#1 2017-12-05 15:54:28

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

[mrVM] reverse proxy / port forwarding issues

@mikho seems like the port forwarding/proxy thingy doesn't work so good?

so far I only could get http & https working for falkenstein location. sofia seems to work only with http but no https?
for kansas, lenoir and sandefjord domain forwarding won't even work with http...

any hints? do I miss something?

thanks for having a look into it...

Offline

#2 2017-12-06 05:51:57

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

I’ll take a look today. NO took a crap at 3am this morning. Perhaps that sorted it out? 
J/K....

All looking glass installations are on each server, I’ll use those as test subjects.

Offline

#3 2017-12-06 08:05:57

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

Re: [mrVM] reverse proxy / port forwarding issues

thanks for looking into it... and no I don't see any change for NO (or any other).

I'll send you some more infos per PM, may be I am just missing something.

Offline

#4 2017-12-06 10:32:37

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

please try now

Offline

#5 2017-12-06 10:51:59

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

Re: [mrVM] reverse proxy / port forwarding issues

whatever you did, you fixed it, thanks a ton!

can confirm it works now in all locations as expected - awesome :-)

no more crying, haha

Last edited by Falzo (2017-12-06 10:52:20)

Offline

#6 2017-12-06 10:52:47

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

cool!

Offline

#7 2017-12-22 14:06:34

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Hi, @mikho.

It seems I can not get Domain Forwarding to work on my NAT VPS for both HTTP and HTTPS. I had set the domain (set the A record to point to the external IP of the VPS; I use freedns.afraid.org service) and ports right but unable to connect to the domain from my browser. My VPS is in the Kansas City location.

Thank you.

Offline

#8 2017-12-22 15:42:31

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

Re: [mrVM] reverse proxy / port forwarding issues

mxp13 wrote:

Hi, @mikho.

It seems I can not get Domain Forwarding to work on my NAT VPS for both HTTP and HTTPS. I had set the domain (set the A record to point to the external IP of the VPS; I use freedns.afraid.org service) and ports right but unable to connect to the domain from my browser. My VPS is in the Kansas City location.

Thank you.

I quickly checked and for me both is still working. May depend on the node though.

Offline

#9 2017-12-22 21:08:43

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Falzo wrote:
mxp13 wrote:

Hi, @mikho.

It seems I can not get Domain Forwarding to work on my NAT VPS for both HTTP and HTTPS. I had set the domain (set the A record to point to the external IP of the VPS; I use freedns.afraid.org service) and ports right but unable to connect to the domain from my browser. My VPS is in the Kansas City location.

Thank you.

I quickly checked and for me both is still working. May depend on the node though.

Hi, Falzo.

Unfortunately, it is still not working over here. I guess you might be right about it being dependent upon the node.

Here is a screenshot of the settings:

mY2drAq.png

'Source Domain' is the domain/subdomain that has an A record pointing to the external IP of the VPS while 'Destination IP' is the internal NAT IP of the VPS, is that correct?

Offline

#10 2017-12-22 22:23:16

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

Re: [mrVM] reverse proxy / port forwarding issues

'Source Domain' is the domain/subdomain that has an A record pointing to the external IP of the VPS while 'Destination IP' is the internal NAT IP of the VPS, is that correct?

yes that's correct. have you checked if your webserver is running on your VM and listening on port 80/443 (e.g. with netstat)?

Offline

#11 2017-12-22 22:36:55

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Falzo wrote:

yes that's correct. have you checked if your webserver is running on your VM and listening on port 80/443 (e.g. with netstat)?

I have and it is listening on both ports. It might be unrelated to this issue but I took the opportunity to test the provided ports for forwarding purposes, using Python's simple HTTP server facility. Port forwarding works well, however.

Offline

#12 2017-12-23 16:11:40

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

I checked Kansas and it was working for the domains I checked.
Please send me a message using this forum of the domain that you are using and the internal IP.

Working on some network issues with the client area.


mxp13 wrote:
Falzo wrote:

I quickly checked and for me both is still working. May depend on the node though.

Hi, Falzo.

Unfortunately, it is still not working over here. I guess you might be right about it being dependent upon the node.

Here is a screenshot of the settings:

https://i.imgur.com/mY2drAq.png

'Source Domain' is the domain/subdomain that has an A record pointing to the external IP of the VPS while 'Destination IP' is the internal NAT IP of the VPS, is that correct?

Offline

#13 2017-12-23 17:02:29

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

mikho wrote:

I checked Kansas and it was working for the domains I checked.
Please send me a message using this forum of the domain that you are using and the internal IP.

Working on some network issues with the client area.

Hi, mikho.

Requested details sent.

Offline

#14 2017-12-23 21:11:14

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

from what I can see you don't have anything listening on port 80 on ipv4, only ipv6.
and on port 443 is something else then a httpd listening.....

Offline

#15 2017-12-23 22:09:05

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Thank you for checking it out for me, mikho. However, forgive me if I am wrong, but I believe port 80 is running on both IPv4 (NAT) and IPv6 even though it is not showing on netstat literal output, as from my reading, it is a dual-stack configuration. I tested this by wget-ing -- from localhost -- on IPv4 (127.0.0.1) and IPv6 (::1). Here is the output:

[email protected]:~# wget http://127.0.0.1
--2017-12-23 15:39:26--  http://127.0.0.1/
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11321 (11K) [text/html]
Saving to: 'index.html'

index.html          100%[===================>]  11.06K  --.-KB/s    in 0s      

2017-12-23 15:39:26 (191 MB/s) - 'index.html' saved [11321/11321]

[email protected]:~# wget http://[::1]    
--2017-12-23 15:39:46--  http://[::1]/
Connecting to [::1]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11321 (11K) [text/html]
Saving to: 'index.html.1'

index.html.1        100%[===================>]  11.06K  --.-KB/s    in 0s      

2017-12-23 15:39:46 (182 MB/s) - 'index.html.1' saved [11321/11321]

[email protected]:~# wget https://127.0.0.1
--2017-12-23 15:40:02--  https://127.0.0.1/
Connecting to 127.0.0.1:443... connected.
OpenSSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Unable to establish SSL connection.
[email protected]:~# wget https://[::1]    
--2017-12-23 15:40:26--  https://[::1]/
Connecting to [::1]:443... failed: Connection refused.

