Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Accessability both inside and outside LAN

2008-11-25
2013-05-01
  • Steve Miller
    Steve Miller
    2008-11-25

    I would like to make it possible to get to the server from both inside and outside the LAN.  I can set the IP through the Admin console to the outside address, however due to the way that Cisco ASAs work, nobody inside the LAN can see those outside interfaces... it's pretty silly to also have people go out on an interface from the LAN and then back to the server on an outside address.  Is there a way so that people outside the LAN can see the server on one address and people on the inside see it on a local 192.168. address?

     
    • Steve Miller
      Steve Miller
      2008-11-26

      Basically what I mean is for the content to load dynamically from the address typed into the browser rather than hard coded into a configuration file...

       
    • Danny Peter
      Danny Peter
      2009-02-04

      I am not fimiliar with cisco - :(

      But, what I have done is changed the port number on the DIMDIM server and created a NAT rule on my firewall. That says whatever comes in on that port shoot the connection over to the internal IP.

      Not sure if that helps you or not.

       
    • Jay
      Jay
      2009-02-05

      Danny,

      I'm admittedly a real newbie.  Would you help me with specifics?  I installed Dimdim 4.5 on CentOS 5.2, according to the instructions.  I can access the home page (192.168.0.101/dimdim/) from a web browser on the Dimdim server, but can't from another computer in the same LAN using the same URL of 192.168.0.101/dimdim/. 

      I'm using a D-Link DI-624 wireless router and don't know how to create a NAT rule.  I did set the Dimdim's IP address to a static 192.168.0.101.  To create a NAT rule on the router, do I click Advanced...Routing?  I see these options (not sure what to do):

      Static  OR  Dynamic   OR   Routing Table   (which one?)

      Network Address: 
      Network Mask: 
      Gateway Address: 
      Interface:  LAN WAN 
      Metric: (range:1~16)

      Also, would you let me know what file (and path) to change the port number and exactly what you used?  Or did you use the following?

      NAT’d environment:
      cd /usr/local/dimdim
      ./Configure_Dimdim.pl <your public ip address> <Some different port> <your private ip address>

      Without indicating your public IP address, would you show the rest of what you indicated?

      Thanks very much!!!

      Cheers

       
    • Danny Peter
      Danny Peter
      2009-02-05

      I am assuming you installed DIMDIM VMware on Windows XP or similar - The reason you cant access DIMDIM from another computer is because there is a firewall blocking you from doing that. You need to open the following ports on your DIMDIM server - Port 1935 and Port 80 (if you leave it at the default port) - Port 80 is hte default web browsing port. Everytime you open a web browser it is opening on port 80.

      Assuming you have a static external IP (you could always google "whats my ip" to find out you external IP - If you want to) To create a NAT (and I am not sure how to on your router) you would basically say what ever comes in on port 80 I need it to go to the following internal IP (which would be your DIMDIM) 192.168.0.101

      As far as changing the port you have the instructions above - But, you are going to let your router do the nat'ing so use the following. You do all of this in the terminal of CentOS

      Use Config-ipaddress.pl like below
                      cd /usr/local/dimdim

                      ./Config-ipaddress.pl 192.168.0.101 80

      If you dont want the default 80 port change it in the above command. But, remember if you change the port 80 port number you will have to change you firewall port nunmber.

      Then to get you your DIMDIM your URL would be (if you change it to 78)

      http://192.168.0.101:78/dimdim/

      I guess thats it

       
    • Jay
      Jay
      2009-02-06

      Thank you for the assistance, Danny.  It's almost resolved, but I could use just a bit more help with specific commands.

      >>I am assuming you installed DIMDIM VMware on Windows XP or similar - The reason you cant access DIMDIM from another computer is >>because there is a firewall blocking you from doing that. You need to open the following ports on your DIMDIM server - Port 1935 and >>Port 80 (if you leave it at the default port) - Port 80 is hte default web browsing port. Everytime you open a web browser it is opening on >>port 80. 

      I installed Dimdim on CentOS 5.2 (which is essential Red Hat Enterprise Linux)--so I didn't install Dimdim on VMware or Windows.  I typed 'netstat -ntlu | grep'   for ports 80, 1935, 40000 and 40001, and all ports were indicated as LISTEN(ing).  Also, yes, it appears that the web server (nginx) uses the standard http port of 80.  However, while I can ping 192.168.0.101 from another computer in the LAN, I can't access Dimdim from another computer in the LAN--it times out.

