[Discuss] web server can't see out but others can see in

[invalid at pizzashack.org (Derek Martin)]

On Wed, Sep 26, 2012 at 11:55:37PM -0400, Eric Chadbourne wrote:
> Hopefully this will provide some clues.  Note that I currently have
> the server set up as one to one nat.  I've tried a bunch of other
> configurations but this one appears to function as desired.  The
> server has ufw enabled to allow port 80.
>
> ## ####################################
> 
> eric at webserver1:~$ ping google.com
> ping: unknown host google.com
> 
> ## ####################################
> 
> eric at webserver1:~$ ping 173.194.43.38
> PING 173.194.43.38 (173.194.43.38) 56(84) bytes of data.
> < hangs forever here >

Ping is a bad test, because it uses outgoing ICMP, which is often
blocked (or at least the type of ICMP that ping uses is often
blocked).  You'd be much better off using wget to connect to a web
server by its IP, or something like that.

But, the sum of what you pasted looks a lot like a routing problem.
Try using traceoute or mtr to check some well known site, and see
where the route stops.  I'm betting it's at your router.  Using
traceroute also uses ICMP, but the packets sent by traceroute are
actually UDP datagrams -- you only need to be able to receive ICMP
error packets back from the outside, which probably works for you,
since your webserver does.

> eric at webserver1:/etc/network$ route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 eth0
> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0

Looks OK assuming 10.0.0.1 really is your gateway... but maybe it
isn't, depending on your virtualbox settings.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.