You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Vincent Lextrait <le...@tele2.fr> on 2006/04/02 15:43:49 UTC
[users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Hi all,
I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
Professional SP2, with firewall and anti spyware all deactivated. The conf
file is very plain.
The problem is that Apache, listening on port 80, does not accept
connections from the WAN, only from the LAN. I have replaced Apache with a
dumb little web server, also listening on port 80. It answers beautifully.
This rules out (I think) any obvious router or ISP problem. Anyway, a
sniffer (see further) shows traffic coming to the server.
Apache does not show any booting error, and does not log any error. It does
not log any traffic either, when it comes from the WAN.
I have tried to deactivate mod_access in the conf file, and also tried to
insert:
EnableSendfile Off
EnableMMAP Off
Win32DisableAcceptEx
to avoid any weird problem. The behavior is exactly the same.
In order to see if connections attempts were reaching my server (Joe), I've
used WinDump (trace below). The trace shows that the server receives a SYN
request from the external machine I am using to test the setup (I tried also
several other ones, same thing).
The second trace is a reverse DNS lookup, which is coming from Apache
(although mod_access is deactivated). Apache tries to gather information on
the external machine I assume. I do not understand why it does that.
The third trace is the answer from the DNS (I am not aware of any DNS issue
I would have, everything seems to work just fine). I do not know how to
interpret the answer trace.
After, no traffic is coming from Apache, and the external machine is
retrying a few times, without any success and any further reverse DNS lookup
from my machine. The connection is not finalized, Apache keeps ignoring the
SYN requests.
I've tried Ethereal to gather further information, but, for some mysterious
reason, it does not display the reverse DNS lookups, only the SYNs.
There is most likely something huge I am missing, or I made some wrong
interpretation. The fact is that I am stuck at this stage.
I include an extract of my conf file at the end of this post.
Any help is highly welcome!
Thanks in advance,
Vincent
10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
0,nop,wscale 2>
0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
0x0040: b0c4 0000 0000 0103 0302 ..........
10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
90.55.21.72.in-addr.arpa. (42)
0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
0x0050: 000c 0001 ....
10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8 PTR[|domain]
0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
161.127.244.130.in-addr.arpa. (46)
0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
0x0050: 7270 6100 000c 0001 rpa.....
10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
0,nop,wscale 2>
0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
0x0040: bc7c 0000 0000 0103 0302 .|........
10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
0,nop,wscale 2>
0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
0x0040: d3ec 0000 0000 0103 0302 ..........
Here is an the virtual host definitions extract from my conf file:
<VirtualHost 192.168.1.36:80>
ServerAdmin lextrait@tele2.fr
DocumentRoot C:/www/Aurinko
ServerName www.aurinko.com
ErrorLog logs/www.aurinko.com-error_log
CustomLog logs/www.aurinko.com-access_log common
</VirtualHost>
<VirtualHost 192.168.1.36:80>
ServerAdmin lextrait@tele2.fr
DocumentRoot C:/www/Thomas
ServerName thomas.lextrait.com
ErrorLog logs/thomas.lextrait.com-error_log
CustomLog logs/thomas.lextrait.com-access_log common
</VirtualHost>
<VirtualHost 192.168.1.36:80>
ServerAdmin lextrait@tele2.fr
DocumentRoot C:/www/Lextrait
ServerName www.lextrait.com
ErrorLog logs/www.lextrait.com-error_log
CustomLog logs/www.lextrait.com-access_log common
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Emmanuel E <em...@gmx.net>.
hmm... i really dont understand why it should be failing... i wonder if ur
missing some directives in the conf file.
Try removing all virtual hosts and only a normal default apache.
----- Original Message -----
From: "Vincent Lextrait" <le...@tele2.fr>
To: <us...@httpd.apache.org>
Sent: Monday, April 03, 2006 12:06 AM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
but LAN works fine
> Error shows nothing, and access shows only the LAN connections. Nothing
> about the WAN. The TCP connection is not even established, the SYN message
> to establish it arrives on the machine, and never gets ack'ed at TCP
> level.
> ----- Original Message -----
> From: "Emmanuel E" <em...@gmx.net>
> To: <us...@httpd.apache.org>
> Sent: Sunday, April 02, 2006 8:00 PM
> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
> but LAN works fine
>
>
>> what do the default access and error logs say?
>>
>> ----- Original Message -----
>> From: "Vincent Lextrait" <le...@tele2.fr>
>> To: <us...@httpd.apache.org>
>> Sent: Sunday, April 02, 2006 11:09 PM
>> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
>> but LAN works fine
>>
>>
>>> Yes, I do.
>>> Actually I noticed that my dummy web server works, but the reverse DNS
>>> query happens in that case too. But the external connection gets the
>>> proper TCP ack (right before the reverse DNS query). It never gets it
>>> from Apache. The SYN remains unanswered.
