You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ja...@learningtree.com on 2004/12/13 17:37:22 UTC
Re: [users@httpd] Apache not receiving port 80 traffic -
Linux, Netgear
Yes - on the netgear - adding HTTP traffic was a snap - and I also added a
custom rule (for testing) to allow port 8000 through to my internal RH
server.
I believe the problem to be somehow - my system is rejecting or somehow not
talking to systems outside my local network for some reason... Its as if
they're being treated as 'not trusted' somehow...
port 80 traffic does come into my server - I see the port 80 incoming
through tcpdump.... since I don't know the 3-way handshaking very well...
It appears that my server is trying to reply somehow - but those replies
aren't going out properly....
everything else works just fine... SSH into the box works fine -
Regards,
James Toshack
Network and PC Support Manager
Learning Tree International
Direct Line: 310.342.2194
james_toshack@learningtree.com
Fax: 310.645.4762
************************************************
Learning Tree International
Education You Can Trust
1-800-THE-TREE
http://www.learningtree.com
Luis Moreira
<luis.moreira@esinn To: users@httpd.apache.org
ovation.pt> cc:
Subject: Re: [users@httpd] Apache not receiving port 80 traffic - Linux, Netgear
12/13/2004 08:19 AM
Please respond to
users
James,
Do you have security rules (access-lists) on your router, or other
config, were you let through port 8000 ?
Do you have a similar config to allow port 80 to go through as well ?
Luis
James_Toshack@learningtree.com wrote:
>I'm at my wits end with this - as I have spent 3 days on reading logs,
>posts - everything I could get my hands on to resolve what 'seems' to be a
>simple problem, but I'm at the point to where I have to post. I have
tried
>multiple solutions that I've read - and so far - no good. I'll try to be
>brief and would appreciate any help from others.
>
>ISP - Adelphia - home network connection via cable modem (have called them
>- they don't block anything inbound)
>Netgear WGT642 router - 2 systems connected up behind it - 1 is an XP box
-
>the other is a RH9 with Apache 2.0 from the RH RPM updates.
>
>Long story short - I can access the 'test' page fine from the XP box and
>from the RH9 system just fine - no problems I can see behind the firewall.
>
>Port forwarding on the netgear is a no brainer - configured properly - and
>for testing - have also set up port 8000 to forward to the RH server.
>
>Port 80 destined to the RH box - I see the initial handshake using
>tcpdump...but apache never gets the traffic on port 80 from outside the
>firewall. I'm a newbie at seeing tcpdump traffic...but from reading on
the
>web - the 3-part handshake doesn't appear to function - on port 80 only...
>on 8000 it works fine, and inside my local network it works fine...
>
>So - a synopsis -
>
>port 80 works fine inside my network - I see the test page
>port 8000 works fine inside and outside my network - I see the test page
>port 80 does not work - from outside my network.
>
>I've tried MTU size adjustments - 1492, 1436, and the default 1500 - but
>since it works on port 8000 - this probably isn't the problem.
>
>I've looked at my iptables - whether its 'on' or not doesn't matter - it
>still won't function on port 80 from outside. When 'on' I do see the
ALLOW
>rule to allow port 80 traffic through.
>
>-jim
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
*****
NOTE: An attachment named luis.moreira.vcf was deleted from this message
because it contained a windows executableor other potentially dangerous
file type.Contact your system administrators for more
information.---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache not receiving port 80 traffic - Linux, Netgear
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
hi,
you should first try to find out if this is an apache problem or if it is a
problem with your router or isp. my idea was to setup a test-apache on the
xp-box (should only take some minutes) and tell your router to forward port
80 to this one. you should be able to find out if it is an apache-problem
this way.
you sayd you did a tcpdump (on the rh-box i guess). you see an incomming
connection, but what exactly do you get? you should get a packet in with the
syn-flag set, your server should reply with a syn-ack-packet and get back an
ack-packet.
you could also try to do a nmap-scan on your ip from outside the router to
see if port 80 is open/closed/filtered. open port 8000 as well to compare
this. try at least a sys-scan and a connect-scan.
ralf
----- Original Message -----
From: <Ja...@learningtree.com>
To: <us...@httpd.apache.org>
Sent: Monday, December 13, 2004 5:37 PM
Subject: Re: [users@httpd] Apache not receiving port 80 traffic - Linux,
Netgear
>
> Yes - on the netgear - adding HTTP traffic was a snap - and I also added a
> custom rule (for testing) to allow port 8000 through to my internal RH
> server.
