Hi guys.
I have a task to debug why one specific web site doesn’t work via port forwarding.
What i have:
- server behind mikrotik with mikrotik router as default gateway. Access to the internet from server is established via PPoE aDSL connection.
- working script which dynamically updates hostname.chnageip.com service.
- working port forward to server (1) form dynamic dns hostname: http://aerzen.25u.com:81 (port forwarded to server:80)
- problem web site application (EATON IPP) which can be accessed from dynamic dns hostname: http://aerzen.25u.com:8080 (port forwarded to server:4679)
The EATON IPP website on port 8080 (4.) wont load via dynamic DNS port 8080 correctly. It loads the HTML code but it does not render in browser at all. Please have a look at source code: http://aerzen.25u.com.8080
The EATON IPP web site works fine inside server LAN.
The EATON IPP web site works fine if access via SSH port forwarding (via Putty SSH port forward).
This is how problematic Eaton IPP web service looks like in the same browser, on same offsite laptop.
This is via SSH port forwarding:
Any debugging ideas?
Please help.
DId you really mean that the web server is establishing a PPPoE connection or is the PPPoE DSL connection being handled by the Mikrotik unit?
Port 8080 is often used for caching. Have you checked that another port (say 82) doesn’t cure the problem?
Yes, Mikrotik RB is classic PPPoE router and is default gateway for all computers and linux server.
Port 8080 is often used for caching. Have you checked that another port (say 82) doesn’t cure the problem?
I have changed the incoming port number to 82 but still, the web site won’t render (i do have some HTML source).
Any advice how to start debugging this?
I have tried different browsers and different networks on different ISPs. The same issues is experienced evreywhere outside servers internal LAN (192.168.173.0/24).
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=SERVER_LOCAL_IP to-ports=22 protocol=tcp in-interface=T-Com-PPPoE dst-port=222
1 chain=dstnat action=dst-nat to-addresses=SERVER_LOCAL_IP to-ports=1194 protocol=tcp in-interface=T-Com-PPPoE dst-port=1194
2 chain=dstnat action=dst-nat to-addresses=SERVER_LOCAL_IP to-ports=80 protocol=tcp in-interface=T-Com-PPPoE dst-port=81
3 chain=dstnat action=dst-nat to-addresses=SERVER_LOCAL_IP to-ports=4679 protocol=tcp in-interface=T-Com-PPPoE dst-port=82
4 chain=srcnat action=accept dst-address=172.16.0.0/16
5 ;;; default configuration
chain=srcnat action=masquerade out-interface=T-Com-PPPoE
[admin@MikroTik] /ip firewall nat>
I suggest that you test the port 82 forward on the “working” web site and then return it to the “problem” web site. If the web sites are on the same server and the forward works for one then it should work for the other. Perhaps there are absolute address references in the source code for the “problem” site. SOme web servers also have some known MTU issues which would be another thing to check.
I’ve just tryed that.
Please have a look:
http://aerzen.25u.com:82/ (used to be EATON IPP)
http://aerzen.25u.com:81/ (Used to be some test html website).
Both are on the same server.
I tried to /tool torch connections and there are some connections. Regarding “absoulte address” issue you mentioned, as you can see in the screenshot, the Eaton IPP websote loads and works great via the SSH port forward (via Putty ssh tunneling).
Are you sure that the upstream ISP doesn’t filter certain ports?
I have changed the ports to 80, 81, 82, 8080… I have alse checked with the upstream ISP selfservice web site. There is an option to use the ISP firewall, bit it is OFF.
I usually use lots of different ports like 22, 222, 1194 .. no problem with that.
If the port would be filtered i would not receive the partial HTML source code, and there would be no connections to server at all… right?
Thank you for all the ideas. I really need them.
Any other advice? Please help.