>>> ----- Original Message -----
>>> From: "Emmanuel E" <em...@gmx.net>
>>> To: <us...@httpd.apache.org>
>>> Sent: Sunday, April 02, 2006 6:52 PM
>>> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from
>>> WAN, but LAN works fine
>>>
>>>
>>>> Do you have a "Listen 80" directive somewhere in the conf file?
>>>> ----- Original Message -----
>>>> From: "Vincent Lextrait" <le...@tele2.fr>
>>>> To: <us...@httpd.apache.org>
>>>> Sent: Sunday, April 02, 2006 7:13 PM
>>>> Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN,
>>>> but LAN works fine
>>>>
>>>>
>>>>> Hi all,
>>>>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
>>>>> Professional SP2, with firewall and anti spyware all deactivated. The
>>>>> conf file is very plain.
>>>>> The problem is that Apache, listening on port 80, does not accept
>>>>> connections from the WAN, only from the LAN. I have replaced Apache
>>>>> with a dumb little web server, also listening on port 80. It answers
>>>>> beautifully. This rules out (I think) any obvious router or ISP
>>>>> problem. Anyway, a sniffer (see further) shows traffic coming to the
>>>>> server.
>>>>> Apache does not show any booting error, and does not log any error. It
>>>>> does not log any traffic either, when it comes from the WAN.
>>>>> I have tried to deactivate mod_access in the conf file, and also tried
>>>>> to insert:
>>>>>
>>>>> EnableSendfile Off
>>>>> EnableMMAP Off
>>>>> Win32DisableAcceptEx
>>>>>
>>>>> to avoid any weird problem. The behavior is exactly the same.
>>>>> In order to see if connections attempts were reaching my server (Joe),
>>>>> I've used WinDump (trace below). The trace shows that the server
>>>>> receives a SYN request from the external machine I am using to test
>>>>> the setup (I tried also several other ones, same thing).
>>>>> The second trace is a reverse DNS lookup, which is coming from Apache
>>>>> (although mod_access is deactivated). Apache tries to gather
>>>>> information on the external machine I assume. I do not understand why
>>>>> it does that.
>>>>> The third trace is the answer from the DNS (I am not aware of any DNS
>>>>> issue I would have, everything seems to work just fine). I do not know
>>>>> how to interpret the answer trace.
>>>>> After, no traffic is coming from Apache, and the external machine is
>>>>> retrying a few times, without any success and any further reverse DNS
>>>>> lookup from my machine. The connection is not finalized, Apache keeps
>>>>> ignoring the SYN requests.
>>>>> I've tried Ethereal to gather further information, but, for some
>>>>> mysterious reason, it does not display the reverse DNS lookups, only
>>>>> the SYNs.
>>>>> There is most likely something huge I am missing, or I made some wrong
>>>>> interpretation. The fact is that I am stuck at this stage.
>>>>> I include an extract of my conf file at the end of this post.
>>>>> Any help is highly welcome!
>>>>> Thanks in advance,
>>>>> Vincent
>>>>>
>>>>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp
>>>>> 56209604 0,nop,wscale 2>
>>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>>> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
>>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>>> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>>> 0x0040: b0c4 0000 0000 0103 0302 ..........
>>>>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
>>>>> 90.55.21.72.in-addr.arpa. (42)
>>>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>>>> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
>>>>> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
>>>>> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
>>>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>>>> 0x0050: 000c 0001 ....
>>>>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8
>>>>> PTR[|domain]
>>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>>> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
>>>>> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
>>>>> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
>>>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>>>> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
>>>>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
>>>>> 161.127.244.130.in-addr.arpa. (46)
>>>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>>>> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
>>>>> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
>>>>> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
>>>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>>>> 0x0050: 7270 6100 000c 0001 rpa.....
>>>>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
>>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>>> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
>>>>> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
>>>>> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
>>>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>>>> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
>>>>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp
>>>>> 56212604 0,nop,wscale 2>
>>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>>> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
>>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>>> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>>> 0x0040: bc7c 0000 0000 0103 0302 .|........
>>>>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp
>>>>> 56218604 0,nop,wscale 2>
>>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>>> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
>>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>>> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>>> 0x0040: d3ec 0000 0000 0103 0302 ..........
>>>>>
>>>>> Here is an the virtual host definitions extract from my conf file:
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>> ServerAdmin lextrait@tele2.fr
>>>>> DocumentRoot C:/www/Aurinko
>>>>> ServerName www.aurinko.com
>>>>> ErrorLog logs/www.aurinko.com-error_log
>>>>> CustomLog logs/www.aurinko.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>> ServerAdmin lextrait@tele2.fr
>>>>> DocumentRoot C:/www/Thomas
>>>>> ServerName thomas.lextrait.com
>>>>> ErrorLog logs/thomas.lextrait.com-error_log
>>>>> CustomLog logs/thomas.lextrait.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>> ServerAdmin lextrait@tele2.fr
>>>>> DocumentRoot C:/www/Lextrait
>>>>> ServerName www.lextrait.com
>>>>> ErrorLog logs/www.lextrait.com-error_log
>>>>> CustomLog logs/www.lextrait.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> The official User-To-User support forum of the Apache HTTP Server
>>>>> Project.
