Equipment Support > Hardware By Brand > Westell > Apache and SSH Timed Out - Westell 327W

Apache and SSH Timed Out - Westell 327W

title [ Security Level Custom (Low) IN rules ]
 
begin
 
TTL
drop match 3 8 { 00:FF } >> done, alert 4 [TTL of 0]
drop match 3 8 { 01:FF } >> done, alert 4 [TTL of 1]
 
Address
drop from addr 0.0.0.0 >> done, alert 4 [0.0.0.0 Source IP Address]
 
ICMP
pass protocol icmp, icmp-type exceeded >> done
drop protocol icmp, icmp-type reply >> done, alert 3 [ICMP Message To WAN IP - Echo Reply - Dropped]
drop protocol icmp, icmp-type exceeded >> done, alert 3 [ICMP Message To WAN IP - TTL Exceeded - Dropped]
drop protocol icmp, icmp-type unreachable >> done, alert 3 [ICMP Message To WAN IP - Dst Unreachable - Dropped]
drop protocol icmp, icmp-type request >> done, alert 3 [ICMP Message To WAN IP - Echo Request - Dropped]
drop protocol icmp >> done, alert 3 [ICMP Message To WAN IP - Dropped]
 
Permitted
pass all >> state
 
end
 

title [ Security Level Custom (Low) OUT rules ]
 
begin
 
WWW  
pass protocol tcp, to port 80 >> state
pass protocol tcp, from port 80 >> state
 
ICMP
pass protocol icmp, icmp-type request >> state, done
drop protocol icmp, icmp-type reply >> done, alert 2 [ICMP - Echo Reply - Drop]
drop protocol icmp, icmp-type exceeded >> done, alert 2 [ICMP - TTL Exceeded - Drop]
drop protocol icmp, icmp-type unreachable >> done, alert 2 [ICMP - Dst Unreachable - Drop]
drop protocol icmp, icmp-type request >> done, alert 1 [ICMP - Echo Request - Drop]
drop protocol icmp >> done, alert 2 [ICMP - Prohibited Type - Drop]
 
NetBIOS
drop to port >= 135, to port <= 139 >> done, alert 4 [Dropping NetBIOS Traffic]
 
Rules
RulesSaveState
Permitted
pass all >> state
 
end
 

Try turning off the firewall. If it still does not work, then you will know that it isn't a firewall problem.

Incidently, I have had no problems with SSH, or with email. I am not using DMZ, but I do port-forward ports 22 and 25 to my server.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

I disabled DMZ host for Ubuntu Server and setup port forwarding on the Westell 327w.

I can access apache from my computer on the LAN using its private 192.168.1.xxx IP, but I cant access it from my external public WAN IP.

I accessed the webserver from my friends house. I can access it, but I didnt have time to see if it still timed out.

When I received the timeout.... I accessed the website, clicked a few links, let it set idle for about 10 minutes, then when I click on another link it would time out. Sometimes it would timeout without letting it idle...

CHECK IT OUT:

»141.153.51.94

Tell me if it times out and if its very slow....

Okay, I can contact the web server. It's looking fine from here.

I think you are confused about the loopback. Most home routers, including the 327w, do not support loopback. That means that you properly access the public IP address from within the private LAN. So to test, you need to do from your friend's house or by use of an external proxy.

I also seem to be able to access the SSH, though I cannot login as I don't have an account there.

I hope this is useful.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

Thanks for the help!

I'll test it more from a friends house when I get time. I think everything is working good now and it shouldnt timeout anymore.

I dont know why apache and ssh were timing out when it was set to DMZ host?!?!?

...and the SSH is just temp and secured! Only 1 non-root user is allowed to login and its protected with DenyHosts.

Thanks again!

reply to davidjohns
I've found that pass all >> state doesn't work for ssh. It will do exactly as you say and time out after five or ten idle minutes. I have to explicitly pass ssh without the state command.