Routing(?) issue - Discuss

13 Sep 2018


      Hello all
I have weird problem i can't understand and don't know where to look.
[root@chamber ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
    link/ether bc:ae:c5:02:c7:dc brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::beae:c5ff:fe02:c7dc/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
    link/ether c0:4a:00:03:bc:3e brd ff:ff:ff:ff:ff:ff
    inet 10.0.49.1/25 brd 10.0.49.127 scope global noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::6b5a:6660:981b:7b84/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@chamber ~]# ip route
default via 10.0.0.1 dev enp1s0 proto static metric 100
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.200 metric 100
10.0.49.0/25 dev enp3s0 proto kernel scope link src 10.0.49.1 metric 101
[root@chamber ~]# firewall-cmd --list-all --zone=home
home (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources:
  services: mdns samba http ipp-client dhcpv6-client vnc-server nfs dns
dhcp imaps samba-client tftp smtp
  ports: 143/tcp 5666/tcp 26666/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
root@chamber ~]# firewall-cmd --list-all --zone=external
external (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: ssh http
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
There is nginx on port 80.
I've turned off SELinux for testing purposes.
[root@chamber ~]# nmap chamber -p80
[...]
PORT   STATE SERVICE
80/tcp open  http
[root@chamber ~]# nmap -p80 chmura.<domain>
[...]
PORT   STATE  SERVICE
80/tcp closed http
Same for any host within network (chamber is router).
chmura.<domain>'s IP is public IP of chamber (well sort of - it's IP of
ISP's router mounted on my chimney - it's WiMax or something like this).
All ports are redirected to chamber (port 80 for sure).
When i'm checking from network outside of mine, port is open and
everything works as expected. I'm puzzled - really don't know what is
happening. Any suggestions?
-- 
Over And Out
MoonWolf