Access Webserver on Port 8082

Mirko
Mirko Posts: 12
First Comment First Anniversary
edited April 2021 in Security

Hi everybody,


I got a Zyxel USG 110 and would like to access a Ubuntu Webserver from the outside.

I have a NAT rule which seems to be working but only internally in my LAN.


What do I need to set as security policy to make this working?

Is there anything else to take care about?

Best regards...

Mirko

All Replies

  • PeterUK
    PeterUK Posts: 1,498
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Well yes your going to need to make a rule from WAN1 to LAN1 (where your server is) for service ARCHIVWEBSERVER.

  • Mirko
    Mirko Posts: 12
    First Comment First Anniversary

    Okay I made a rule from WAN to LAN1 but it is still not working.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 1,498
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Is the Webserver on LAN1?

    When you make the incoming connection from external do the logs show the connection?

  • Mirko
    Mirko Posts: 12
    First Comment First Anniversary

    Hmm. I get a TCP Retransmission... what does that mean? It seems to be stuck after connecting to USG110.


    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256


    4 1.009869 146.0.216.115 192.168.1.200 TCP 74 [TCP Retransmission] 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663160185 TSecr=0 WS=256

    On LAN1 side.. nothing.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 1,498
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    For testing change the rule to LAN1 to any

  • jasailafan
    jasailafan Posts: 166
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member

    Hi Mirko,

    Try to disable the firewall rule temporarily to check if the connection issue is coming from firewall rule or not.

    Router(config)# no firewall activate

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,055
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member

    Hi @Mirko

    From the packets trace, we can see that tcp handshake fail, what we expect is that Ubuntu Webserver reply with [syn,ack] packets, then establish the connection.

    Can you also capture packets on Ubuntu server? Confirm that if the Ubuntu server receive the syn packet.

    ~~~~~~~~~~~~~~~~~~~

    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256

    ~~~~~~~~~~~~~~~~~~~

     

    Tcp hand shake

    A ------[syn]-----------> Ubuntu Webserver

    A <------[syn,ack]---- Ubuntu Webserver  <= Ubuntu should reply with [syn,ack ]

    A ------[ack]-----------> Ubuntu Webserver

Security Highlight