>>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server
>>>> Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Vincent Lextrait <le...@tele2.fr>.
Error shows nothing, and access shows only the LAN connections. Nothing
about the WAN. The TCP connection is not even established, the SYN message
to establish it arrives on the machine, and never gets ack'ed at TCP level.
----- Original Message -----
From: "Emmanuel E" <em...@gmx.net>
To: <us...@httpd.apache.org>
Sent: Sunday, April 02, 2006 8:00 PM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
but LAN works fine
> what do the default access and error logs say?
>
> ----- Original Message -----
> From: "Vincent Lextrait" <le...@tele2.fr>
> To: <us...@httpd.apache.org>
> Sent: Sunday, April 02, 2006 11:09 PM
> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
> but LAN works fine
>
>
>> Yes, I do.
>> Actually I noticed that my dummy web server works, but the reverse DNS
>> query happens in that case too. But the external connection gets the
>> proper TCP ack (right before the reverse DNS query). It never gets it
>> from Apache. The SYN remains unanswered.
>> ----- Original Message -----
>> From: "Emmanuel E" <em...@gmx.net>
>> To: <us...@httpd.apache.org>
>> Sent: Sunday, April 02, 2006 6:52 PM
>> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
>> but LAN works fine
>>
>>
>>> Do you have a "Listen 80" directive somewhere in the conf file?
>>> ----- Original Message -----
>>> From: "Vincent Lextrait" <le...@tele2.fr>
>>> To: <us...@httpd.apache.org>
>>> Sent: Sunday, April 02, 2006 7:13 PM
>>> Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN,
>>> but LAN works fine
>>>
>>>
>>>> Hi all,
>>>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
>>>> Professional SP2, with firewall and anti spyware all deactivated. The
>>>> conf file is very plain.
>>>> The problem is that Apache, listening on port 80, does not accept
>>>> connections from the WAN, only from the LAN. I have replaced Apache
>>>> with a dumb little web server, also listening on port 80. It answers
>>>> beautifully. This rules out (I think) any obvious router or ISP
>>>> problem. Anyway, a sniffer (see further) shows traffic coming to the
>>>> server.
>>>> Apache does not show any booting error, and does not log any error. It
>>>> does not log any traffic either, when it comes from the WAN.
>>>> I have tried to deactivate mod_access in the conf file, and also tried
>>>> to insert:
>>>>
>>>> EnableSendfile Off
>>>> EnableMMAP Off
>>>> Win32DisableAcceptEx
>>>>
>>>> to avoid any weird problem. The behavior is exactly the same.
>>>> In order to see if connections attempts were reaching my server (Joe),
>>>> I've used WinDump (trace below). The trace shows that the server
>>>> receives a SYN request from the external machine I am using to test the
>>>> setup (I tried also several other ones, same thing).
>>>> The second trace is a reverse DNS lookup, which is coming from Apache
>>>> (although mod_access is deactivated). Apache tries to gather
>>>> information on the external machine I assume. I do not understand why
>>>> it does that.
>>>> The third trace is the answer from the DNS (I am not aware of any DNS
>>>> issue I would have, everything seems to work just fine). I do not know
>>>> how to interpret the answer trace.
>>>> After, no traffic is coming from Apache, and the external machine is
>>>> retrying a few times, without any success and any further reverse DNS
>>>> lookup from my machine. The connection is not finalized, Apache keeps
>>>> ignoring the SYN requests.
>>>> I've tried Ethereal to gather further information, but, for some
>>>> mysterious reason, it does not display the reverse DNS lookups, only
>>>> the SYNs.
>>>> There is most likely something huge I am missing, or I made some wrong
>>>> interpretation. The fact is that I am stuck at this stage.
>>>> I include an extract of my conf file at the end of this post.
>>>> Any help is highly welcome!
>>>> Thanks in advance,
>>>> Vincent
>>>>
>>>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
>>>> 0,nop,wscale 2>
>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>> 0x0040: b0c4 0000 0000 0103 0302 ..........
>>>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
>>>> 90.55.21.72.in-addr.arpa. (42)
>>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>>> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
>>>> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
>>>> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
>>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>>> 0x0050: 000c 0001 ....
>>>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8
>>>> PTR[|domain]
>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
>>>> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
>>>> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
>>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>>> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
>>>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
>>>> 161.127.244.130.in-addr.arpa. (46)
>>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>>> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
>>>> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
>>>> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
>>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>>> 0x0050: 7270 6100 000c 0001 rpa.....
>>>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
>>>> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
>>>> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
>>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>>> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
>>>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
>>>> 0,nop,wscale 2>
>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>> 0x0040: bc7c 0000 0000 0103 0302 .|........
>>>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:
>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
>>>> 0,nop,wscale 2>
>>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>>> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
>>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>>> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
>>>> 0x0040: d3ec 0000 0000 0103 0302 ..........
