Access Webserver on Port 8082

Mirko

Hi everybody,

I got a Zyxel USG 110 and would like to access a Ubuntu Webserver from the outside.

I have a NAT rule which seems to be working but only internally in my LAN.

What do I need to set as security policy to make this working?

Is there anything else to take care about?

Best regards...

Mirko

PeterUK

Well yes your going to need to make a rule from WAN1 to LAN1 (where your server is) for service ARCHIVWEBSERVER.

Mirko

Okay I made a rule from WAN to LAN1 but it is still not working.

Best regards...

Mirko

PeterUK

Is the Webserver on LAN1?

When you make the incoming connection from external do the logs show the connection?

Mirko

Hmm. I get a TCP Retransmission... what does that mean? It seems to be stuck after connecting to USG110.

3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256

4 1.009869 146.0.216.115 192.168.1.200 TCP 74 [TCP Retransmission] 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663160185 TSecr=0 WS=256

On LAN1 side.. nothing.

Best regards...

Mirko

PeterUK

For testing change the rule to LAN1 to any

jasailafan

Hi Mirko,

Try to disable the firewall rule temporarily to check if the connection issue is coming from firewall rule or not.

Router(config)# no firewall activate

Zyxel_Cooldia

Hi @Mirko

From the packets trace, we can see that tcp handshake fail, what we expect is that Ubuntu Webserver reply with [syn,ack] packets, then establish the connection.

Can you also capture packets on Ubuntu server? Confirm that if the Ubuntu server receive the syn packet.

~~~~~~~~~~~~~~~~~~~

3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256

~~~~~~~~~~~~~~~~~~~

 

Tcp hand shake

A ------[syn]-----------> Ubuntu Webserver

A <------[syn,ack]---- Ubuntu Webserver  <= Ubuntu should reply with [syn,ack ]

A ------[ack]-----------> Ubuntu Webserver