You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ned Brush <ne...@yahoo.com> on 2003/12/19 21:28:53 UTC
[users@httpd] why isn't my server public???
I'm stumped!! I can access my server from my LAN, but
I can't access it from the outside. I'm running a
firewall, but I'm pretty sure that it is NOT my
firewall or my ISP. With ethereal, I can see that I
send a SYN, ACK back to the port that requested 80
(outside on my LAN). I don't see anything in my
httpd.conf that should be stopping access to the main
pages, especially since anybody on my network can see
them. I've tried changing 'Listen 80' to 'Listen
x.x.x.x:80' (where x.x.x.x is my ip). Does anybody
out there have any ideas?
Thanks in advance!!! I'm getting really frustrated.
Mike O'
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Steven Pierce <pa...@speakeasy.net>.
No sure if anyone else has answered this or not.
If you send the URL with the message, then we
can look to see if it is available from out side.
*********** REPLY SEPARATOR ***********
On 12/19/2003 at 12:28 PM Ned Brush wrote:
>I'm stumped!! I can access my server from my LAN, but
>I can't access it from the outside. I'm running a
>firewall, but I'm pretty sure that it is NOT my
>firewall or my ISP. With ethereal, I can see that I
>send a SYN, ACK back to the port that requested 80
>(outside on my LAN). I don't see anything in my
>httpd.conf that should be stopping access to the main
>pages, especially since anybody on my network can see
>them. I've tried changing 'Listen 80' to 'Listen
>x.x.x.x:80' (where x.x.x.x is my ip). Does anybody
>out there have any ideas?
>
>Thanks in advance!!! I'm getting really frustrated.
>Mike O'
>
>__________________________________
>Do you Yahoo!?
>New Yahoo! Photos - easier uploading and sharing.
>http://photos.yahoo.com/
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Brian Dessent <br...@dessent.net>.
Don wrote:
> > outbound packets with destination port 25/tcp. This prevents the users
> > from delivering mail directly to SMTP servers, so that they must use the
> > ISP's mail server to relay mail. This prevents spammers from sending
> > directly from their machines, as well as preventing trojaned boxes from
> > becoming spam relays.
>
> Actually "prevents the users..." is a bit strong since redirection
> services are around to thwart that.
Unless the remote mail server is answering on something other than 25,
you're not going to be able to deliver mail to it directly. Unless of
course you use a proxy of some kind. But that's kind of the whole point
-- you can never prevent someone from doing something if they can tunnel
it through an intermediary, but you can certainly stop them from doing
it directly. What it gains you is that the machine is no longer useful
as a relay itself. If a spammer 0wned it (or the machine was otherwise
compromised) they wouldn't be able to use it to deliver spam, making it
pretty worthless target.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Don <dn...@san.rr.com>.
On Fri, 2003-12-19 at 19:23, Brian Dessent wrote:
> Ned Brush wrote:
> >
> > Thanks Brian - I think that was it. I changed the
> > port and it's working. I should have tried that
> > before asking for help. Thanks to everybody for the
> > advice. I thought they'd block it completely. How
> > exactly do they block it, because I still get a
> > request for port 80?
>
> In their routers they either create a rule to drop inbound packets with
> a destination port of 80/tcp, or outbound packets with a source port of
> 80/tcp. (Or, both.) In your case it looks like they're blocking
> outbound but not inbound. It's also very common for them to block
> outbound packets with destination port 25/tcp. This prevents the users
> from delivering mail directly to SMTP servers, so that they must use the
> ISP's mail server to relay mail. This prevents spammers from sending
> directly from their machines, as well as preventing trojaned boxes from
> becoming spam relays.
>
> Brian
Actually "prevents the users..." is a bit strong since redirection
services are around to thwart that.
For example dyndns.org can set up a redirection of port 80 to whatever
port you want... I suppose it works like this.... somebody goes to
http://dyndns... on port 80, dyndns sends back a redirect message and
the browser tries again at http:.... port xxx where xxx is the port you
want to use.
You could even change the port number frequently with any changes to the
"end user".
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Brian Dessent <br...@dessent.net>.
Ned Brush wrote:
>
> Thanks Brian - I think that was it. I changed the
> port and it's working. I should have tried that
> before asking for help. Thanks to everybody for the
> advice. I thought they'd block it completely. How
> exactly do they block it, because I still get a
> request for port 80?
In their routers they either create a rule to drop inbound packets with
a destination port of 80/tcp, or outbound packets with a source port of
80/tcp. (Or, both.) In your case it looks like they're blocking
outbound but not inbound. It's also very common for them to block
outbound packets with destination port 25/tcp. This prevents the users
from delivering mail directly to SMTP servers, so that they must use the
ISP's mail server to relay mail. This prevents spammers from sending
directly from their machines, as well as preventing trojaned boxes from
becoming spam relays.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Ned Brush <ne...@yahoo.com>.
Thanks Brian - I think that was it. I changed the
port and it's working. I should have tried that
before asking for help. Thanks to everybody for the
advice. I thought they'd block it completely. How
exactly do they block it, because I still get a
request for port 80?
Thanks again,
Ned
--- Brian Dessent <br...@dessent.net> wrote:
> Ned Brush wrote:
> >
> > I'm stumped!! I can access my server from my LAN,
> but
> > I can't access it from the outside. I'm running a
> > firewall, but I'm pretty sure that it is NOT my
> > firewall or my ISP. With ethereal, I can see that
> I
> > send a SYN, ACK back to the port that requested 80
> > (outside on my LAN). I don't see anything in my
> > httpd.conf that should be stopping access to the
> main
> > pages, especially since anybody on my network can
> see
> > them. I've tried changing 'Listen 80' to 'Listen
> > x.x.x.x:80' (where x.x.x.x is my ip). Does
> anybody
> > out there have any ideas?
>
> Your isp might have traffic blocked on port 80
> outbound. Many ISPs do
> this so that you can't run a server (or at least,
> not on 80.) Try a
> nonstandard port, if that works then that's your
> problem. You can also
> use a portscan utility (try grc.com) to see if port
> 80 is open from the
> outside.
>
> Also, if you have NAT then you need to forward port
> 80. But if the
> machine is receiving the incoming SYN on port 80
> then this is not the
> issue.
>
> Brian
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] why isn't my server public???
Posted by Brian Dessent <br...@dessent.net>.
Ned Brush wrote:
>
> I'm stumped!! I can access my server from my LAN, but
> I can't access it from the outside. I'm running a
> firewall, but I'm pretty sure that it is NOT my
> firewall or my ISP. With ethereal, I can see that I
> send a SYN, ACK back to the port that requested 80
> (outside on my LAN). I don't see anything in my
> httpd.conf that should be stopping access to the main
> pages, especially since anybody on my network can see
> them. I've tried changing 'Listen 80' to 'Listen
> x.x.x.x:80' (where x.x.x.x is my ip). Does anybody
> out there have any ideas?
Your isp might have traffic blocked on port 80 outbound. Many ISPs do
this so that you can't run a server (or at least, not on 80.) Try a
nonstandard port, if that works then that's your problem. You can also
use a portscan utility (try grc.com) to see if port 80 is open from the
outside.
Also, if you have NAT then you need to forward port 80. But if the
machine is receiving the incoming SYN on port 80 then this is not the
issue.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org