>>>>
>>>> Here is an the virtual host definitions extract from my conf file:
>>>>
>>>> <VirtualHost 192.168.1.36:80>
>>>> ServerAdmin lextrait@tele2.fr
>>>> DocumentRoot C:/www/Aurinko
>>>> ServerName www.aurinko.com
>>>> ErrorLog logs/www.aurinko.com-error_log
>>>> CustomLog logs/www.aurinko.com-access_log common
>>>> </VirtualHost>
>>>>
>>>> <VirtualHost 192.168.1.36:80>
>>>> ServerAdmin lextrait@tele2.fr
>>>> DocumentRoot C:/www/Thomas
>>>> ServerName thomas.lextrait.com
>>>> ErrorLog logs/thomas.lextrait.com-error_log
>>>> CustomLog logs/thomas.lextrait.com-access_log common
>>>> </VirtualHost>
>>>>
>>>> <VirtualHost 192.168.1.36:80>
>>>> ServerAdmin lextrait@tele2.fr
>>>> DocumentRoot C:/www/Lextrait
>>>> ServerName www.lextrait.com
>>>> ErrorLog logs/www.lextrait.com-error_log
>>>> CustomLog logs/www.lextrait.com-access_log common
>>>> </VirtualHost>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server
>>>> Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Emmanuel E <em...@gmx.net>.
what do the default access and error logs say?
----- Original Message -----
From: "Vincent Lextrait" <le...@tele2.fr>
To: <us...@httpd.apache.org>
Sent: Sunday, April 02, 2006 11:09 PM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
but LAN works fine
> Yes, I do.
> Actually I noticed that my dummy web server works, but the reverse DNS
> query happens in that case too. But the external connection gets the
> proper TCP ack (right before the reverse DNS query). It never gets it from
> Apache. The SYN remains unanswered.
> ----- Original Message -----
> From: "Emmanuel E" <em...@gmx.net>
> To: <us...@httpd.apache.org>
> Sent: Sunday, April 02, 2006 6:52 PM
> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
> but LAN works fine
>
>
>> Do you have a "Listen 80" directive somewhere in the conf file?
>> ----- Original Message -----
>> From: "Vincent Lextrait" <le...@tele2.fr>
>> To: <us...@httpd.apache.org>
>> Sent: Sunday, April 02, 2006 7:13 PM
>> Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN, but
>> LAN works fine
>>
>>
>>> Hi all,
>>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
>>> Professional SP2, with firewall and anti spyware all deactivated. The
>>> conf file is very plain.
>>> The problem is that Apache, listening on port 80, does not accept
>>> connections from the WAN, only from the LAN. I have replaced Apache with
>>> a dumb little web server, also listening on port 80. It answers
>>> beautifully. This rules out (I think) any obvious router or ISP problem.
>>> Anyway, a sniffer (see further) shows traffic coming to the server.
>>> Apache does not show any booting error, and does not log any error. It
>>> does not log any traffic either, when it comes from the WAN.
>>> I have tried to deactivate mod_access in the conf file, and also tried
>>> to insert:
>>>
>>> EnableSendfile Off
>>> EnableMMAP Off
>>> Win32DisableAcceptEx
>>>
>>> to avoid any weird problem. The behavior is exactly the same.
>>> In order to see if connections attempts were reaching my server (Joe),
>>> I've used WinDump (trace below). The trace shows that the server
>>> receives a SYN request from the external machine I am using to test the
>>> setup (I tried also several other ones, same thing).
>>> The second trace is a reverse DNS lookup, which is coming from Apache
>>> (although mod_access is deactivated). Apache tries to gather information
>>> on the external machine I assume. I do not understand why it does that.
>>> The third trace is the answer from the DNS (I am not aware of any DNS
>>> issue I would have, everything seems to work just fine). I do not know
>>> how to interpret the answer trace.
>>> After, no traffic is coming from Apache, and the external machine is
>>> retrying a few times, without any success and any further reverse DNS
>>> lookup from my machine. The connection is not finalized, Apache keeps
>>> ignoring the SYN requests.
>>> I've tried Ethereal to gather further information, but, for some
>>> mysterious reason, it does not display the reverse DNS lookups, only the
>>> SYNs.
>>> There is most likely something huge I am missing, or I made some wrong
>>> interpretation. The fact is that I am stuck at this stage.
>>> I include an extract of my conf file at the end of this post.
>>> Any help is highly welcome!
>>> Thanks in advance,
>>> Vincent
>>>
>>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
>>> 0,nop,wscale 2>
>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
>>> 0x0040: b0c4 0000 0000 0103 0302 ..........
>>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
>>> 90.55.21.72.in-addr.arpa. (42)
>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
>>> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
>>> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>> 0x0050: 000c 0001 ....
>>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8
>>> PTR[|domain]
>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
>>> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
>>> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
>>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>>> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
>>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
>>> 161.127.244.130.in-addr.arpa. (46)
>>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>>> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
>>> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
>>> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>> 0x0050: 7270 6100 000c 0001 rpa.....
>>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
>>> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
>>> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
>>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>>> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
>>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
>>> 0,nop,wscale 2>
>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
>>> 0x0040: bc7c 0000 0000 0103 0302 .|........
