Can't connect to internal URL

asked 2017-02-07 21:45:07 +0000

subtle gravatar image

updated 2017-02-16 20:08:49 +0000

I've been tasked with learning about and maintaining our subnet underneath our larger corporations network. I'm new to network maintenance and linux firewalls. I also think our setup is outdated and I don't have a complete understanding of the larger structure within the corporation. I do have sudo access to our subnets firewall machine (running Fedora Core 4) though. However with the current state of the system I can't run X Windows or yum install.

My immediate goal is to allow the Dropbox-like program Syncplicity to sync from our subnet. Syncplicity support informed me that it isn't working because I can not connect to an internal URL as revealed in the Syncplicity log:

  • 2017-01-05T11:07:44 INFO [d3] DownloadTransfer - Using URL to Transfer data https ://subdomain.domain/retrieveFile.php?vToken=5279257-846542971
  • 2017-01-05T11:08:05 WARN [d3] dl_err Download failed: filename.txt(CanNotDownload) in C:\Users\Name\Syncplicity Folders\Folder1
    • System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XXX.XXX.XXX.XXX:443

I used domain above to indicate our corporations primary domain. Typing in domain in a browser reveals our primary external website. I am able to ping subdomain.domain from an external network (from home for example) but not from within our subnet. In general I can't ping from within our subnet but with the right network configuration I can telnet to external websites (telnet google.com 80) and our main domain (telnet domain 80). I cannot telnet to subdomain.domain 80 or subdomain.domain 443. Syncplicity requires 443 to be open. I have added an ACCEPT for 443 to iptables:

iptables -I INPUT 4 -p tcp -m tcp --dport 443 -j ACCEPT

I have also allowed the static internal ip (ip1) for the problematic url subdomain.domain:

iptables -I INPUT 5 -s ip1 -j ACCEPT

but these do not resolve the connection issue. Removing iptables temporarily also does not solve the issue. My physical setup is: Wall connection - router - eth1 on firewall machine .

I believe my ifcfg configurations are outdated (eth0 use to be setup with a static ip and used as a backup server but is no longer used or connected with an ethernet wire). My routing after running dhclient is:

$ dhclient
$ route -n
Destination Gateway Genmask Flags   Metric  Ref Use Iface
192.168.1.0 0.0.0.0     255.255.255.0   U   0   0   0   eth1
0.0.0.0     192.168.1.1 0.0.0.0     UG  0   0   0   eth1

Do you have any suggestions for how to get around this issue? I'm concerned that the primary problem might be caused by network filtering between my wall connection through the larger corporate network (as opposed from the wall to our router / firewall) but I'm not sure.

I'm adding ... (more)

edit retag flag offensive close merge delete