can you show me from nmc

show network interface

Linda, thank you in advance for anything you can offer that might help. FYI, i can successfully ping outbound from the command line console.

==== Interfaces ====

lo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000

e1000g0: flags=1001000843 mtu 1500 index 2 inet 192.168.0.75 netmask ffffff00 broadcast 192.168.0.255 ether 0:c:29:8a:1b:7c

lo0: flags=2002000849 mtu 8252 index 1 inet6 ::1/128

Sorry, double post...

so what is the ip of the system you are trying to access the webgui from?

The test LAN it's on is obviously 192.168.0.0/24 but that's behind a NAT to the real world.

There's port forwarding established from the external interface of the NAT to the IP of the NexentaStor(192.168.0.75) on port 2000.

Basically, I'd like to be able to access port 2000 from any IP anywhere in the world for now. I can lock it down more tightly later, but right now it apparently doesn't answer port 2000 requests originating anywhere outside it's home LAN.

Hope that helps, let me know how else I might clarify things.

Thank You, AJM

Are you sure the nexenta has a valid default IP gateway?

I thought that sounded like it too, but there it is in the GUI. I even removed and re-added it to make sure.

Dropped to a CLI and did the following to double-check:

root@SYCORAX:/export/home/admin# cat /etc/defaultrouter

192.168.0.1

I can ping outbound to all sorts of DNS names and IPs beyond the test LAN, so it's definitely getting out.

Thanks, AJM

How about running tcpdump on the nexenta, matching on port 2000, and then try to connect from an outside host and report what you see?

I see tcpdump is not built-in to NS, any pointers on adding it? -AJM

I'm guessing 'apt-get install tcpdump'?

Sorry, should have mentioned I tried that and it can't find the package.

root@SYCORAX:/export/home/admin# apt-get install tcpdump

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Couldn't find package tcpdump

-AJM

Bummer, maybe Linda can comment on how to get tcpdump? You could try running tcpdump/wireshark on the other host and see if anything at all is coming back?

You said it's behind a firewall, have you setup a rule to pass through traffic on port 2000?

We currently have nexenta boxes on several different subnets without problems, but we don't have any NAT in between the different subnets just routing (like 192.168.0.1/24 and 192.168.5.1/24).

Thanks, yes, I did have port forwarding on TCP 2000, but the problem seems to have resolved itself.

I wanted to re-arrange the underlying physical storage under the syspool so I just blew away the whole instance and resintalled from scratch. Same IP, so I know the forwarding rule must have been OK. Now it works! I don't think I did anything different or special in either case, but it's working, so perhaps I inadvertantly knocked a lever or knob in the wrong direction previously.

Thanks everyone, regardless! AJM

Just another thing to watch for that I found was:

Is that if you are going through a Cisco ASA 5510, you will need to change the web GUI port. I wasted hours on this issue. For some reason the ASA blocks port 2000 even if you have it wide open!! Change the port to any other number and you are sweet.

Hope this helps someone in the future.

Cheers R