Access Webserver on Port 8082

Mirko
Mirko Posts: 12  Freshman Member
First Anniversary First Comment
edited April 2021 in Security

Hi everybody,


I got a Zyxel USG 110 and would like to access a Ubuntu Webserver from the outside.

I have a NAT rule which seems to be working but only internally in my LAN.


What do I need to set as security policy to make this working?

Is there anything else to take care about?

Best regards...

Mirko

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Well yes your going to need to make a rule from WAN1 to LAN1 (where your server is) for service ARCHIVWEBSERVER.

  • Mirko
    Mirko Posts: 12  Freshman Member
    First Anniversary First Comment

    Okay I made a rule from WAN to LAN1 but it is still not working.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Is the Webserver on LAN1?

    When you make the incoming connection from external do the logs show the connection?

  • Mirko
    Mirko Posts: 12  Freshman Member
    First Anniversary First Comment

    Hmm. I get a TCP Retransmission... what does that mean? It seems to be stuck after connecting to USG110.


    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256


    4 1.009869 146.0.216.115 192.168.1.200 TCP 74 [TCP Retransmission] 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663160185 TSecr=0 WS=256

    On LAN1 side.. nothing.

    Best regards...

    Mirko

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    For testing change the rule to LAN1 to any

  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi Mirko,

    Try to disable the firewall rule temporarily to check if the connection issue is coming from firewall rule or not.

    Router(config)# no firewall activate

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Mirko

    From the packets trace, we can see that tcp handshake fail, what we expect is that Ubuntu Webserver reply with [syn,ack] packets, then establish the connection.

    Can you also capture packets on Ubuntu server? Confirm that if the Ubuntu server receive the syn packet.

    ~~~~~~~~~~~~~~~~~~~

    3 0.000000 146.0.216.115 192.168.1.200 TCP 74 38814 → 8082 [SYN] Seq=0 Win=65535 Len=0 MSS=1420 SACK_PERM=1 TSval=3663159179 TSecr=0 WS=256

    ~~~~~~~~~~~~~~~~~~~

     

    Tcp hand shake

    A ------[syn]-----------> Ubuntu Webserver

    A <------[syn,ack]---- Ubuntu Webserver  <= Ubuntu should reply with [syn,ack ]

    A ------[ack]-----------> Ubuntu Webserver

Security Highlight