ASR-8400 Modem/Router/4 Port 10/100 Swith - Having Problems....

  • Thread starter Thread starter Carlos Arruda
  • Start date Start date
C

Carlos Arruda

Hello (Paul) and everybody.
With the modem/router working already, i have no problems with internet and
the dns2go software connects to the internet with no problems.
Without my e-mail server yet configured and its not running, i send and i
receive e-mail from my acount with my ISP
([email protected]).
I ping my url (www.carlos-arruda.com) and i see my wan IP cause of the
dns2go software, so far so good.
The problem is that the port forwording is not working or i probably am in
the wrong part of the routers configuration.
Everytime that i try to access my site (www.carlos-arruda.com) i have this
login thing to insert username and password wich is my routers configuration
webpage, so bettewn the internet and my 602Pro Lan Suite something is wrong.
For the port forwarding i have the following:

Virtual Server Configuration

ID Public Port Private Port Port Type Host IP Address
1 80 80 TCP 192.168.28.4
(My 602Pro Lan Suite)
2 443 443 TCP 192.168.28.4
(My 602Pro Lan Suite)

If this is the port forwarding is not working then, cause i can't see my
webpage as well you guys can't see it as well if you try, it will ask you
guys for a username and password wich will give you access to my routers
configuration. ( I have changed the password and its quite big the new one
:-), your advice remember???).
Any sugestions guys????? Paul????
Cheers and thanks to all.
Carlos Arruda






Paul said:
"Carlos Arruda" said:
Hello.
Can i e-mail directly to your e-mail please? If not thats OK.
This is gonna get a bit more harder then i thought.
I have DNS2GO software, FTP Server, The e-mail server, so i recon there's a
lot of fowording to be done....
Cheers mate.
Carlos Arruda

My advice is free to all, so it stays in USENET (sorry). As i
said in the post, the easiest thing to do is try using a "port scan".
If any of your existing configuration has "anti-scan" software,
such as on the firewall in the Software602 stuff, then the "port
scan" would be defeated (as the firewall would lock out the
IP address doing the scan - some firewalls have an anti-scanning
feature like this, and you have to configure the firewall to allow
a scan like this, if the product has an anti-scan feature).

Rather than use a web site on the net to do the port scan, I found
a Windows program that will do the scan for you. Assuming all your
Software602 stuff is on the "Carlos" machine, you could install
and run the following program on the "Vera" machine. The
syntax (for the DOS version) would be something like "nmap 10.0.0.6",
where 10.0.0.6 is the address of the "Carlos" machine. After a short
time, the program should give you a list of open ports, and that
should get you started, in terms of things to port forward via the
router.

http://www.insecure.org/nmap/nmap_download.html (see Windows download...)

[ Note: Please do not point this program at machines on the Internet,
because if your ISP has port scanning detection on their router,
you could lose your account. ]

For example, it will report that port 80 is open, because
that port is used for HTTP to your web server. Based on the list
of ports returned, you can look them up in the IANA port list,
and that will give you some idea as to which services these ports
correspond to.

With the list of ports in hand, then you can go to the ASR-8400
and port forward those ports to the machine running the Software602
suite. Note however, that if you enable a brand new feature in the
Software602 stuff, that port won't be in the list of the "port scan"
you did, because a software package like that only opens ports for
services currently being used. So, you would have to go back to the
"Vera" machine and run another scan, to find out which ports were
opened for the new feature.

I suggest you enlist the aid of one of the people using your
servers, to test the various stuff as you enable it by port forwarding.
You could use a couple of hotmail accounts or some other web based
third party email service, to communicate until everything is working
properly. The reason this would work, is the hotmail server would
be outside your domain, and both you and your friend would be clients
to that server - so no port forwarding would be needed to access the
hotmail account.

