CentOS - Sep 2018 - Routing(?) issue

Hello all

I have weird problem i can't understand and don't know where to look.

[root at chamber ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
    link/ether bc:ae:c5:02:c7:dc brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::beae:c5ff:fe02:c7dc/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
    link/ether c0:4a:00:03:bc:3e brd ff:ff:ff:ff:ff:ff
    inet 10.0.49.1/25 brd 10.0.49.127 scope global noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::6b5a:6660:981b:7b84/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

[root at chamber ~]# ip route
default via 10.0.0.1 dev enp1s0 proto static metric 100
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.200 metric 100
10.0.49.0/25 dev enp3s0 proto kernel scope link src 10.0.49.1 metric 101

[root at chamber ~]# firewall-cmd --list-all --zone=home
home (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources:
  services: mdns samba http ipp-client dhcpv6-client vnc-server nfs dns
dhcp imaps samba-client tftp smtp
  ports: 143/tcp 5666/tcp 26666/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

root at chamber ~]# firewall-cmd --list-all --zone=external
external (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: ssh http
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


There is nginx on port 80.
I've turned off SELinux for testing purposes.

[root at chamber ~]# nmap chamber -p80
[...]
PORT   STATE SERVICE
80/tcp open  http

[root at chamber ~]# nmap -p80 chmura.<domain>
[...]
PORT   STATE  SERVICE
80/tcp closed http

Same for any host within network (chamber is router).

chmura.<domain>'s IP is public IP of chamber (well sort of - it's
IP of
ISP's router mounted on my chimney - it's WiMax or something like this).
All ports are redirected to chamber (port 80 for sure).

When i'm checking from network outside of mine, port is open and
everything works as expected. I'm puzzled - really don't know what is
happening. Any suggestions?

-- 
Over And Out
MoonWolf

On 13. sep. 2018 21:02, Marcin Trendota wrote:
> 
> There is nginx on port 80.
> I've turned off SELinux for testing purposes.
> 
> [root at chamber ~]# nmap chamber -p80
> [...]
> PORT   STATE SERVICE
> 80/tcp open  http
> 
> [root at chamber ~]# nmap -p80 chmura.<domain>
> [...]
> PORT   STATE  SERVICE
> 80/tcp closed http
Do a quick check with netstat/ss if you have nginx running on all 
interfaces.

W dniu 13.09.2018 o?22:19, Oleg Cherkasov pisze:
> On 13. sep. 2018 21:02, Marcin Trendota wrote:
>>
>> There is nginx on port 80.
>> I've turned off SELinux for testing purposes.
>>
>> [root at chamber ~]# nmap chamber -p80
>> [...]
>> PORT?? STATE SERVICE
>> 80/tcp open? http
>>
>> [root at chamber ~]# nmap -p80 chmura.<domain>
>> [...]
>> PORT?? STATE? SERVICE
>> 80/tcp closed http
> 
> Do a quick check with netstat/ss if you have nginx running on all
> interfaces.

[root at chamber ~]# netstat -l | grep http
tcp        0      0 0.0.0.0:http            0.0.0.0:*
LISTEN
tcp6       0      0 [::]:http               [::]:*
LISTEN

Looks like it is?
Besides outside of my network this address works.

(Sorry about private email (;) )

-- 
Over And Out
MoonWolf