>>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
>>> 0,nop,wscale 2>
>>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>>> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
>>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>>> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
>>> 0x0040: d3ec 0000 0000 0103 0302 ..........
>>>
>>> Here is an the virtual host definitions extract from my conf file:
>>>
>>> <VirtualHost 192.168.1.36:80>
>>> ServerAdmin lextrait@tele2.fr
>>> DocumentRoot C:/www/Aurinko
>>> ServerName www.aurinko.com
>>> ErrorLog logs/www.aurinko.com-error_log
>>> CustomLog logs/www.aurinko.com-access_log common
>>> </VirtualHost>
>>>
>>> <VirtualHost 192.168.1.36:80>
>>> ServerAdmin lextrait@tele2.fr
>>> DocumentRoot C:/www/Thomas
>>> ServerName thomas.lextrait.com
>>> ErrorLog logs/thomas.lextrait.com-error_log
>>> CustomLog logs/thomas.lextrait.com-access_log common
>>> </VirtualHost>
>>>
>>> <VirtualHost 192.168.1.36:80>
>>> ServerAdmin lextrait@tele2.fr
>>> DocumentRoot C:/www/Lextrait
>>> ServerName www.lextrait.com
>>> ErrorLog logs/www.lextrait.com-error_log
>>> CustomLog logs/www.lextrait.com-access_log common
>>> </VirtualHost>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Vincent Lextrait <le...@tele2.fr>.
Yes, I do.
Actually I noticed that my dummy web server works, but the reverse DNS query
happens in that case too. But the external connection gets the proper TCP
ack (right before the reverse DNS query). It never gets it from Apache. The
SYN remains unanswered.
----- Original Message -----
From: "Emmanuel E" <em...@gmx.net>
To: <us...@httpd.apache.org>
Sent: Sunday, April 02, 2006 6:52 PM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
but LAN works fine
> Do you have a "Listen 80" directive somewhere in the conf file?
> ----- Original Message -----
> From: "Vincent Lextrait" <le...@tele2.fr>
> To: <us...@httpd.apache.org>
> Sent: Sunday, April 02, 2006 7:13 PM
> Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN, but
> LAN works fine
>
>
>> Hi all,
>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
>> Professional SP2, with firewall and anti spyware all deactivated. The
>> conf file is very plain.
>> The problem is that Apache, listening on port 80, does not accept
>> connections from the WAN, only from the LAN. I have replaced Apache with
>> a dumb little web server, also listening on port 80. It answers
>> beautifully. This rules out (I think) any obvious router or ISP problem.
>> Anyway, a sniffer (see further) shows traffic coming to the server.
>> Apache does not show any booting error, and does not log any error. It
>> does not log any traffic either, when it comes from the WAN.
>> I have tried to deactivate mod_access in the conf file, and also tried to
>> insert:
>>
>> EnableSendfile Off
>> EnableMMAP Off
>> Win32DisableAcceptEx
>>
>> to avoid any weird problem. The behavior is exactly the same.
>> In order to see if connections attempts were reaching my server (Joe),
>> I've used WinDump (trace below). The trace shows that the server receives
>> a SYN request from the external machine I am using to test the setup (I
>> tried also several other ones, same thing).
>> The second trace is a reverse DNS lookup, which is coming from Apache
>> (although mod_access is deactivated). Apache tries to gather information
>> on the external machine I assume. I do not understand why it does that.
>> The third trace is the answer from the DNS (I am not aware of any DNS
>> issue I would have, everything seems to work just fine). I do not know
>> how to interpret the answer trace.
>> After, no traffic is coming from Apache, and the external machine is
>> retrying a few times, without any success and any further reverse DNS
>> lookup from my machine. The connection is not finalized, Apache keeps
>> ignoring the SYN requests.
>> I've tried Ethereal to gather further information, but, for some
>> mysterious reason, it does not display the reverse DNS lookups, only the
>> SYNs.
>> There is most likely something huge I am missing, or I made some wrong
>> interpretation. The fact is that I am stuck at this stage.
>> I include an extract of my conf file at the end of this post.
>> Any help is highly welcome!
>> Thanks in advance,
>> Vincent
>>
>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: b0c4 0000 0000 0103 0302 ..........
>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
>> 90.55.21.72.in-addr.arpa. (42)
>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
>> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
>> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>> 0x0050: 000c 0001 ....
>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8 PTR[|domain]
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
>> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
>> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
>> 161.127.244.130.in-addr.arpa. (46)
>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
>> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
>> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>> 0x0050: 7270 6100 000c 0001 rpa.....
>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
>> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
>> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: bc7c 0000 0000 0103 0302 .|........
>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: d3ec 0000 0000 0103 0302 ..........
