I have an home web server that I use to serve a few pages for personal purposes. The server runs Ubuntu and is behind an ADSL connection, and it's working nicely.
Recently I subscribed to a Hiperlan connection and added a router for it to my LAN. So the situation is this:
- Web server (Ubuntu Hardy)
- My workstation
- ADSL router (still connected, used by the server)
- Hiperlan router (Linksys WRT54G v2.2 running Gargoyle/OpenWRT, used by the workstation)
Right now I'm trying to configure the new router to handle port forwarding so that I can remove the old router, but I'm hitting a problem. Basically, if I try to telnet my Hiperlan-IP address from outside (via an OpenVPN connection to my office), telnet hangs there... I did a tcpdump on the server, here it is (.254 is the web server):
20:07:53.795370 IP my.externalhost.38195 > 192.168.7.254.www: S 2766630416:2766630416(0) win 5840 <mss 1460,sackOK,timestamp 924929110 0,nop,wscale 7>
20:07:53.795426 IP 192.168.7.254.www > my.externalhost.38195: S 1526241928:1526241928(0) ack 2766630417 win 5792 <mss 1460,sackOK,timestamp 888004836 924929110,nop,wscale 6>
20:07:53.837928 IP my.host.38195 > 192.168.7.254.www: R 2766630417:2766630417(0) win 0
I think this means that after the server responds to the first "question" of the client, something goes awry and the client asks to reset the connection... How could I find what's going on? I tried disabling the firewall on the server (ufw disable
) but nothing changes... Anyway, if I try to telnet the same IP from inside the LAN, it works.
I think that you have:
Because of this the return packet (SYN+ACK) are not considered as being part of the connection and the firewall will reject them.
I would check the routes and change them to be on the same path.