If I had been able to find a list of services and what ports needed to
be open for each, I would have given it to you by now. I'm surprised
there isn't a web site with that kind of comprehensive info on it. If
I find one I'll post it. The following one has a tiny bit of info,
but not enough to get the whole job done, because SSL protection is
missing:

http://www.homenethelp.com/web/howto/apps-behind-router.asp

If you paid for a license for the Software602 product, then you should
contact their software support people, because they would have this
information. I think if you can find the "rules" file for the software
firewall, this will also contain a concise list of which ports to open.

Post again if you get stuck.

Paul
 
"Carlos Arruda" said:
Hello (Paul) and everybody.
With the modem/router working already, i have no problems with internet and
the dns2go software connects to the internet with no problems.
Without my e-mail server yet configured and its not running, i send and i
receive e-mail from my acount with my ISP
([email protected]).
I ping my url (www.carlos-arruda.com) and i see my wan IP cause of the
dns2go software, so far so good.
The problem is that the port forwording is not working or i probably am in
the wrong part of the routers configuration.
Everytime that i try to access my site (www.carlos-arruda.com) i have this
login thing to insert username and password wich is my routers configuration
webpage, so bettewn the internet and my 602Pro Lan Suite something is wrong.
For the port forwarding i have the following:

Virtual Server Configuration

ID Public Port Private Port Port Type Host IP Address
1 80 80 TCP 192.168.28.4
(My 602Pro Lan Suite)
2 443 443 TCP 192.168.28.4
(My 602Pro Lan Suite)

If this is the port forwarding is not working then, cause i can't see my
webpage as well you guys can't see it as well if you try, it will ask you
guys for a username and password wich will give you access to my routers
configuration. ( I have changed the password and its quite big the new one
:-), your advice remember???).
Any sugestions guys????? Paul????
Cheers and thanks to all.
Carlos Arruda

Try page 64 of the manual. The function is defined in "Admin Privilege",
"HTTP Server Access" and I think it should be set to "LAN". If you really
want to leave the router open to the Internet hackers, you could just
change the port number on that page from 80 to something else. Leaving
the router open, so that one of us could go in and change it, is just
asking for trouble. Especially if your ISP doesn't have any sorts of
controls over port scanning and the like.

While we're on the topic of security, I hope you read the section in
the LanSuite manual on "SMTP Relay Options". Click the "Relay for
602Pro LanSuite users only" box (the top one of the three boxes), to
prevent your email server from being used by spammers.

Paul
 
Hello guys.
As i said i have got a set of printscreens read online so that you guys can
see what i have...
Its a set of 28 pics of all pages and configurations that i have in my
router, total size is 2.18MB in winrar so that you guys can download them
and take a look.
You can always see them in my webpage
(www.carlos-arruda.com/routerpage1.jpg) and just change the number till 28
so that you can see them all or, you can download the router.rar file from
(www.carlos-arruda.com/router.rar).
I was wondering, my e-mail server is also http server and uses port 80, so i
don't really need the router to be my webserver do i??
You can see the scan i have done to the router in
(www.carlos-arruda.com/routerportscan.jpg)
I am having a huge headheack with this router and e-mail servers.
I can surf the net but when it comes down to see my url,
www.carlos-arruda.com, it sows me the user and password for the router's web
interface, by typing my url i am being lead to the router and not to my web
server in 602Pro Lan Suite software.
Hope that these pics will help you guys to help me.
Cheers
Carlos Arruda
 
"Carlos Arruda" said:
Hello guys.
As i said i have got a set of printscreens read online so that you guys can
see what i have...
Its a set of 28 pics of all pages and configurations that i have in my
router, total size is 2.18MB in winrar so that you guys can download them
and take a look.
You can always see them in my webpage
(www.carlos-arruda.com/routerpage1.jpg) and just change the number till 28
so that you can see them all or, you can download the router.rar file from
(www.carlos-arruda.com/router.rar).
I was wondering, my e-mail server is also http server and uses port 80, so i
don't really need the router to be my webserver do i??
You can see the scan i have done to the router in
(www.carlos-arruda.com/routerportscan.jpg)
I am having a huge headheack with this router and e-mail servers.
I can surf the net but when it comes down to see my url,
www.carlos-arruda.com, it sows me the user and password for the router's web
interface, by typing my url i am being lead to the router and not to my web
server in 602Pro Lan Suite software.
Hope that these pics will help you guys to help me.
Cheers
Carlos Arruda