>
> I believe the problem to be somehow - my system is rejecting or somehow
> not
> talking to systems outside my local network for some reason... Its as if
> they're being treated as 'not trusted' somehow...
>
> port 80 traffic does come into my server - I see the port 80 incoming
> through tcpdump.... since I don't know the 3-way handshaking very well...
> It appears that my server is trying to reply somehow - but those replies
> aren't going out properly....
>
> everything else works just fine... SSH into the box works fine -
>
> Regards,
> James Toshack
> Network and PC Support Manager
> Learning Tree International
> Direct Line: 310.342.2194
> james_toshack@learningtree.com
> Fax: 310.645.4762
>
> ************************************************
> Learning Tree International
> Education You Can Trust
> 1-800-THE-TREE
> http://www.learningtree.com
>
>
>
> Luis Moreira
> <luis.moreira@esinn To:
> users@httpd.apache.org
> ovation.pt> cc:
> Subject: Re:
> [users@httpd] Apache not receiving port 80 traffic - Linux, Netgear
> 12/13/2004 08:19 AM
> Please respond to
> users
>
>
>
>
>
>
> James,
>
> Do you have security rules (access-lists) on your router, or other
> config, were you let through port 8000 ?
> Do you have a similar config to allow port 80 to go through as well ?
>
> Luis
>
>
> James_Toshack@learningtree.com wrote:
>
>>I'm at my wits end with this - as I have spent 3 days on reading logs,
>>posts - everything I could get my hands on to resolve what 'seems' to be a
>>simple problem, but I'm at the point to where I have to post. I have
> tried
>>multiple solutions that I've read - and so far - no good. I'll try to be
>>brief and would appreciate any help from others.
>>
>>ISP - Adelphia - home network connection via cable modem (have called them
>>- they don't block anything inbound)
>>Netgear WGT642 router - 2 systems connected up behind it - 1 is an XP box
> -
>>the other is a RH9 with Apache 2.0 from the RH RPM updates.
>>
>>Long story short - I can access the 'test' page fine from the XP box and
>>from the RH9 system just fine - no problems I can see behind the firewall.
>>
>>Port forwarding on the netgear is a no brainer - configured properly - and
>>for testing - have also set up port 8000 to forward to the RH server.
>>
>>Port 80 destined to the RH box - I see the initial handshake using
>>tcpdump...but apache never gets the traffic on port 80 from outside the
>>firewall. I'm a newbie at seeing tcpdump traffic...but from reading on
> the
>>web - the 3-part handshake doesn't appear to function - on port 80 only...
>>on 8000 it works fine, and inside my local network it works fine...
>>
>>So - a synopsis -
>>
>>port 80 works fine inside my network - I see the test page
>>port 8000 works fine inside and outside my network - I see the test page
>>port 80 does not work - from outside my network.
>>
>>I've tried MTU size adjustments - 1492, 1436, and the default 1500 - but
>>since it works on port 8000 - this probably isn't the problem.
>>
>>I've looked at my iptables - whether its 'on' or not doesn't matter - it
>>still won't function on port 80 from outside. When 'on' I do see the
> ALLOW
>>rule to allow port 80 traffic through.
>>
>>-jim
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>
> *****
> NOTE: An attachment named luis.moreira.vcf was deleted from this message
> because it contained a windows executableor other potentially dangerous
> file type.Contact your system administrators for more
> information.---------------------------------------------------------------------
>
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org