Access Webserver on Port 8082

Mirko
Mirko Posts: 12  Freshman Member
First Comment First Anniversary
edited April 2021 in Security

Hi everybody,


I got a Zyxel USG 110 and would like to access a Ubuntu Webserver from the outside.

I have a NAT rule which seems to be working but only internally in my LAN.


What do I need to set as security policy to make this working?

Is there anything else to take care about?

Best regards...

Mirko

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Well yes your going to need to make a rule from WAN1 to LAN1 (where your server is) for service ARCHIVWEBSERVER.

  • Mirko
    Mirko Posts: 12  Freshman Member
    First Comment First Anniversary

    Okay I made a rule from WAN to LAN1 but it is still not working.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Is the Webserver on LAN1?

    When you make the incoming connection from external do the logs show the connection?

  • Mirko
    Mirko Posts: 12  Freshman Member
    First Comment First Anniversary

    Hmm. I get a TCP Retransmission... what does that mean? It seems to be stuck after connecting to USG110.


    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256


    4 1.009869 146.0.216.115 192.168.1.200 TCP 74 [TCP Retransmission] 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663160185 TSecr=0 WS=256

    On LAN1 side.. nothing.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    For testing change the rule to LAN1 to any

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    Hi Mirko,

    Try to disable the firewall rule temporarily to check if the connection issue is coming from firewall rule or not.

    Router(config)# no firewall activate

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Mirko

    From the packets trace, we can see that tcp handshake fail, what we expect is that Ubuntu Webserver reply with [syn,ack] packets, then establish the connection.

    Can you also capture packets on Ubuntu server? Confirm that if the Ubuntu server receive the syn packet.

    ~~~~~~~~~~~~~~~~~~~

    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256

    ~~~~~~~~~~~~~~~~~~~

     

    Tcp hand shake

    A ------[syn]-----------> Ubuntu Webserver

    A <------[syn,ack]---- Ubuntu Webserver  <= Ubuntu should reply with [syn,ack ]

    A ------[ack]-----------> Ubuntu Webserver

Security Highlight