LAN Configuration - your IP address range is 192.168.28.10 - 20
yet your port forwarding is to 192.168.28.4 ?
- Maybe DHCP should be disabled and all computers
given a static IP address from 192.168.28.x ?
Perhaps you have done this for the 192.168.28.4
machine and that is why it is working ?
- If you do continue using DHCP, maybe if you set the
Lease Time to 0, the time will be set to infinity ?
Virtual Server - I don't see FTP at 21 forwarded, yet it would seem that
port 21 is open when I point an FTP client at it. I cannot
log in, but at least a connection to port 21 seems to
happen. implying port 21 on your public_address is open.
DNS - Auto + user should be OK.

You didn't make a copy of the "Misc Configuration" page, and I presume
FTP and TFTP are disabled there, as they should only be needed during
firmware upgrade. You must have set admin access to LAN only, as I can
see your website OK. In your port forwarding table, I don't see a port
forward for port 21 (FTP), so it is strange that I can open a connection
to port 21.

As for the web mail, port 80 would be used by your users (if you are
set up for SSL and https://mail_server, then port 443 would be used ?).
But the email server also has to connect to the outside world, and I
don't know which port it uses for that. I'll post later if I discover
anything.

You port scanned the router. I see that FTP is open on there, so that
means that the FTP or TFTP server on the router are still enabled.

What I wanted you to do, was use one of your LAN machines to scan the
web/emailer server machine, to see what ports are open on it. Using
the port list from that scan would give you some hints as to what ports
to open on the router. For example, in the picture below, use the
Carlos/Vera/Hugo machines to scan the machine with the servers on it.
Scanning in the other direction, towards the router, isn't interesting
other than to discover whether the router is secure or not.

^
_ |
| ---------
| | ADSL | 81.77.98.27 (carlos-arruda.com)
| ---------
A |
S -------------
R | Firewall |
8 -------------
4 |
0 -------------
0 | Router | 192.168.1.1
| -------------
|_ | | | | -------------
| | | +--------------------------| Hugo | 192.168.1.5
| | | -------------
| | | -------------
| | +-----------------------------| Vera | 192.168.1.4
| | -------------
| | -------------
| +--------------------------------| Carlos | 192.168.1.3
| -------------
|
-------------
| Software | 192.168.1.2
| Firewall |
-------------
| |
| +------------+
| |
------------ --------- -------- --------
| Email_Svr | | DNS2GO | | FTP | | Web |
| SMTP/POP3 | | ? | | Server| | Server|
------------ --------- -------- ---------

HTH,
Paul
 
Hello Paul.
At the moment, i have my router on and this is happening;

when i do this http://192.168.28.4 i see my webpage for the e-mail server.

If i do it this way www.carlos-arruda.com i see nothing but i can see
everyother page on the internet i want.

Can you try to telnet (don't know what it is and how its done, just now the
PING command) everything you said you have done, just one more time and see
what happens, cause i have delet it all the port forwardings on image
www.carlos-arruda.com/routerpage11.jpg (if you can see it cause the router
is on now but the ports are not being foward) well try doing it latter, just
telnet it and see what happens, post it here and then i will farword the
ports once again.

One more thing i think i am heving problems as well with resolving names
(DNS) whenever i try to ping like www.freeserver.com i have this as the
freeserve IP, at least i think it is, 195.92.249.130 and i have no answer at
all, 100% loss but when i ping my url www.carlos-arruda.com i get an answer
from it (TTL=64). In the DNS page in the router setup i should have there my
ISP (Freeserve) DNS yes? 195.92.195.94 and 195.92.195.95 or no?

Cheers mate for your help and time.
Carlos Arruda
 
"Carlos Arruda" said:
Hello Paul.
At the moment, i have my router on and this is happening;

when i do this http://192.168.28.4 i see my webpage for the e-mail server.