>>
>> Here is an the virtual host definitions extract from my conf file:
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Aurinko
>> ServerName www.aurinko.com
>> ErrorLog logs/www.aurinko.com-error_log
>> CustomLog logs/www.aurinko.com-access_log common
>> </VirtualHost>
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Thomas
>> ServerName thomas.lextrait.com
>> ErrorLog logs/thomas.lextrait.com-error_log
>> CustomLog logs/thomas.lextrait.com-access_log common
>> </VirtualHost>
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Lextrait
>> ServerName www.lextrait.com
>> ErrorLog logs/www.lextrait.com-error_log
>> CustomLog logs/www.lextrait.com-access_log common
>> </VirtualHost>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Emmanuel E <em...@gmx.net>.
Do you have a "Listen 80" directive somewhere in the conf file?
----- Original Message -----
From: "Vincent Lextrait" <le...@tele2.fr>
To: <us...@httpd.apache.org>
Sent: Sunday, April 02, 2006 7:13 PM
Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN, but
LAN works fine
> Hi all,
> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
> Professional SP2, with firewall and anti spyware all deactivated. The conf
> file is very plain.
> The problem is that Apache, listening on port 80, does not accept
> connections from the WAN, only from the LAN. I have replaced Apache with a
> dumb little web server, also listening on port 80. It answers beautifully.
> This rules out (I think) any obvious router or ISP problem. Anyway, a
> sniffer (see further) shows traffic coming to the server.
> Apache does not show any booting error, and does not log any error. It
> does not log any traffic either, when it comes from the WAN.
> I have tried to deactivate mod_access in the conf file, and also tried to
> insert:
>
> EnableSendfile Off
> EnableMMAP Off
> Win32DisableAcceptEx
>
> to avoid any weird problem. The behavior is exactly the same.
> In order to see if connections attempts were reaching my server (Joe),
> I've used WinDump (trace below). The trace shows that the server receives
> a SYN request from the external machine I am using to test the setup (I
> tried also several other ones, same thing).
> The second trace is a reverse DNS lookup, which is coming from Apache
> (although mod_access is deactivated). Apache tries to gather information
> on the external machine I assume. I do not understand why it does that.
> The third trace is the answer from the DNS (I am not aware of any DNS
> issue I would have, everything seems to work just fine). I do not know how
> to interpret the answer trace.
> After, no traffic is coming from Apache, and the external machine is
> retrying a few times, without any success and any further reverse DNS
> lookup from my machine. The connection is not finalized, Apache keeps
> ignoring the SYN requests.
> I've tried Ethereal to gather further information, but, for some
> mysterious reason, it does not display the reverse DNS lookups, only the
> SYNs.
> There is most likely something huge I am missing, or I made some wrong
> interpretation. The fact is that I am stuck at this stage.
> I include an extract of my conf file at the end of this post.
> Any help is highly welcome!
> Thanks in advance,
> Vincent
>
> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: b0c4 0000 0000 0103 0302 ..........
> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
> 90.55.21.72.in-addr.arpa. (42)
> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
> 0x0050: 000c 0001 ....
> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8 PTR[|domain]
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
> 161.127.244.130.in-addr.arpa. (46)
> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
> 0x0050: 7270 6100 000c 0001 rpa.....
> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: bc7c 0000 0000 0103 0302 .|........
> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: d3ec 0000 0000 0103 0302 ..........
>
> Here is an the virtual host definitions extract from my conf file:
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Aurinko
> ServerName www.aurinko.com
> ErrorLog logs/www.aurinko.com-error_log
> CustomLog logs/www.aurinko.com-access_log common
> </VirtualHost>
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Thomas
> ServerName thomas.lextrait.com
> ErrorLog logs/thomas.lextrait.com-error_log
> CustomLog logs/thomas.lextrait.com-access_log common
> </VirtualHost>
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Lextrait
> ServerName www.lextrait.com
> ErrorLog logs/www.lextrait.com-error_log
> CustomLog logs/www.lextrait.com-access_log common
> </VirtualHost>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Vincent Lextrait <le...@tele2.fr>.
You must be right, the problem lies somewhere else apparently. Apache does
not play with low level raw sockets, so the absence of TCP syn ack indicates
that Apache has not been involved at all.
----- Original Message -----
From: "Jon Snow" <js...@gatesec.net>
To: <us...@httpd.apache.org>
Sent: Monday, April 03, 2006 11:23 AM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN,
but LAN works fine
>
> Vincent,
>
> Believe your packet dump. Apache is not receiving the connection as a
> syn/ack
> has not been sent by the server in response to the syn. Something is
> either
> dropping the connection on your server at the tcp level or is routing
> reply
> packets somewhere other than the inbound interface. The application is
> therefore not even receiving it and apache is not at fault.
>
> You will need to double check your firewall configurations, ensure there
> is
> nothing else interferring at the tcp level such as an add on product.
>
> Why it works with the other server I do not know but check how you tested
> it.
> Were you inadvertently coming from a local or different address than that
> used when testing apache from the WAN? Do you have a route for the WAN
> server
> so the packets can return?
>
> If you are able to dump successful connections with the network tool and
> have
> confidence it is working properly then you should believe it.
