I have an interesting problem. I cannot connect to a personal server I set up. What's interesting is that I can connect to it from the LAN using its non-local IP address. However, I cannot seem to connect to it from anywhere else.
Here's how my server is set up:
My entire home has a single Ethernet cable that goes directly into our router. Every device in the house is connected to the router. My server is on a static (local) IP address. The router is configured to forward the necessary ports to my server. So, when I tested out my connection, I was able to connect to my server from another computer on the same local area network using my non-local IP address (the IP address assigned to my router by my ISP). However, when I try to connect to my IP address from a computer that is not on my LAN using my non-local IP address, I receive an error like this:
10061 - Connection refused
The server you are attempting to access has refused the connection with the gateway. This usually results from trying to connect to a service that is inactive on the server.
I can connect to my server from my LAN using the router's IP address, but I can't connect to it from outside of my LAN using the router's IP address. Does anyone know what I'm doing wrong? Could there be some sort of setting I missed that's necessary to make my router "public?"
Your router has got a build in firewall.
The firewall is set to allow connections from a pc on the local network to another pc on the local network. ( This is called forwarding ).
By default your ip firewall is set to deny incomming connections to your local network on some ports. the default ports are thos that are used by windows to connect to shared drives.
This is a very important security feature, if you disable these ports or allow traffic on these ports any one on the internet will be able to access your server if the find your public ip address.
Now if you had mail server on your local network and you wanted people to send mail to it on port 25 (SMTP) then you would set a rule in your firewall to allow incomming traffic on port 25 and to forward it to the internal mail server.
So you sepcify what port you allow traffic on and you specify that it can only go to one specific ip address.
Your firewall is set to block microsoft file and print sharing by default. If you have a samba server on the inside of your network and you want to connect to it from the outside of your network your firewall will block it.
Perhaps I should have been more specific. I'm not trying to print from my server. I'm actually trying to SSH into it. Well, I'm trying to get any/all of the following protocols to work:
HTTP
FTP
SSH
VNC
However, they all result in a "Connection Refused", "Connection Timed Out" or similar error regardless of whether I'm trying to access them from Windows or Linux. Is a firewall blocking all of them? Can you explain how I can fix my problem?
I did not. Is there a simple way to do this, or must I call my ISP and ask them if they allow inbound connections on the relevant ports?
Also, if my ISP informs me that they will not allow the ports I need, is it possible to use different ports? For example, could I SSH over a port other than 22?
You could try a probe from external using tcptraceroute and check if it's being blocked somewhere on the way, but you'll probably get a definite answer if you call your ISP. That way you could also ask them if there's any other way for you to access your machine at home (sometimes they can get coaxed into opening a port).
SSH, FTP, and HTTP can use other ports if necessary, not sure about VNC, but from a security view I'd suggest to enable VNC only for localhost and using an SSH tunnel to connect.
To check if you can communicate with a internal mail server do the following.
from external pc.
telnet (Ip address of public nic on router) 25
eg. telnet 192.168.0.55 25
for a pop3 server connection change 25 to 110 and so on.
If you look at your firewall rules there must be a rule that says something along these lines.
"Allow in coming traffic from anywhere on port 22 to local ip address."
Now i assume that your internet router has a ipaddress on the local nic and one on the ppp+ port. So lets say your internal ip address is 192.168.0.254 and the ppp+ address is 42.253.200.110 (Assigned by your isp). now to allow a connection on port 22 (ssh) from the outside world you need to make a rule in your firewall that says this.
allow tcp traffic from anywhere on port 22 to 42.253.200.110. (Not sure what router you use).
If you have a internal server with ip address 192.168.0.115 that is separate from the router running a vnc service you would do something along these lines.
allow tcp traffic from anywhere on port 5900 to internal server 192.168.0.115
Then always remember to deny everything else from coming in as the last rule.
