of
(or in addition to) IPv6.

Hope this puts you on the right track.

Old guy
.

---

• Follow-Ups:
  • Re: Has my router failed?
    • From: coyoteboyuk
  • Re: Has my router failed?
    • From: Pascal Hambourg

• References:
  • Has my router failed?
    • From: coyoteboyuk
  • Re: Has my router failed?
    • From: Moe Trin
  • Re: Has my router failed?
    • From: coyoteboyuk

• Prev by Date: Re: multiple subnets
• Next by Date: Re: multiple subnets
• Previous by thread: Re: Has my router failed?
• Next by thread: Re: Has my router failed?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: AAISP? ... Premium packages, and considering Max 1 Premium - depending on the ... nothing about IPv6, except that I'd end up with a /48 block if I ... I'd probably settle for setting up a PPPoE forward on my current router ... would I still be able to use the IPv4 ... (uk.telecom.broadband) AAISP? ... IPv6 connections available, which is something I would really like to ... nothing about IPv6, except that I'd end up with a /48 block if I ... Currently my router only supports IPv4. ... would I still be able to use the IPv4 ... (uk.telecom.broadband) Re: Fast downloads, slow browsing ... That article shows you what a normal IPV4 configuration should look like. ... With Windows XP, Microsoft added IPV6, which is more complex and offers much ... Your computer, and the subnet created by the router, appears to be on ... problem was a defective modem. ... (microsoft.public.windowsxp.network_web) Re: Has my router failed? ... LOL oops, well spotted. ... This is IPv6, not the IPv4 ... you are listening to, but it's likely something that vaguely looks like ... (comp.os.linux.networking) Re: How to listen on loopback address on both IPv4 and IPv6? ... On machines that supports both IPv4 and IPv6, I default to listening to::1. ... PS: If instead of listening to the loopback::1, I listen on all addresses::, then it works for both IPv4 and IPv6. ... (comp.os.linux.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)