>
> Regards,
> Jon
>
>
> On Sunday 02 April 2006 23:43, Vincent Lextrait wrote:
>> Hi all,
>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
>> Professional SP2, with firewall and anti spyware all deactivated. The
>> conf
>> file is very plain.
>> The problem is that Apache, listening on port 80, does not accept
>> connections from the WAN, only from the LAN. I have replaced Apache with
>> a
>> dumb little web server, also listening on port 80. It answers
>> beautifully.
>> This rules out (I think) any obvious router or ISP problem. Anyway, a
>> sniffer (see further) shows traffic coming to the server.
>> Apache does not show any booting error, and does not log any error. It
>> does
>> not log any traffic either, when it comes from the WAN.
>> I have tried to deactivate mod_access in the conf file, and also tried to
>> insert:
>>
>> EnableSendfile Off
>> EnableMMAP Off
>> Win32DisableAcceptEx
>>
>> to avoid any weird problem. The behavior is exactly the same.
>> In order to see if connections attempts were reaching my server (Joe),
>> I've
>> used WinDump (trace below). The trace shows that the server receives a
>> SYN
>> request from the external machine I am using to test the setup (I tried
>> also several other ones, same thing).
>> The second trace is a reverse DNS lookup, which is coming from Apache
>> (although mod_access is deactivated). Apache tries to gather information
>> on
>> the external machine I assume. I do not understand why it does that.
>> The third trace is the answer from the DNS (I am not aware of any DNS
>> issue
>> I would have, everything seems to work just fine). I do not know how to
>> interpret the answer trace.
>> After, no traffic is coming from Apache, and the external machine is
>> retrying a few times, without any success and any further reverse DNS
>> lookup from my machine. The connection is not finalized, Apache keeps
>> ignoring the SYN requests.
>> I've tried Ethereal to gather further information, but, for some
>> mysterious
>> reason, it does not display the reverse DNS lookups, only the SYNs.
>> There is most likely something huge I am missing, or I made some wrong
>> interpretation. The fact is that I am stuck at this stage.
>> I include an extract of my conf file at the end of this post.
>> Any help is highly welcome!
>> Thanks in advance,
>> Vincent
>>
>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: b0c4 0000 0000 0103 0302 ..........
>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
>> 90.55.21.72.in-addr.arpa. (42)
>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
>> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
>> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>> 0x0050: 000c 0001 ....
>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8 PTR[|domain]
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
>> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
>> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
>> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
>> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
>> 161.127.244.130.in-addr.arpa. (46)
>> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
>> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
>> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
>> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>> 0x0050: 7270 6100 000c 0001 rpa.....
>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
>> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
>> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
>> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
>> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: bc7c 0000 0000 0103 0302 .|........
>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
>> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
>> 0,nop,wscale 2>
>> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
>> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
>> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
>> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
>> 0x0040: d3ec 0000 0000 0103 0302 ..........
>>
>> Here is an the virtual host definitions extract from my conf file:
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Aurinko
>> ServerName www.aurinko.com
>> ErrorLog logs/www.aurinko.com-error_log
>> CustomLog logs/www.aurinko.com-access_log common
>> </VirtualHost>
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Thomas
>> ServerName thomas.lextrait.com
>> ErrorLog logs/thomas.lextrait.com-error_log
>> CustomLog logs/thomas.lextrait.com-access_log common
>> </VirtualHost>
>>
>> <VirtualHost 192.168.1.36:80>
>> ServerAdmin lextrait@tele2.fr
>> DocumentRoot C:/www/Lextrait
>> ServerName www.lextrait.com
>> ErrorLog logs/www.lextrait.com-error_log
>> CustomLog logs/www.lextrait.com-access_log common
>> </VirtualHost>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Posted by Jon Snow <js...@gatesec.net>.
Vincent,
Believe your packet dump. Apache is not receiving the connection as a syn/ack
has not been sent by the server in response to the syn. Something is either
dropping the connection on your server at the tcp level or is routing reply
packets somewhere other than the inbound interface. The application is
therefore not even receiving it and apache is not at fault.
You will need to double check your firewall configurations, ensure there is
nothing else interferring at the tcp level such as an add on product.
Why it works with the other server I do not know but check how you tested it.
Were you inadvertently coming from a local or different address than that
used when testing apache from the WAN? Do you have a route for the WAN server
so the packets can return?
If you are able to dump successful connections with the network tool and have
confidence it is working properly then you should believe it.
Regards,
Jon
On Sunday 02 April 2006 23:43, Vincent Lextrait wrote:
> Hi all,
> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
> Professional SP2, with firewall and anti spyware all deactivated. The conf
> file is very plain.
> The problem is that Apache, listening on port 80, does not accept
> connections from the WAN, only from the LAN. I have replaced Apache with a
> dumb little web server, also listening on port 80. It answers beautifully.
> This rules out (I think) any obvious router or ISP problem. Anyway, a
> sniffer (see further) shows traffic coming to the server.
> Apache does not show any booting error, and does not log any error. It does
> not log any traffic either, when it comes from the WAN.
