Forum OpenACS Development: unable to access

Collapse
1: unable to access
Posted by Iuri Sampaio on 05/21/10 02:11 AM
Hi there,

I have a system that is accessible externally but it isn`t internally. The machines that are under the same gateway have no access. I tried to access the system using the internal IP and DNS, but both got timed out.

I already checked if it was a problem with local proxy in the machines. I also cleaned all the temporary files and cookies. Nothing succeeded.

Does anyone already face this situation?

Collapse
2: Re: unable to access (response to 1)
Posted by Brian Fenton on 05/24/10 01:12 PM
Hi Iuri

what's your server networking setup? When you say "internally", what does that mean? From the server that is running AOLserver? Or from within your internal network?

What IP addresses is AOLserver listening on?

Can you do a "telnet %lt;internal IP> %lt;port>" on the server that is running AOLserver?

Brian

Collapse
3: Re: unable to access (response to 2)
Posted by Iuri Sampaio on 05/25/10 03:33 PM
Brian,

The networking is:
Gateway: 192.168.1.1
server: 192.168.1.100

I also run nginx as a proxy server listening to IP 192.168.1.100 that points to AOLServer which is listening to the machine local ip address 127.0.0.1

Would nginx affect internal access?
If so why external access is properly working?

I blocked telnet access. SSH access is working fine

Collapse
5: Re: unable to access (response to 3)
Posted by Gustaf Neumann on 05/25/10 09:32 PM
hmm, not sure what exactly you refer to as "internally" and "externally". IP addresses from 192.168.0.0 - 192.168.255.255 are reserved for "private Internets", so they are not suppose to work from outside of an gateway that separates an internal network from the public Internet (see e.g. http://www.faqs.org/rfcs/rfc1918.html).
Collapse
6: Re: unable to access (response to 5)
Posted by Iuri Sampaio on 05/26/10 05:42 AM
Externally: The site is reached through the DNS. For example: http://yoursite.com and it resolves fine to whatever computer around the globe :)

Internally: the computers those are in the same intranet 192.168.1.0 - 192.168.1.255 (under the same gateway 192.168.1.1), have no access to the site.
Neither through the DNS nor through the internal IP.

I strongly believe the issue is on nginx.
I will paste the results later.

cheers,

Collapse
8: Re: unable to access (response to 6)
Posted by Gustaf Neumann on 05/26/10 08:49 AM
Can you resolve yoursite.com via DNS from your internal machines? if not, your DNS setup is wrong. if DNS resolves to e.g. 1.2.3.4, try http://1.2.3.4/ from an internal machine. This request should be resolved via proxy (nginx). If this does not work, you have most likely a router/vlan etc. problem. Certainly, one can as well goof up the nginx configuration. One can consider as well using 0.0.0.0 (listen to all ip addresses) for aolserver, but i am not sure, this is a good idea for your case. In general, nginx works perfectly with internal/external addresses. however, without more details about the intended/actual setup, guessing is hard.
Collapse
9: Re: unable to access (response to 8)
Posted by Iuri Sampaio on 05/26/10 06:05 PM
It can't resolve mysite.com via DNS from internal machines. However it resolves fine to external ones.

What do you mean with wrong DNS setup?

Well, the server is under a modem, which distributes the connection over a switch, and it forwards the http connection on port 80 to the respective machine, at 192.168.1.100.

Then, the proxy server (nginx) switches from 192.168.1.100:80 to 127.0.0.1:8001

So far, nginx is not the problem. I turned it down and set AOLServer directly to listen to the internal address 192.168.1.100 and the computers under the intranet have no access to the site.

Btw, the internal machines are running windows except the one that holds the site. it runs debian with standard installation without any browser to test the access.

Collapse
4: Re: unable to access (response to 1)
Posted by Jim Lynch on 05/25/10 08:20 PM
So aolserver itself is not listening at 192.168.1.100, but a proxy is? So, it must be the proxy that's deciding what IP it will respond to.
Collapse
7: Re: unable to access (response to 1)
Posted by Torben Brosten on 05/26/10 08:43 AM
Iuri,

If I remember right, aolserver is fairly specific about the ip it listens to (more specific than the machine it runs on) depending on the operating system that is running and how its configured etc.

Setting to 127.0.0.1 sometimes works well when running aolserver on a laptop (where the ip frequently changes between networks and you don't want other systems accessing the server).

To test if this is an aolserver configuration issue, set the aolserver ip to "0.0.0.0" which aolserver interprets as "listen to all ips that the machine accepts (and perhaps others)."

If that works, then try setting aolserver's ip to the same as it's system ip ( 192.168.1.100 ).

cheers,

Torben

Collapse
10: Re: unable to access (response to 1)
Posted by Torben Brosten on 05/26/10 07:23 PM
If there are ethernet switches used within the intranet, try power cycling those when changing IPs (or cabling positions) also. (And be sure to restart aolserver when re-configuring it's ip).

Another place to check: some gateways have a configuration option that limits access between computers within the same intranet..