You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Harry Patterson <ha...@visiontm.com> on 2004/09/12 20:00:32 UTC
[users@httpd] apache not responding to firewall routed ports
I'm sure I am missing something obvious here, but I cannot get my apache
server to respond to requests that are routed through our firewall. I have
provided some pertinent info below, if you need more let me know.
The firewall forwards all port 8080 request for IP 216.49.170.99 to an
internal address 192.168.2.204 also on port 8080. Apache responds fine using
the internal address on an internal computer (same subnet). When using an
external computer going to the external address, I can see the packets
coming in to the server using tcpdump. As expected their destination is
192.168.2.204 and the .8080 shows they are coming in to port 8080. But I get
a "Cannot find Server" error in the browser. There are no errors recorded in
the apache logs. So why isn't it accepting those requests?
Any help would be appreciated.
Harry
============================
Apache/1.3.3 on FreeBSD UNIX
In a browser from internet outside the firewall from address 69.68.223.8:
http://216.49.170.99:8080/
times out - Cannot find server error
no entry in apache error log or access log
In Firewall Setup :
216.49.170.99 port 8080 forwards to 192.168.2.204 port 8080
TCPDUMP on server:
while attempting to access 216.49.170.99:8080 from Internet (lines
wrapped for readability)
webserver# tcpdump -t -n -vv port 8080
tcpdump: listening on ed0
69.68.223.8.16572 > 192.168.2.204.8080: S 3490321463:3490321463(0) win
65535
<mss 1302,nop,nop,sackOK> (DF) (ttl 108, id 21905)
69.68.223.8.16572 > 192.168.2.204.8080: S 3490321463:3490321463(0) win
65535
<mss 1302,nop,nop,sackOK> (DF) (ttl 108, id 21908)
69.68.223.8.16572 > 192.168.2.204.8080: S 3490321463:3490321463(0) win
65535
<mss 1302,nop,nop,sackOK> (DF) (ttl 108, id 21910)
In Browser from internal 192 address:
http://192.168.2.204:8080
connects and serves homepage
In httpd.conf:
NameVirtualHost 192.168.2.204
Listen 80
Listen 8080
<VirtualHost 192.168.2.204>
ServerName www.frippcorp.com
ServerAlias test.frippcorp.com frippcorp.com
DocumentRoot /usr/home/harry/public_html
ErrorLog /var/log/192-error_log
TransferLog /var/log/192-access_log
LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
ScriptAlias /sys-cgi/ /usr/home/cgi-bin/
ScriptAlias /cgi-bin/ /usr/home/harry/public_html/cgi-bin/
</VirtualHost>
<Directory /usr/home/harry/public_html>
AllowOverride All
</Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] apache not responding to firewall routed ports
Posted by Al Sparks <da...@yahoo.com>.
The TCP/IP protocol defines packets with IP addresses only. What your
computer does is build a table of IP addresses matching them against
hardware addresses of the devices it "sees", which are in your LAN.
For an actual table, type
$ arp
to see a listing of such a table.
If your computer tries to send to an IP address outside your LAN, it
has to send that packet through a gateway (router) that it "sees" and
is in your ARP table. That router turns around and either sends the
packet on to the machine directly, or to another router (or firewall?)
which turns around and sends it to another...
I'm not sure where you were running tcpdump, inside your LAN or
outside, on the machine itself or off. But basically, your computer
didn't know where to send the return packet or ACK, so maybe it didn't
send anything at all, if you didn't have a default route for it set at
all; I'm actually not sure. I tend to not use tcpdump when
troubleshooting network connectivity, but other tools like ping and
traceroute.
And of course this isn't a network group. We're getting pretty far
away from Apache issues in discussing this. If you want to learn more
about this subject, I would suggest a network classic, "TCP/IP
Illustrated, Volume 1, The Protocols" by W. Richard Stevens. Even
though it was published 10 years ago, it's still relevant today. Just
reading the first few chapters will give you a basic understanding of
TCP/IP networking, and that knowledge will help you with setting up
and troubleshooting network problems whether your server has apache on
it or not.
=== Al
--- Harry Patterson <ha...@visiontm.com> wrote:
> Thanks Al - it is solved,
>
> The default route was the issue. However, what I don't understand is why no
> ack shows in tcpdump with the default route pointing to a different
> connection? Does tcpdump only show completed/reachable packets, there was a
> route and a gateway to 192.168.2.1, but the outbound packets were trying to
> go back out the other default route? It did not show an ack on the external
> attempt when the default route was to a different interface. I suppose I
> should take the success and move on, but then I really wouldn't know all the
> answers here. Any ideas?
>
> Thanks again for helping solve this!!!
>
> Harry
>
> -----Original Message-----
> From: Al Sparks [mailto:data345@yahoo.com]
> Sent: Wednesday, September 15, 2004 9:28 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] apache not responding to firewall routed
> ports
>
>
> What I here you saying is that you see the server coming back with an ack
> internally via tcpdump,
> but you're not seeing that packet reach anything externally.
>
> You also say that you are getting responses (web pages) back
> internally.
>
> There's a couple of things to check. I already mentioned the
> firewall; find out if the packets are reaching the firewall.
>
> The other thing to check on the server itself, and it's related to
> checking the firewall, is if there's a default gateway back out of the
> network.
>
> The following command will work on most (all?) linux distros, and
> maybe BSD distros too:
>
> $ netstat �rn
> Destination Gateway Genmask Flags MSS Window irtt Iface
> [other stuff]
> 0.0.0.0 192.168.2.1 0.0.0.0 UG 40 0 0 eth0
>
> The last line basically says anything going outside the LAN will go
> through a network device (usually a router) with an IP address of
> 192.168.2.1 (assuming that's your "gateway"). When doing a network
> configuration, if you leave out the "gateway" setting, the server
> doesn't know where to send the packets if it's outside the LAN. It's
> a fairly common error.