If i do it this way www.carlos-arruda.com i see nothing but i can see
everyother page on the internet i want.

Can you try to telnet (don't know what it is and how its done, just now the
PING command) everything you said you have done, just one more time and see
what happens, cause i have delet it all the port forwardings on image
www.carlos-arruda.com/routerpage11.jpg (if you can see it cause the router
is on now but the ports are not being foward) well try doing it latter, just
telnet it and see what happens, post it here and then i will farword the
ports once again.

One more thing i think i am heving problems as well with resolving names
(DNS) whenever i try to ping like www.freeserver.com i have this as the
freeserve IP, at least i think it is, 195.92.249.130 and i have no answer at
all, 100% loss but when i ping my url www.carlos-arruda.com i get an answer
from it (TTL=64). In the DNS page in the router setup i should have there my
ISP (Freeserve) DNS yes? 195.92.195.94 and 195.92.195.95 or no?

Cheers mate for your help and time.
Carlos Arruda

First of all, Telnet is a program that emulates a terminal for
remote login to text based sessions with Unix or mainframe computers.
Many of the protocols on the net are based on ASCII text, and
the telnet program can actually be used for interacting with
servers. In fact, I've used telnet to a POP3 server at work,
to delete emails manually when my mailbox got full. Apparently,
you can even interact with a web server and download a page of
HTML by using Telnet, if you know the right commands to use.
For protocols that use binary representations, Telnet is useless
as near as I can tell. So, on with the testing...

Telnet to public_address:25 is stuck in some kind of connecting state.
Telnet to public_address:110 says "Host or gateway not responding"
Telnet to public_address:80 says "Host or gateway not responding"

This tells me that port 25 is being intercepted outside your LAN,
while the attempts to access 80 (http) or 110 (POP3) are being
stopped by your router. So, I think the port forwarding on 80 and
110 is working, but the response on 25 is blocked by Freeserve.
Blocking 25 is an easy way to avoid "open relays" on email servers,
which allows spammers to harness email servers like yours, to send
out junk mail. Many people have had poorly configured email servers
on ADSL or cable modems, and there are automated programs that search
the net for such machines. An ISP risks being "blacked out", i.e.
disconnected from the rest of the network, unless they clean up this
situation, so the easiest thing to do is just close port 25. I don't
think this stops ATRN from working.

195.92.249.130 is the www.freeserve.com webpage. When I do DNS lookup
on it, there is no translation. A DNS lookup on www.freeserve.com
does give that IP address, but the IP address doesn't translate back
into that URL, which is strange. To do translations, all you need to
do is find a web based "nslookup". This is the one I use (the reason
for the numeric address is that when DNS is not working, I can still
reach this web server):

http://131.103.222.185/nslookup.htm

As far as the access problems inside your own LAN, the router has to
make a decision as to what to do if a LAN packet has the
public_address as the destination. It is possible, if a route was
added to the routing tables in the router, you could get it to work,
but I'm not 100% positive. Say the "Vera" machine tries to reach
"http://www.carlos-arruda.com", DNS translates this to 81.79.63.38,
which is the public_address. When the router sees this, it could
either forward the packet toward the Internet (because it looks like
a public address, and public addresses belong on the WAN interface)
- when it comes back, the router will be confused. I think routers
are set up to avoid looping packets in circles (the TTL time to live
helps stop this - it is decremented by one at every router), so one
way or another, I guess the packet gets discarded. If the "Vera"
machine wants to reach the web server, then http://192.168.28.4 is
the way to go. (If the OS on the "Vera" machine has a "hosts" file,
you could add an entry in there. The hosts file is consulted before
DNS, so if you have any entries that public DNS doesn't know about,
the "hosts" file can fill this gap.)

