You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Cameron Roe <ca...@psinaptic.com> on 2004/07/27 22:27:03 UTC
Re: [users@httpd] apache behind a router
So - I'm having the same problem
I am running an ADSL modem to a Linksys firewall and then to an 8 port hub
to a home network. I've installed Apache 2 and all seemed to go well. The
problem is that I can access the site locally through http://localhost/ or
through http://192.162.1.105/ but not through my IP address of
http://205.260.250.147/ . As well I can not access the site from anyother
box on my local network, only from the local box.
To ensure I have the port forwarding correct on the linksys i installed
tomcat on a 'windoze' box on the same network and it works fine when I do
the port forwarding and give the address http://205.206.250.147:8080/.
I also tried various combinations in the Apache conf for the listener port
i.e.
*:80
80
localhost:80
205.206.250.147:80
192.168.1.105:80
etc. I then thought that there might be some sort of security (or ISP
blockage as referred to below) on ports below 1024 and tried to listen on
port 8000 but to no avail, I could still access via the local box but not
the WAN. I must admit that I'm not sure what to try now. I can get out from
the Linux box via mozilla surfing and can send and receive mail just fine -
I just can't access Apache from outside the local box! I know through
'nmap -p 1-1024 localhost' that Apache is sitting there waiting but cant get
to it outside of localhost. Can someone point me to something else to read
or try?
Many thanks
Cam
Alex Cairncross wrote:
> ok so, I've scoured the internet for every resolution to fix this and
> still haven't resolved the issue.
>
> I'm running a Linksys wrt54g router with one computer on a wireless,
> and mine directly to the router.
>
> I can access apache when it's running on both the computers so I'm
> fine with apache I assume. However I have the problem that I've read
> in many places, that no one outside can access my server.
>
> port forwarding is set properly to 80, directed to my machine's IP. if
> I try and listen on another port and forward it accordingly, i just
> get the router admin page.
>
> when I try and do a port scan there is no response to my TCP.
> I don't think it responds to any ping either. I disabled block
> anonymous internet requests, so that maybe it would work, but that
> failed as well.
>
> I'm sure the issue is my router and not apache
> but I've been trying everything I possibly can to try and make it so
> that my server shows up to other remote computers. It doesn't make
> sense that everythign is set up properly, and my forwardning should
> work but apparently it's not working for whatever reason.
>
> Is there anyone that can help me resolve this?
> I've searched FAQ's and tons of forum threads on the same exact
> problems to no avail.
>
> thanks for your time
>
> ~alex
A possibility is you have an unfriendly ISP and they have blocked port
80 because running a web server on your residential service is a
violation of your TOS (Terms Of Service). Or you have a very friendly
ISP and they have blocked port 80 to prevent your PC from being infected
by a virus.
Assuming you have the firewall protection enabled under the "security"
tab (a very good idea), go to the "applications & gaming" tab and enable
the port you wish to use. Additional details may include nailing your IP
address (not using DHCP) on the PC running apache.
To test whether your ISP has port 80 blocked, tell apache to listen on
some port with a high number below 65,735 (say 54321) and try to access
from the outside world like this:
http://123.123.123.123:54321
where 123.123.123.123 is your external IP address from your router
"status" tab and 54321 is the port you used in the apache Listen statement.
Roger
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] apache behind a router
Posted by Cameron Roe <ca...@psinaptic.com>.
It turns out that it was not an Apache problem but it wasn't a Linksys
problem either. I had installed Apache on 2 different Linux boxs - one
Redhat and one Yellow Dog (Power PC/IMAC). The Redhat worked fine but the YD
version would not allow access from anything other than the local box. It
turns out that YD enables the iptables service (firewall) that blocks by
default all ports while Redhat does not. Simply turning off the iptables
(services iptables stop) or changing the chain rules to allow port 80
INCOMING ACCEPT access did the trick.
Just thought I would post to this group the solution incase someone else was
having this problem.
Cheers and thanks for the help and suggestions from everyone!
Cam
-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: July 27, 2004 10:41 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] apache behind a router
On Tue, 27 Jul 2004, Cameron Roe wrote:
> I am running an ADSL modem to a Linksys firewall and then to an 8 port hub
Apart from the obvious question (does your ISP allow it), google for ECN.
Linksys are notoriously bad for ECN bugs.
