DSL router and webserver access from outside

[claybv]

I'm working on new project from My house which has DSL. DSL modem/router/bridge.Ive changed LAN settings and port settings.can see modem and My FC8 server,but cant see outside or internet. reset modem to square one and internet works. anyone that can help explain or give some steps with the bridging. I'm not use to DSL. Mostly T1 or larger and usually dont deal with router side at work.
Modem is Zhone-Paradyne 6381-A3-200 ADSL2+ /R Bridge/Router.
Eth0=My network
Eth2= ISP modem side

[root@www ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:40:F4:5D:48:10
inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::240:f4ff:fe5d:4810/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:16984 (16.5 KiB)
Interrupt:11 Base address:0x8800

eth2 Link encap:Ethernet HWaddr 00:02:41:00:45:76
inet addr:192.168.41.125 Bcast:192.168.41.255 Mask:255.255.255.0
inet6 addr: fe80::202:41ff:fe00:4576/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:276 errors:0 dropped:0 overruns:0 frame:0
TX packets:329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:172115 (168.0 KiB) TX bytes:36991 (36.1 KiB)
Interrupt:9 Base address:0x6c00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5096 errors:0 dropped:0 overruns:0 frame:0
TX packets:5096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5454770 (5.2 MiB) TX bytes:5454770 (5.2 MiB)

[root@www ~]#

From Dyndns or outside internet access message:

An attempted connection to 207.144.135.22:80 was refused. This typically indicates that there are no services available on that port, but that it is NOT being blocked by a firewall or your ISP.

Try again

dyndns.com is seeing My external IP as 207.144.135.22
n reference to router side:

eth2 ( server NIC )is connected to router....

If eth2 is set to dhcp mode.the router assigns the 192.168.41.##
and I can get internet.

if I set static ip for eth2 to say maybe 192.168.1.11 (.2-.10 reserved for router DHCP . I get no internet, but i can access router(192.168.1.1) login and setup.

eth0 is private network NIC.

[mechdave]

What does your /etc/resolv.conf file say?
Usually when you have this type of problem your router is not sending the DNS info supplied to it from your ISP. There are two ways around this:
1. Statically set all your NIC's to static and modify your /etc/resolv.conf file to look at the DNS servers of your isp. Eg: nameserver xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the ip address of your ISP's DNS primary server and secondary server on the next line using the same format)

2. Set all your NIC's to have an address supplied by your router/modem via DHCP and make sure the DNS addresses are being recieved from your ISP to your modem.

This usually fixes the problem. As for enabling access to your server from the internet, I suggest that you set up a DeMilitarised Zone (DMZ) for your web server so if your server is ever comprimised, the rest of your network is not at the mercy of the attacker. Use ssh to administer your server if you do not have physical access to it, and run it on a non standard port, (ie not port 22), this will usually fool many script kiddies and automated attacks. Make sure you read the apache config documentation from apache.org and lock it down solidly. Also uninstall any services you are not explicitly using.
Good luck my friend and happy Linuxing,
Mechdave

[claybv]

/etc/resolv.conf file says

nameserver is my ISP servers

I have dyndns.com handling my domain name

But appears that My ISP does not have 'port forward' on their network to my modem access.

and they say I have to buy a static IP. Guess I will have to,anyway.

[mechdave]

You need a little script called ddclient (it is for Linux), this updates your ip address with dyndns so people can find you. Your ISP will continually change your Ip address so you need this script to keep up. I had crond running it every hour when I had my server up, as my ISP was changing my IP address several times a day!

Hope this helps!

[claybv]

okay,
Here is the deal. I am using My linux server as firewall for private network and switch hub. I have a dedicated Network card for the modem.I got My static ip and setup my info in server nic that goes to DSL modem.Not seeing internet now. tried back on dhcp mode NIC goes out to internet. I called ISP tech support, We went through resets and power cycling modem and computers .

We tried straight to modem once with server ,then with laptop.. Could not even get laptop to internet with static or even dhcp,even after power recycle.

modem using bridge mode and tech support said I should just have to set static IP in computer NIC that goes to modem.

They issued trouble ticket for their advanced support for possibly monday.

any more suggestions?

Thanks!

[mechdave]

Why is your modem using bridge mode? Sounds like a very strange setup to be running DSL like that! Unless the ISP is deliberatley stopping you from doing what you are trying to achieve I have run out of ideas, I think wait and see what your ISP comes up with.

[claybv]

Okay,

Iv'e been on line with ISP tech support a few times they even gave me different 'static IP'. apparently it is some setting we are missing on the modem. They're using bridge mode and said I should put 'static IP' in computer,We had no luck. They are going to look at manual on My model modem and see what features need to be changed to work in bridge mode and let it through.modem and PC seem to work,and modem appears to not be communicating when we change to static. seems the dhcp option will get out and shows me further down their network than should (external IP shows their side of network where it shouldn't). So they think must be certain advanced setting in modem that needs to be switched on/off. Modem is Zhone-Paradyne 6381-A3-200 ADSL2+ /R Bridge/Router.

Keep in mind they said modem should be bridged / and static IP be in PC nic.... and should work....
but we are still trying.......

[Compunuts]

I've seen your posts on geekzone forum as well so I think I have some idea what you need...

I've also read your modem's manual. According to page 3-5, your modem can only be used one mode (any one of pppoe or ppoa or dhcp or static or bridge ). Since you are using bridge mode, you will be the following info from your ISP.

* ip address
* gateway address
* network mask
* DNS server address

Since your router merely is acting as a hub, you need those put into your PC to be able to route through their servers. And also, unless your IP is routable public IP ( NOT 192.168 or 10.10. ) you will not be able to host servers. Again, unless your ISP specifically allow you and configure in their to forward all requests to your PC in their routing table.

Above all is true, then you will need to do NAT to mask your computers behind your WAN connection. If you install something like Shorewall, that will be easily solved but first you need to have outside connections come through your modem.

[claybv]

Hooray !!!

whew! after several calls and waiting,different ip addresses and gateways and dns. They finally got their act on track !!. Their tech finally called me this afternoon,gave me a whole new ip and info in a totally different section of ip info, I'm now working.
ALL 4 sectors (*.*.*.*) of my ip is totally different and working.

Thanks to everybody that tried to help, hope to be able to help you later on......