# The following link explains how to add entries to address
# translation on your computer. In this case, the "Vera" machine
# needs an entry like "192.168.28.4 carlos-arruda.com" in the hosts
# file, somewhere below the "127.0.0.1 localhost" entry.
http://www.mvps.org/winhelp2002/hosts.htm

As for the response with www.freeserve.com, that is not a DNS problem.
The "Ping" program uses ICMP protocol. This protocol, just like ports,
can be disabled on servers or filtered by routers. There are certain
buffer overflow exploits that can be done using "Ping", so to solve
that problem, many web servers are configured not to return an answer
when "pinged". So, just like closing port 25, the disabling of Ping
is a security thing. It is a real shame, because without Ping, you
cannot be sure that the node is functional or not.

So, what problems are you still having with email ? Clients cannot
send ? or receive ? Server cannot pull new mail ? What are the
symptoms ?

Paul
 
Hello.
Did you see my webpage at www.carlos-arruda.com?
Cause when i trye it gives me the username and password that leads me into
the router setup web interface, i can see every other web page i want.
Can you check that mate, please?
I haven't still done any port forward yet.
Cheers
Carlos Arruda

Thanks alot for your pacience man. I apreciat that....:-)



Paul said:
"Carlos Arruda" said:
Hello Paul.
At the moment, i have my router on and this is happening;

when i do this http://192.168.28.4 i see my webpage for the e-mail server.

If i do it this way www.carlos-arruda.com i see nothing but i can see
everyother page on the internet i want.

Can you try to telnet (don't know what it is and how its done, just now the
PING command) everything you said you have done, just one more time and see
what happens, cause i have delet it all the port forwardings on image
www.carlos-arruda.com/routerpage11.jpg (if you can see it cause the router
is on now but the ports are not being foward) well try doing it latter, just
telnet it and see what happens, post it here and then i will farword the
ports once again.

One more thing i think i am heving problems as well with resolving names
(DNS) whenever i try to ping like www.freeserver.com i have this as the
freeserve IP, at least i think it is, 195.92.249.130 and i have no answer at
all, 100% loss but when i ping my url www.carlos-arruda.com i get an answer
from it (TTL=64). In the DNS page in the router setup i should have there my
ISP (Freeserve) DNS yes? 195.92.195.94 and 195.92.195.95 or no?

Cheers mate for your help and time.
Carlos Arruda

First of all, Telnet is a program that emulates a terminal for
remote login to text based sessions with Unix or mainframe computers.
Many of the protocols on the net are based on ASCII text, and
the telnet program can actually be used for interacting with
servers. In fact, I've used telnet to a POP3 server at work,
to delete emails manually when my mailbox got full. Apparently,
you can even interact with a web server and download a page of
HTML by using Telnet, if you know the right commands to use.
For protocols that use binary representations, Telnet is useless
as near as I can tell. So, on with the testing...

Telnet to public_address:25 is stuck in some kind of connecting state.
Telnet to public_address:110 says "Host or gateway not responding"
Telnet to public_address:80 says "Host or gateway not responding"

This tells me that port 25 is being intercepted outside your LAN,
while the attempts to access 80 (http) or 110 (POP3) are being
stopped by your router. So, I think the port forwarding on 80 and
110 is working, but the response on 25 is blocked by Freeserve.
Blocking 25 is an easy way to avoid "open relays" on email servers,
which allows spammers to harness email servers like yours, to send
out junk mail. Many people have had poorly configured email servers
on ADSL or cable modems, and there are automated programs that search
the net for such machines. An ISP risks being "blacked out", i.e.
disconnected from the rest of the network, unless they clean up this
situation, so the easiest thing to do is just close port 25. I don't
think this stops ATRN from working.