This doesn't look like an apache question.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Apache Compile 2.0.50.tar.gz - successful...... But.................
Posted by InHisGrip <se...@yahoo.com>.
Hi Nick, or everyone who may want to lend a helping
hand.
After constant testing, trying to figure out how the
compile might work this time around, finally it did!
Thanks to you, Scot Harris and others who have
contributed in some way. Thanks guys!!!
However, I have questions as a followup for this
successful compile. Please see below, here is the
summary of the steps that I did for the nth time
around:
--- Nick Kew <ni...@webthing.com> wrote:
On Sat, 24 Jul 2004, InHisGrip wrote:
1. Downloaded the httpd-2.0.50.tar.gz at the
apache.org site.
Good.
2. Moved the tarball into a convenient location,
/usr/local/src
That's unconventional, but harmless.
3. Issued the following commands from /usr/local/src:
You missed the important security step: verify the PGP
signature on it.
# tar -vzxf httpd-2.0.50.tar.gz
# cd httpd-2.0.50
# ./configure --prefix=/usr/local/apache2
--enable-mods-shared=all (this one, I added)
# make
# make install
That's fine for what you're doing, but to have a
useful webserver you
would of course want to customise it a bit more:-)
--
Nick Kew
After the stuffs above: did the following too...
# cd /usr/local/apache2/bin
# ./apachectl start
# ./apachectl stop
# ./apachectl restart
No errors from here, after this, I edited the
/etc/init.d/httpd wherein I have changed the default
directory paths to the correct one, i.e.
/usr/local/apache2 and so on.... which worked.
Now, here are my questions folks:
1. Please advise if these commands are okay or
necessary after the ./apachectl restart?
# chkconfig --add httpd
# chkconfig --level 2345 httpd on
# chkconfig --list
2. You mentioned that I missed out the most important
part which is verifying the PGP signature which is
correct. However, I tried verifying the tarball by
following the howto on apache.org site but
unfortunately could not verify the signature and file
somehow?
I know that I need to go and get the checksum or the
key from a trusted source at the main site and then
download the tarball from the nearest site.... when I
did an md5checksum httpd-2.0.50-tar.gz.asc to verify
this and compare the figures I couldn't. Is there a
way to do this file and signature verification
properly?
3. Now, since my compile settings was somehow
successful. When I tried accessing the site, through
my browser whether from my local home network or
internet. I get this error 403 message:
Forbidden
You don't have permission to access / on this server.
Apache/2.0.50 (Unix) DAV/2 Server at
www2.platonfamily.net Port 5688
Now, I presume root cannot be world readable and this
is security reasons. Is there a workaround this? I
tried chmod 755
/usr/local/apache2/htdocs/www.platonfamily.net but to
no avail. I also did make a symbolic link by typing in
the same working directory,
# ln -s index.htm index.html
No luck yet....
Since we are talking about security, I will be posting
another email on this issue of securing apache so that
you may give some of your own expert opinion from your
own standpoint.
Again, thanks very much for looking into this. I
couldn't have done the initial process without the
generous replies of all the people who replied to this
thread such as yourself.
Thanks in advance.
InHisGrip,
Servie
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache behind a router
Posted by Nick Kew <ni...@webthing.com>.
On Tue, 27 Jul 2004, Cameron Roe wrote:
> I am running an ADSL modem to a Linksys firewall and then to an 8 port hub
Apart from the obvious question (does your ISP allow it), google for ECN.
Linksys are notoriously bad for ECN bugs.
This doesn't look like an apache question.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache behind a router
Posted by InHisGrip <se...@yahoo.com>.
Hi Cameron,
I had that problem before and got it to work. I
presume, you have a DSL provider and so you get DHCP
for that?
Anyways, you can try accessing your linksys first by
going to http:192.168.1.1 or whatever you ip you may
have assigned it.
Then go to port forwarding section under advanced tab.
And assign the tcp port for http the default it 80, so
you may assign in your case maybe 8080. Be sure that
your DSL provider does not block ports 8080 as well, I
had that problem with my cable ISP.
Assign or bind your apache to port 8080 in the Listen
Directive you should have Listen 8080. Also the
ServerName Directive should have your
www.yourdomain.com:8080 and should you have also
configured VirtualHost Directives if you intend to
host 2 or more sites, then you need to assign the
correct values here too.