As we can see, wget was able to connect to IPv4 and IPv6 on port 80. While for port 443 on IPv4 it shows a failure but still connected (I expected this behaviour; more on this below). And as I had intentionally not make 443 listen on IPv6, wget failed to connect. I also tested wget using the NAT IPv4 address, and got the same result: was able to connect on port 80 and 443.

Yes, for port 443, I am not running Apache like I do for port 80 as you indicated, as I am using stunnel to bind onto that port which requires users to provide a certificate upon connection in order to pass through. But I do not see how this is a problem as there is that service listening on that port, which means I should have been able to connect (as I also should with port 80). To be certain, I even edited /etc/apache2/ports.conf and changed "Listen 80" to "Listen 0.0.0.0:80" so it only listened on IPv4, which was proved by netstat's output, but even then I fail to connect to the domain. I have since restored the file to its original version.

The initial problem still remains, that is the domain failed to be forwarded to IPv4 NAT on port 80 (and also on port 443) even though they are both listening on said ports. I surely hope I am in the wrong here and it was just a silly mistake on my part.

Offline

#16 2017-12-24 08:02:36

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,803
Website

Re: [mrVM] reverse proxy / port forwarding issues

testing local host is not a valid test, all that tells you is that the service is running, not that the port list listening, if you had your sshd running but filtered to all external hosts you would still be able to connect via console on localhost.

Netstat needs to show it is listening, no reverse proxy will work until then.


https://upto32.com retro gaming and nostalgia forum that does not take itself to seriously smile

Offline

#17 2017-12-24 08:57:39

Falzo
Trusted Member
Registered: 2017-12-05
Posts: 8

Re: [mrVM] reverse proxy / port forwarding issues

Backtogeek wrote:

testing local host is not a valid test, all that tells you is that the service is running, not that the port list listening, if you had your sshd running but filtered to all external hosts you would still be able to connect via console on localhost.

Netstat needs to show it is listening, no reverse proxy will work until then.

also iptables (or whatever firewall might be running) could still block external access...

Offline

#18 2017-12-24 09:50:17

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Hi, Backtogeek and Falzo.

Thank you for your responses. In my post, I indicated that

mxp13 wrote:

I also tested wget using the NAT IPv4 address, and got the same result: was able to connect on port 80 and 443.

which means I had edited the configuration files to bind onto my NAT IPv4 address, restarted the services, then tried to connect to it but still to no avail.

To eliminate possibilities that could lead to it not working, I just changed the settings once again, restarted the services and re-added the domain in the Domain Forwarding section in the Client Area. Both Apache and stunnel is now listening to port 80 and 443 respectively on IPv4 only. There is no firewall blocking both ports. Here is netstat's output:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      28480/apache2
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      28557/stunnel4

However, I am still unable to connect. I have left the settings as such so that mikho can have a look.

Last edited by mxp13 (2017-12-24 09:57:20)

Offline

#19 2017-12-24 11:55:53

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,803
Website

Re: [mrVM] reverse proxy / port forwarding issues

None of that matters if you are testing internally however if they are now listening on port 80 and responding to TCP header requests on the node (telnet check) then that should be fine.

With it being essentially christmas day in sweden though, I would now expect a response until the new year.


https://upto32.com retro gaming and nostalgia forum that does not take itself to seriously smile

Offline

#20 2017-12-24 12:14:07

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Backtogeek wrote:

None of that matters if you are testing internally however if they are now listening on port 80 and responding to TCP header requests on the node (telnet check) then that should be fine.

Yes, they are both listening on their respective ports and responding to telnet checks.

Backtogeek wrote:

With it being essentially christmas day in sweden though, I would now expect a response until the new year.

It is alright. I shall wait for mikho's response whenever he is convenient.

Thank you.

Happy holidays to you, mikho, Falzo and everyone!

Offline

#21 2017-12-24 13:24:06

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,803
Website

Re: [mrVM] reverse proxy / port forwarding issues

mxp13 wrote:

Yes, they are both listening on their respective ports and responding to telnet checks.

There is no way you can check that, it has to be checked externally i.e. from the node itself.


https://upto32.com retro gaming and nostalgia forum that does not take itself to seriously smile

Offline

#22 2017-12-24 13:27:04

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

Backtogeek wrote:

There is no way you can check that, it has to be checked externally i.e. from the node itself.

Yes, I am aware of that.

Offline

#23 2017-12-26 21:15:58

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,557
Website

Re: [mrVM] reverse proxy / port forwarding issues

It works now.

I had to do some changes regarding the http headers

Offline

#24 2017-12-26 21:23:18

mxp13
Trusted Member
Registered: 2017-12-22
Posts: 9

Re: [mrVM] reverse proxy / port forwarding issues

mikho wrote:

It works now.

I had to do some changes regarding the http headers

I just had a quick check and yes, both are working now. Thank you for the fix!

Offline

Board footer

Powered by FluxBB