You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alain Roger <ra...@gmail.com> on 2011/02/08 13:02:18 UTC
[users@httpd] incoming IP connect
Hi,
i have a host (windows 7) on wihich i have web server with apache/PHP/MySQL.
for now this computer has IP 192.168.1.2 (for example).
on the other hand i have a linux (Fedora 14) computer with IP 192.168.1.50
(for example) which should access to the web server via IP 192.168.1.2.
except Listen 192.168.1.2:80 in the httpd.conf file, what should i add in
the apache configuration file to allow external (other than 192.168.1.2)
connection (but internal to my local network so everything with
192.168.1.xxx) to my web server (via browser) ?
i need help because i'm a little bit confused now.
thanks a lot.
--
Alain
-----------------------------------------------------------
Windows 7 x64 / Fedora 14 x64
PostgreSQL 8.3.5 / MySQL 5
Apache 2.2.16
PHP 5.3.1
Re: [users@httpd] incoming IP connect
Posted by Mike Brown <br...@mrvideo.vidiot.com>.
On Tue, Feb 08, 2011 at 04:52:05PM +0000, Tom Evans wrote:
> If you use Listen *:80, and use a hub, your apache instance will not
> start responding to requests on port 80 directed to another computer
> on the same hub. Seriously.
Then why bother to even have a listen if it doesn't make a difference?
Oh wait, virtual IPs created on the box.
MB
--
e-mail: vidiot@vidiot.com /~\ The ASCII
[I've been to Earth. I know where it is. ] \ / Ribbon Campaign
[And I'm gonna take us there. Starbuck 3/25/07] X Against
Visit - URL: http://vidiot.com/ / \ HTML Email
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Tom Evans <te...@googlemail.com>.
On Tue, Feb 8, 2011 at 4:41 PM, Mike Brown <br...@mrvideo.vidiot.com> wrote:
> On Tue, Feb 08, 2011 at 02:00:24PM +0000, Tom Evans wrote:
>> > Then the ethernet ports on both computers
>> > would "see" IP traffic meant for each other.
>>
>> No.
>
> Ah, but that is indeed what happens. If a hub is used, all packets are placed
> onto all of the jacks of the hub, therefore both computers will see port 80
> packets. Switches route traffic to the appropriate jack of the switch, hubs
> do not.
>
> When I wanted to snoop all traffic that a computer was seeing and generating,
> I'd use a hub to connect the computer I wanted to snoop and he computer doing
> the snooping.
>
> Yes, the builtin snooping facility of the computer I was trying to track the
> traffic on should do the trick. But, in some circumstances I needed a third-
> party snooper.
>
> MB
As I've said, you are welcome to your opinions.
If you use Listen *:80, and use a hub, your apache instance will not
start responding to requests on port 80 directed to another computer
on the same hub. Seriously.
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Mike Brown <br...@mrvideo.vidiot.com>.
On Tue, Feb 08, 2011 at 02:00:24PM +0000, Tom Evans wrote:
> > Then the ethernet ports on both computers
> > would "see" IP traffic meant for each other.
>
> No.
Ah, but that is indeed what happens. If a hub is used, all packets are placed
onto all of the jacks of the hub, therefore both computers will see port 80
packets. Switches route traffic to the appropriate jack of the switch, hubs
do not.
When I wanted to snoop all traffic that a computer was seeing and generating,
I'd use a hub to connect the computer I wanted to snoop and he computer doing
the snooping.
Yes, the builtin snooping facility of the computer I was trying to track the
traffic on should do the trick. But, in some circumstances I needed a third-
party snooper.
MB
--
e-mail: vidiot@vidiot.com /~\ The ASCII
[I've been to Earth. I know where it is. ] \ / Ribbon Campaign
[And I'm gonna take us there. Starbuck 3/25/07] X Against
Visit - URL: http://vidiot.com/ / \ HTML Email
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Tom Evans <te...@googlemail.com>.
On Tue, Feb 8, 2011 at 12:36 PM, Mike Brown <br...@mrvideo.vidiot.com> wrote:
> On Tue, Feb 08, 2011 at 12:29:00PM +0000, Tom Evans wrote:
>> *:80 means "listen on on all addresses on all interfaces THIS BOX
>> has", not "respond to every IP address in the world". Furthermore, how
>> would the 'request meant for the linux server' be routed to the
>> windows box?
>
> Not every address in the world, but every port 80 request that it sees on
> its ethernet connection.
>
> It is possible that the Linux box and the Windblows box could be connected
> to a hub, instead of a switch.
Yes.
> Then the ethernet ports on both computers
> would "see" IP traffic meant for each other.
No.
>
> To me it would be safer not to use the wildcard.
>
> MB
You are free to do as you see fit.
"Listen *:80" means "listen to port 80 on all interfaces configured on
this computer". If that's what is wanted, and it commonly is, it is
safe.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Eric Covener <co...@gmail.com>.
> It is possible that the Linux box and the Windblows box could be connected
> to a hub, instead of a switch. Then the ethernet ports on both computers
> would "see" IP traffic meant for each other.
>
> To me it would be safer not to use the wildcard.
This does not impact what data normal socket applications will receive.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Mike Brown <br...@mrvideo.vidiot.com>.
On Tue, Feb 08, 2011 at 12:29:00PM +0000, Tom Evans wrote:
> *:80 means "listen on on all addresses on all interfaces THIS BOX
> has", not "respond to every IP address in the world". Furthermore, how
> would the 'request meant for the linux server' be routed to the
> windows box?