      Should I try disabling RHEL's firewall (aka iptables)?  I believe I can disable iptables by typing the following:
      # service iptables save
      # service iptables stop
      # chkconfig iptables off 
       
      >>Assuming you have a static external IP (you could always google "whats my ip" to find out you external IP - If you want to) To create a NAT >>(and I am not sure how to on your router) you would basically say what ever comes in on port 80 I need it to go to the following internal >>IP (which would be your DIMDIM) 192.168.0.101

      As far as the firewall blocking by the wireless router, I allowed the following:
      Allow  Virtual Server HTTP  WAN,*  LAN,192.168.0.101  TCP,80-40010 
      The above means to allow all WAN IP addresses to go to the LAN IP address of 192.168.0.101 for all ports between 80 and 40010.  But this doesn't seem to allow traffic through my ISP's dynamic IP address set for my network (72.68.X.X). 

      >>As far as changing the port you have the instructions above - But, you are going to let your router do the nat'ing so use the following. You >>do all of this in the terminal of CentOS
       
      >>Use Config-ipaddress.pl like below
      >>cd /usr/local/dimdim
       
      >>./Config-ipaddress.pl 192.168.0.101 80
       
      I did these before, but still can't access Dimdim using http://192.168.0.101/dimdim/.  I suspect that my problem has to do with iptables--maybe I need to change a config somehow or simply disable iptables???
       
      >>If you dont want the default 80 port change it in the above command. But, remember if you change the port 80 port number you will have >>to change you firewall port nunmber.
       
      >>Then to get you your DIMDIM your URL would be (if you change it to 78)
       
      >>http://192.168.0.101:78/dimdim/
       
      >>I guess thats it

      Thanks, in advance, for helping this newbie get past this hurdle!

       
    • Jay
      Jay
      2009-02-07

      I figured out the problems my CentOS server was having.  Linux has a firewall called "iptables" (just like MS Windows has a firewall and your router has a firewall).  Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.  By default, it blocks other computers from communicating with your Linux server, and the Linux server can only talk to itself (127.0.0.1, which is a loopback IP address, aka "lo").  So, the easiest thing to do is to go to a terminal (command line) and type "setup", which takes you to the Text Mode Setup Utility (which is used when you install Linux on your computer).  Tab to and select "Firewall Configuration", then tab to "Run Tool" and hit Enter.

      Select Security Level...Disabled
      Leave alone:  SE Linux...Enforcing
      Select Customize to go to next screen

      Your primary network card is eth0, so select that for Trusted Devices.  I don't used Masquerade Devices.
      Allow incoming:  Select SSH, WWW (HTTP), and Secure WWW (HTTPS).  Also, type these ports that Dimdim needs in Other (use the format of port#:tcp):
         1935:tcp 40000:tcp 40001:tcp 40002:tcp 40005:tcp 40010:tcp
      (By the way, SSH is port 22; HTTP is port 80; HTTPS is port 443)
      (Opening Telnet makes your computer less secure, and I'm not sure that your Dimdim server needs Samba, NFS, FTP, and SMTP)
      Click OK, then Quit.

      Now, on your router, you need to login as the admin, then (for D-Link routers), then click Advanced...Virtual Server.  You'll see Virtual Servers List below, so then click on the edit icon for Virtual Server HTTP and edit what's above on that screen:
      For Virtual Server HTTP, choose Enabled, then enter your private IP address (mine is 192.168.0.101, which I set as static under Home...DHCP), Protocol Type: TCP, Private Port:80, Public Port:40010 (or some number between 40006 and 40840-->write down this port number, since this is how outside computers on the Internet will access the Dimdim server), Schedule: Always, then click Apply.

      Now, finally (!!!), go to the Terminal and type "cd /usr/local/dimdim-4.5" and Enter.  Here, you'll find an executable script that needs your IP and port parameters, so just type the following:
        ./Config-ipaddress.pl 72.68.150.203 40010 192.168.0.101   and hit Enter
      In the above example,
        72.68.150.203 is a WAN/Internet IP address, assigned by your ISP.  You need to substitute your WAN IP address here (open a web browser and type "WhatIsMyIP.com")
        40010 is the port you chose to open in iptables and on your router
        192.168.0.101 is the static LAN IP address for your Dimdim server

      Now, use a computer or your smartphone to connect to the Internet from outside your LAN, and open a web browser to your WAN IP address, followed by a colon and the port number and "/dimdim".  Example:
        http://72.68.150.203:40010/dimdim
      This should take you to the Dimdim home page.

      Hope this helps you all!

       
    • I think it didn't solve your problem.

      You can only access your dimdim on the external network but not in the internal network.

      :(

      So, dimdim only works with 1 IP Address.

      It's either local or external.