From: Jeff N. <jdn...@dc...> - 2003-05-29 05:00:03
|
On Wed, 28 May 2003 al...@at... wrote: > I added a rule alloing net2fw conection on tcp port 80. > > Added in sh-httpd.conf > CLIENT_ADDRS="192.168.1. My.IP.Net." > I tryed also to change the SERVER_NAME/ADDR to ppp0_IP > > In hosts.allow I added > sh-httpd: My.IP.Net.0/255.255.255.0 > I tryed also to uncomment in hosts.deny the PARANOID > > restarted inetd inetd doesn't look at hosts.allow, though it usually invokes tcpd which does. Since tcpd gets re-invoked for every new connection, simply editing hosts.allow and saving should be enough to activate that change. > > but still can't connect to weblet and no log in shorewall.log. > > What am I missing to get weblet listen on the external interface (for me ppp0) ? I don't know, but this is what I would check: a) no firewall blockage: sounds like you have looked through shorewall files, but you may not have used "shorewall status" and looked for relevant lines in the firewall rules. b) no port 80 redirection: No DNAT to an internal server. Again, checking "shorewall status" should confirm this. Note that a) and b) can be eliminated as potential problem sources if you "shorewall clear" for testing. c) /etc/inetd.conf file has appropriate entry to activate weblet: www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd d) /etc/hosts.allow has appropriate entry: you have obscured the entry above, but it does seem odd that you appear to want to expose it on the external interface _and not the internal interface_. Why exclude internal access? e) sh-httpd is executable: ------ # ls -l /usr/sbin/sh-httpd -rwxr-xr-x 1 root root 8028 May 27 2001 /usr/sbin/sh-httpd ------ f) confirm that you can connect to it... use telnet from a host in the appropriate source network. Note response to attempted connection ... this can be a clue to where the problem is. ------- $ telnet myrouter 80 Trying 192.168.0.1... Connected to myrouter.my.localnet. Escape character is '^]'. GET / HTTP/1.0 {http response should start here} -------- Remember the extra blank line after you type the GET command. g) try looking in the logfile (/var/sh-log/sh-httpd.log) for indications of connection attempts. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<jdn...@dc...> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- |