Not every address in the world, but every port 80 request that it sees on
its ethernet connection.
It is possible that the Linux box and the Windblows box could be connected
to a hub, instead of a switch. Then the ethernet ports on both computers
would "see" IP traffic meant for each other.
To me it would be safer not to use the wildcard.
MB
--
e-mail: vidiot@vidiot.com /~\ The ASCII
[I've been to Earth. I know where it is. ] \ / Ribbon Campaign
[And I'm gonna take us there. Starbuck 3/25/07] X Against
Visit - URL: http://vidiot.com/ / \ HTML Email
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Tom Evans <te...@googlemail.com>.
On Tue, Feb 8, 2011 at 12:21 PM, Mike Brown <br...@mrvideo.vidiot.com> wrote:
> On Tue, Feb 08, 2011 at 12:11:26PM +0000, Tom Evans wrote:
>> Apache doesn't control how packets get routed to your computer, it
>> only controls what it does when they arrive. If you listen on *:80 or
>> 192.168.1.2:80, then anything that can route packets to that
>> server/port will communicate with apache.
>
> IMHO, it is better to set the listen to the IP address of the server apache
> is running on, to keep it from trying to respond to requests to a different
> IP on the same subnet.
>
> If, for example, the Linux box was also running apache, as I understand it,
> if the listen was set for all IPs, then it would try and respond to requests
> meant for the Linux server.
>
> MB
Wow, no, you don't understand it.
*:80 means "listen on on all addresses on all interfaces THIS BOX
has", not "respond to every IP address in the world". Furthermore, how
would the 'request meant for the linux server' be routed to the
windows box?
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Mike Brown <br...@mrvideo.vidiot.com>.
On Tue, Feb 08, 2011 at 12:11:26PM +0000, Tom Evans wrote:
> Apache doesn't control how packets get routed to your computer, it
> only controls what it does when they arrive. If you listen on *:80 or
> 192.168.1.2:80, then anything that can route packets to that
> server/port will communicate with apache.
IMHO, it is better to set the listen to the IP address of the server apache
is running on, to keep it from trying to respond to requests to a different
IP on the same subnet.
If, for example, the Linux box was also running apache, as I understand it,
if the listen was set for all IPs, then it would try and respond to requests
meant for the Linux server.
MB
--
e-mail: vidiot@vidiot.com /~\ The ASCII
[I've been to Earth. I know where it is. ] \ / Ribbon Campaign
[And I'm gonna take us there. Starbuck 3/25/07] X Against
Visit - URL: http://vidiot.com/ / \ HTML Email
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Tom Evans <te...@googlemail.com>.
On Tue, Feb 8, 2011 at 12:02 PM, Alain Roger <ra...@gmail.com> wrote:
> Hi,
>
> i have a host (windows 7) on wihich i have web server with apache/PHP/MySQL.
> for now this computer has IP 192.168.1.2 (for example).
> on the other hand i have a linux (Fedora 14) computer with IP 192.168.1.50
> (for example) which should access to the web server via IP 192.168.1.2.
>
> except Listen 192.168.1.2:80 in the httpd.conf file, what should i add in
> the apache configuration file to allow external (other than 192.168.1.2)
> connection (but internal to my local network so everything with
> 192.168.1.xxx) to my web server (via browser) ?
> i need help because i'm a little bit confused now.
>
> thanks a lot.
>
> --
> Alain
> -----------------------------------------------------------
> Windows 7 x64 / Fedora 14 x64
> PostgreSQL 8.3.5 / MySQL 5
> Apache 2.2.16
> PHP 5.3.1
>
>
Apache doesn't control how packets get routed to your computer, it
only controls what it does when they arrive. If you listen on *:80 or
192.168.1.2:80, then anything that can route packets to that
server/port will communicate with apache.
Eg, if you configure your router to forward packets coming to your
external IP on port 80 to 192.168.1.2:80, then computers outside your
network would now be able to access your server, but nothing changes
in apache.
If you have configured apache to listen on *:80 or 192.168.1.2:80, and
cannot connect to it from another machine on the same subnet
(192.168.1.50 for example), then you have some firewall issue between
those two computers.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] incoming IP connect
Posted by Mike Brown <br...@mrvideo.vidiot.com>.
On Tue, Feb 08, 2011 at 01:02:18PM +0100, Alain Roger wrote:
> i have a host (windows 7) on wihich i have web server with apache/PHP/MySQL.
> for now this computer has IP 192.168.1.2 (for example).
> on the other hand i have a linux (Fedora 14) computer with IP 192.168.1.50
> (for example) which should access to the web server via IP 192.168.1.2.
>
> except Listen 192.168.1.2:80 in the httpd.conf file, what should i add in
> the apache configuration file to allow external (other than 192.168.1.2)
> connection (but internal to my local network so everything with
> 192.168.1.xxx) to my web server (via browser) ?
> i need help because i'm a little bit confused now.
I have kind-of a dumb question... Why aren't you doing all of the serving on
the better OS: Linux?
To answer your question, as I understand it, all you should need is:
Listen 192.168.1.2:80
Listen 127.0.0.1:80
If that doesn't work, check that there isn't a firewall issue that is
blocking port 80 requests.
MB
--
e-mail: vidiot@vidiot.com /~\ The ASCII
[I've been to Earth. I know where it is. ] \ / Ribbon Campaign
[And I'm gonna take us there. Starbuck 3/25/07] X Against
Visit - URL: http://vidiot.com/ / \ HTML Email
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org