Now, linksys has tied up with dyndns.org. I suggest
you should sign up with them and have an account....
By doing so, you can use a service called MyWebHop
which redirects http requests from outside using port
80 to your assigned ip address. Should you have a
different domain registrar, you should first go to
that site, log in on your account and put the
nameserver entries of dyndns.org to your provider.
That way, all requests will be directed straight to
your linksys firewall and thereby traverse through NAT
and reach your apache box.
And on a final note, make sure your iptables or
firewall rules allow port 8080 so that you won't have
problems in the future.
Thanks and hope I have somehow been able to help.
InHisGrip,
Servie
--- Cameron Roe <ca...@psinaptic.com> wrote:
> So - I'm having the same problem
>
>
> I am running an ADSL modem to a Linksys firewall and
> then to an 8 port hub
> to a home network. I've installed Apache 2 and all
> seemed to go well. The
> problem is that I can access the site locally
> through http://localhost/ or
> through http://192.162.1.105/ but not through my IP
> address of
> http://205.260.250.147/ . As well I can not access
> the site from anyother
> box on my local network, only from the local box.
> To ensure I have the port forwarding correct on the
> linksys i installed
> tomcat on a 'windoze' box on the same network and it
> works fine when I do
> the port forwarding and give the address
> http://205.206.250.147:8080/.
> I also tried various combinations in the Apache conf
> for the listener port
> i.e.
>
> *:80
> 80
> localhost:80
> 205.206.250.147:80
> 192.168.1.105:80
>
> etc. I then thought that there might be some sort of
> security (or ISP
> blockage as referred to below) on ports below 1024
> and tried to listen on
> port 8000 but to no avail, I could still access via
> the local box but not
> the WAN. I must admit that I'm not sure what to try
> now. I can get out from
> the Linux box via mozilla surfing and can send and
> receive mail just fine -
> I just can't access Apache from outside the local
> box! I know through
> 'nmap -p 1-1024 localhost' that Apache is sitting
> there waiting but cant get
> to it outside of localhost. Can someone point me to
> something else to read
> or try?
>
> Many thanks
>
> Cam
> Alex Cairncross wrote:
>
> > ok so, I've scoured the internet for every
> resolution to fix this and
> > still haven't resolved the issue.
> >
> > I'm running a Linksys wrt54g router with one
> computer on a wireless,
> > and mine directly to the router.
> >
> > I can access apache when it's running on both the
> computers so I'm
> > fine with apache I assume. However I have the
> problem that I've read
> > in many places, that no one outside can access my
> server.
> >
> > port forwarding is set properly to 80, directed to
> my machine's IP. if
> > I try and listen on another port and forward it
> accordingly, i just
> > get the router admin page.
> >
> > when I try and do a port scan there is no response
> to my TCP.
> > I don't think it responds to any ping either. I
> disabled block
> > anonymous internet requests, so that maybe it
> would work, but that
> > failed as well.
> >
> > I'm sure the issue is my router and not apache
> > but I've been trying everything I possibly can to
> try and make it so
> > that my server shows up to other remote computers.
> It doesn't make
> > sense that everythign is set up properly, and my
> forwardning should
> > work but apparently it's not working for whatever
> reason.
> >
> > Is there anyone that can help me resolve this?
> > I've searched FAQ's and tons of forum threads on
> the same exact
> > problems to no avail.
> >
> > thanks for your time
> >
> > ~alex
>
> A possibility is you have an unfriendly ISP and
> they have blocked port
> 80 because running a web server on your residential
> service is a
> violation of your TOS (Terms Of Service). Or you
> have a very friendly
> ISP and they have blocked port 80 to prevent your PC
> from being infected
> by a virus.
>
> Assuming you have the firewall protection enabled
> under the "security"
> tab (a very good idea), go to the "applications &
> gaming" tab and enable
> the port you wish to use. Additional details may
> include nailing your IP
> address (not using DHCP) on the PC running apache.
>
> To test whether your ISP has port 80 blocked, tell
> apache to listen on
> some port with a high number below 65,735 (say
> 54321) and try to access
> from the outside world like this:
> http://123.123.123.123:54321
>
> where 123.123.123.123 is your external IP address
> from your router
> "status" tab and 54321 is the port you used in the
> apache Listen statement.
>
> Roger
>
>
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org