> I have tried to deactivate mod_access in the conf file, and also tried to
> insert:
>
> EnableSendfile Off
> EnableMMAP Off
> Win32DisableAcceptEx
>
> to avoid any weird problem. The behavior is exactly the same.
> In order to see if connections attempts were reaching my server (Joe), I've
> used WinDump (trace below). The trace shows that the server receives a SYN
> request from the external machine I am using to test the setup (I tried
> also several other ones, same thing).
> The second trace is a reverse DNS lookup, which is coming from Apache
> (although mod_access is deactivated). Apache tries to gather information on
> the external machine I assume. I do not understand why it does that.
> The third trace is the answer from the DNS (I am not aware of any DNS issue
> I would have, everything seems to work just fine). I do not know how to
> interpret the answer trace.
> After, no traffic is coming from Apache, and the external machine is
> retrying a few times, without any success and any further reverse DNS
> lookup from my machine. The connection is not finalized, Apache keeps
> ignoring the SYN requests.
> I've tried Ethereal to gather further information, but, for some mysterious
> reason, it does not display the reverse DNS lookups, only the SYNs.
> There is most likely something huge I am missing, or I made some wrong
> interpretation. The fact is that I am stuck at this stage.
> I include an extract of my conf file at the end of this post.
> Any help is highly welcome!
> Thanks in advance,
> Vincent
>
> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0ee 4000 2906 6f92 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 a4a7 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: b0c4 0000 0000 0103 0302 ..........
> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53: 14727+ PTR?
> 90.55.21.72.in-addr.arpa. (42)
> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
> 0x0010: 0046 5c4f 0000 8011 19f6 c0a8 0124 82f4 .F\O.........$..
> 0x0020: 7fa1 0be4 0035 0032 0f64 3987 0100 0001 .....5.2.d9.....
> 0x0030: 0000 0000 0000 0239 3002 3535 0232 3102 .......90.55.21.
> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
> 0x0050: 000c 0001 ....
> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044: 14727 1/7/8 PTR[|domain]
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8 ....@...........
> 0x0020: 0124 0035 0be4 0186 f081 3987 8180 0001 .$.5......9.....
> 0x0030: 0001 0007 0008 0239 3002 3535 0232 3102 .......90.55.21.
> 0x0040: 3732 0769 6e2d 6164 6472 0461 7270 6100 72.in-addr.arpa.
> 0x0050: 000c 0001 c00c 000c 0001 0001 27dd 0025 ............'..%
> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53: 20356+ PTR?
> 161.127.244.130.in-addr.arpa. (46)
> 0x0000: 00a0 c522 2821 0080 ad05 3e1a 0800 4500 ..."(!....>...E.
> 0x0010: 004a 5c50 0000 8011 19f1 c0a8 0124 82f4 .J\P.........$..
> 0x0020: 7fa1 0be5 0035 0036 eea2 4f84 0100 0001 .....5.6..O.....
> 0x0030: 0000 0000 0000 0331 3631 0331 3237 0332 .......161.127.2
> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
> 0x0050: 7270 6100 000c 0001 rpa.....
> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045: 20356 1/5/8 (359)
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8 ....@....-......
> 0x0020: 0124 0035 0be5 016f 9fc7 4f84 8180 0001 .$.5...o..O.....
> 0x0030: 0001 0005 0008 0331 3631 0331 3237 0332 .......161.127.2
> 0x0040: 3434 0331 3330 0769 6e2d 6164 6472 0461 44.130.in-addr.a
> 0x0050: 7270 6100 000c 0001 c00c 000c 0001 0000 rpa.............
> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0f0 4000 2906 6f90 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 98ef 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: bc7c 0000 0000 0103 0302 .|........
> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
> 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
> 0,nop,wscale 2>
> 0x0000: 0080 ad05 3e1a 00a0 c522 2821 0800 4500 ....>...."(!..E.
> 0x0010: 003c a0f2 4000 2906 6f8e 4815 375a c0a8 .<..@.).o.H.7Z..
> 0x0020: 0124 98e6 0050 ee0f 102a 0000 0000 a002 .$...P...*......
> 0x0030: 16d0 817f 0000 0204 0578 0402 080a 0359 .........x.....Y
> 0x0040: d3ec 0000 0000 0103 0302 ..........
>
> Here is an the virtual host definitions extract from my conf file:
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Aurinko
> ServerName www.aurinko.com
> ErrorLog logs/www.aurinko.com-error_log
> CustomLog logs/www.aurinko.com-access_log common
> </VirtualHost>
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Thomas
> ServerName thomas.lextrait.com
> ErrorLog logs/thomas.lextrait.com-error_log
> CustomLog logs/thomas.lextrait.com-access_log common
> </VirtualHost>
>
> <VirtualHost 192.168.1.36:80>
> ServerAdmin lextrait@tele2.fr
> DocumentRoot C:/www/Lextrait
> ServerName www.lextrait.com
> ErrorLog logs/www.lextrait.com-error_log
> CustomLog logs/www.lextrait.com-access_log common
> </VirtualHost>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org