A particularly strange web problem, the intranet access server is normal, the external network can not access the server

1, problem description

September 22, 2017, a customer reflects the site can not access, hurriedly to the company began to deal with the problem. Found the problem: the intranet access is normal, the extranet users can not access, concluded that the Web site architecture is not a problem, domain name resolution.

2. Troubleshooting

First open the Nginx anti-generation log, and then the external network and intranet access to the server

　　　　　　　　　　

　　

Found in addition to the intranet IP, and did not receive the access log from the extranet.

Again, the server firewall rejected the connection, so look at the firewall, SELinux, Hosts.deny

　　

Found the firewall all open, then I was a little depressed, so the use of tcpdump began to grasp the 80-port package

　　

Found still no data come in, so again judge may be outside the network packet is blocked by the firewall, so to the company firewall management account, log in to view the connection session.

　　

　　

Found that the firewall outside the network without sessions, intranet access to the public network address is normal, so it is determined that the operator intercepted the public address.

Decisive to the line engineer to call, sure as a result of last night they did cut, led to some users have failed, through the exchange successfully solve the problem.

The fault from the internal to the outside of the layer to troubleshoot, quickly solve the problem.

　　

A particularly strange web problem, the intranet access server is normal, the external network can not access the server