195.92.249.130 is the www.freeserve.com webpage. When I do DNS lookup
on it, there is no translation. A DNS lookup on www.freeserve.com
does give that IP address, but the IP address doesn't translate back
into that URL, which is strange. To do translations, all you need to
do is find a web based "nslookup". This is the one I use (the reason
for the numeric address is that when DNS is not working, I can still
reach this web server):

http://131.103.222.185/nslookup.htm

As far as the access problems inside your own LAN, the router has to
make a decision as to what to do if a LAN packet has the
public_address as the destination. It is possible, if a route was
added to the routing tables in the router, you could get it to work,
but I'm not 100% positive. Say the "Vera" machine tries to reach
"http://www.carlos-arruda.com", DNS translates this to 81.79.63.38,
which is the public_address. When the router sees this, it could
either forward the packet toward the Internet (because it looks like
a public address, and public addresses belong on the WAN interface)
- when it comes back, the router will be confused. I think routers
are set up to avoid looping packets in circles (the TTL time to live
helps stop this - it is decremented by one at every router), so one
way or another, I guess the packet gets discarded. If the "Vera"
machine wants to reach the web server, then http://192.168.28.4 is
the way to go. (If the OS on the "Vera" machine has a "hosts" file,
you could add an entry in there. The hosts file is consulted before
DNS, so if you have any entries that public DNS doesn't know about,
the "hosts" file can fill this gap.)

# The following link explains how to add entries to address
# translation on your computer. In this case, the "Vera" machine
# needs an entry like "192.168.28.4 carlos-arruda.com" in the hosts
# file, somewhere below the "127.0.0.1 localhost" entry.
http://www.mvps.org/winhelp2002/hosts.htm

As for the response with www.freeserve.com, that is not a DNS problem.
The "Ping" program uses ICMP protocol. This protocol, just like ports,
can be disabled on servers or filtered by routers. There are certain
buffer overflow exploits that can be done using "Ping", so to solve
that problem, many web servers are configured not to return an answer
when "pinged". So, just like closing port 25, the disabling of Ping
is a security thing. It is a real shame, because without Ping, you
cannot be sure that the node is functional or not.

So, what problems are you still having with email ? Clients cannot
send ? or receive ? Server cannot pull new mail ? What are the
symptoms ?

Paul
 
Hello Paul....
This is getting better.
I tryed what i already have tryed and something is workin now.

With a friend from canada, i now that he sees my webpage but i still can´t,
it goes to the web interface setup for the router, minor problem, and he
access an account that i had set for this test.

Without the port forwarding he could see the main page but when he tryed to
log in to the webmail an error would accour.
I forward the 80 port to the vera's pc and now he can login and see his
e-mail box, if you wanna try go to www.carlos-arruda.com and in the left
click in webmail, user as user and password as password just for this test.

The FTP Server works with the port forwarding and it don't work without it.

I am sending mail and the port 25 is not forward, i havent foward it and i
know that the e-mail gets to its destany, i send a couple e-mail to my
hotmail ccounts and it was there.

The problem is that i have forward the port 110 to receive e-mail but
nothing so far.

Any ideias?

Any ideia on how will i overcome this thing of not seing my own webpage but
others do? I guess i can live with that.

On FTP you can try by using either the webbrowser or an ftp cliente and use
this ftp.carlos-arruda.com (port21) user/password, you can take the
terminator 3 if you want, its there.

Cheers
Carlos





Paul said:
"Carlos Arruda" said:
Hello Paul.
At the moment, i have my router on and this is happening;

when i do this http://192.168.28.4 i see my webpage for the e-mail server.

If i do it this way www.carlos-arruda.com i see nothing but i can see
everyother page on the internet i want.

Can you try to telnet (don't know what it is and how its done, just now the
PING command) everything you said you have done, just one more time and see
what happens, cause i have delet it all the port forwardings on image
www.carlos-arruda.com/routerpage11.jpg (if you can see it cause the router
is on now but the ports are not being foward) well try doing it latter, just
telnet it and see what happens, post it here and then i will farword the
ports once again.

One more thing i think i am heving problems as well with resolving names
(DNS) whenever i try to ping like www.freeserver.com i have this as the
freeserve IP, at least i think it is, 195.92.249.130 and i have no answer at
all, 100% loss but when i ping my url www.carlos-arruda.com i get an answer
from it (TTL=64). In the DNS page in the router setup i should have there my
ISP (Freeserve) DNS yes? 195.92.195.94 and 195.92.195.95 or no?

Cheers mate for your help and time.
Carlos Arruda

First of all, Telnet is a program that emulates a terminal for
remote login to text based sessions with Unix or mainframe computers.
Many of the protocols on the net are based on ASCII text, and
the telnet program can actually be used for interacting with
servers. In fact, I've used telnet to a POP3 server at work,
to delete emails manually when my mailbox got full. Apparently,
you can even interact with a web server and download a page of
HTML by using Telnet, if you know the right commands to use.
For protocols that use binary representations, Telnet is useless
as near as I can tell. So, on with the testing...

Telnet to public_address:25 is stuck in some kind of connecting state.
Telnet to public_address:110 says "Host or gateway not responding"
Telnet to public_address:80 says "Host or gateway not responding"

This tells me that port 25 is being intercepted outside your LAN,
while the attempts to access 80 (http) or 110 (POP3) are being
stopped by your router. So, I think the port forwarding on 80 and
110 is working, but the response on 25 is blocked by Freeserve.
Blocking 25 is an easy way to avoid "open relays" on email servers,
which allows spammers to harness email servers like yours, to send
out junk mail. Many people have had poorly configured email servers
on ADSL or cable modems, and there are automated programs that search
the net for such machines. An ISP risks being "blacked out", i.e.
disconnected from the rest of the network, unless they clean up this
situation, so the easiest thing to do is just close port 25. I don't
think this stops ATRN from working.

195.92.249.130 is the www.freeserve.com webpage. When I do DNS lookup
on it, there is no translation. A DNS lookup on www.freeserve.com
does give that IP address, but the IP address doesn't translate back
into that URL, which is strange. To do translations, all you need to
do is find a web based "nslookup". This is the one I use (the reason
for the numeric address is that when DNS is not working, I can still
reach this web server):

http://131.103.222.185/nslookup.htm

As far as the access problems inside your own LAN, the router has to
make a decision as to what to do if a LAN packet has the
public_address as the destination. It is possible, if a route was
added to the routing tables in the router, you could get it to work,
but I'm not 100% positive. Say the "Vera" machine tries to reach
"http://www.carlos-arruda.com", DNS translates this to 81.79.63.38,
which is the public_address. When the router sees this, it could
either forward the packet toward the Internet (because it looks like
a public address, and public addresses belong on the WAN interface)
- when it comes back, the router will be confused. I think routers
are set up to avoid looping packets in circles (the TTL time to live
helps stop this - it is decremented by one at every router), so one
way or another, I guess the packet gets discarded. If the "Vera"
machine wants to reach the web server, then http://192.168.28.4 is
the way to go. (If the OS on the "Vera" machine has a "hosts" file,
you could add an entry in there. The hosts file is consulted before
DNS, so if you have any entries that public DNS doesn't know about,
the "hosts" file can fill this gap.)

# The following link explains how to add entries to address
# translation on your computer. In this case, the "Vera" machine
# needs an entry like "192.168.28.4 carlos-arruda.com" in the hosts
# file, somewhere below the "127.0.0.1 localhost" entry.
http://www.mvps.org/winhelp2002/hosts.htm

As for the response with www.freeserve.com, that is not a DNS problem.
The "Ping" program uses ICMP protocol. This protocol, just like ports,
can be disabled on servers or filtered by routers. There are certain
buffer overflow exploits that can be done using "Ping", so to solve
that problem, many web servers are configured not to return an answer
when "pinged". So, just like closing port 25, the disabling of Ping
is a security thing. It is a real shame, because without Ping, you
cannot be sure that the node is functional or not.

So, what problems are you still having with email ? Clients cannot
send ? or receive ? Server cannot pull new mail ? What are the
symptoms ?

Paul
 
"Carlos Arruda" said:
I was there like a month ago and i was supose to meat this guy, but i lost
his contact, it was about linux, is it you Paul?
Cheers
Carlos

Nope :-) I don't do Linux...
 
Back
Top