> === Al
>
> --- Harry Patterson <ha...@visiontm.com> wrote:
>
> > Hi Al,
> >
> > Thanks for responding. That's what I thought as well which is what
> prompted
> > me to do the tcpdump. I am by no means an expert at reading those dumps,
> but
> > in looking at the internal connection query I see an acknowledgement back
> > from Apache. I would think I would at least see the ack back from Apache
> on
> > the external whether it reached me through the firewall or not. There is
> no
> > ack back. If you look below you will see the tcpdump of the internal
> > communication, the 1st & 2nd line is the query and the 3rd-8th lines show
> > some of the acks. If you have my original post you will see the external
> > attempts with no ack. I even opened all ports on the firewall for my
> > external IP address just in case to no avail. It's baffling to say the
> > least. Any more thoughts would be appreciated, including if I am reading
> > these correctly.
> >
> > Harry
> >
> > 192.168.2.206.3365 > 192.168.2.204.8080: S 2489588123:2489588123(0) win
> > 64240
> > <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 17227)
> > 192.168.2.204.8080 > 192.168.2.206.3365: S 3798610920:3798610920(0) ack
> > 2489588124
> > win 17520 <mss 1460> (DF) (ttl 64, id 56459)
> > 192.168.2.206.3365 > 192.168.2.204.8080: . ack 1 win 64240 (DF) (ttl 128,
> > id 17229)
> > 192.168.2.206.3365 > 192.168.2.204.8080: P 1:459(458) ack 1 win 64240 (DF)
> > (ttl 128, id 17230)
> >
> >
> > -----Original Message-----
> > From: Al Sparks [mailto:data345@yahoo.com]
> > Sent: Tuesday, September 14, 2004 3:50 PM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] apache not responding to firewall routed
> > ports
> >
> >
> > It sounds like packets are coming in and reaching your server, but not
> > going back out. When your server answers, the FW is probably blocking
> > outgoing packets.
> >
> > I'd check your firewall logs. You may have to turn on logging, depending
> > on the firewall.
> > === Al
> >
> > --- Harry Patterson <ha...@visiontm.com> wrote:
> >
> > > I'm sure I am missing something obvious here, but I cannot get my apache
> > > server to respond to requests that are routed through our firewall. I
> have
> > > provided some pertinent info below, if you need more let me know.
> > >
> > > The firewall forwards all port 8080 request for IP 216.49.170.99 to an
> > > internal address 192.168.2.204 also on port 8080. Apache responds fine
> > using
> > > the internal address on an internal computer (same subnet). When using
> an
> > > external computer going to the external address, I can see the packets
> > > coming in to the server using tcpdump. As expected their destination is
> > > 192.168.2.204 and the .8080 shows they are coming in to port 8080. But I
> > get
> > > a "Cannot find Server" error in the browser. There are no errors
> recorded
> > in
> > > the apache logs. So why isn't it accepting those requests?
> > >
> > > Any help would be appreciated.
> > > Harry
> > > ===========================
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] apache not responding to firewall routed ports
Posted by Harry Patterson <ha...@visiontm.com>.
Thanks Al - it is solved,
The default route was the issue. However, what I don't understand is why no
ack shows in tcpdump with the default route pointing to a different
connection? Does tcpdump only show completed/reachable packets, there was a
route and a gateway to 192.168.2.1, but the outbound packets were trying to
go back out the other default route? It did not show an ack on the external
attempt when the default route was to a different interface. I suppose I
should take the success and move on, but then I really wouldn't know all the
answers here. Any ideas?
Thanks again for helping solve this!!!
Harry
-----Original Message-----
From: Al Sparks [mailto:data345@yahoo.com]
Sent: Wednesday, September 15, 2004 9:28 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] apache not responding to firewall routed
ports
What I here you saying is that you see the server coming back with an ack
internally via tcpdump,
but you're not seeing that packet reach anything externally.
You also say that you are getting responses (web pages) back
internally.
There's a couple of things to check. I already mentioned the
firewall; find out if the packets are reaching the firewall.
The other thing to check on the server itself, and it's related to
checking the firewall, is if there's a default gateway back out of the
network.
The following command will work on most (all?) linux distros, and
maybe BSD distros too:
$ netstat �rn
Destination Gateway Genmask Flags MSS Window irtt Iface
[other stuff]
0.0.0.0 192.168.2.1 0.0.0.0 UG 40 0 0 eth0
The last line basically says anything going outside the LAN will go
through a network device (usually a router) with an IP address of
192.168.2.1 (assuming that's your "gateway"). When doing a network
configuration, if you leave out the "gateway" setting, the server
doesn't know where to send the packets if it's outside the LAN. It's
a fairly common error.
=== Al
--- Harry Patterson <ha...@visiontm.com> wrote:
> Hi Al,
>
> Thanks for responding. That's what I thought as well which is what
prompted
> me to do the tcpdump. I am by no means an expert at reading those dumps,
but
> in looking at the internal connection query I see an acknowledgement back
> from Apache. I would think I would at least see the ack back from Apache
on
> the external whether it reached me through the firewall or not. There is
no
> ack back. If you look below you will see the tcpdump of the internal
> communication, the 1st & 2nd line is the query and the 3rd-8th lines show
> some of the acks. If you have my original post you will see the external
> attempts with no ack. I even opened all ports on the firewall for my
> external IP address just in case to no avail. It's baffling to say the
> least. Any more thoughts would be appreciated, including if I am reading
> these correctly.
>
> Harry
>
> 192.168.2.206.3365 > 192.168.2.204.8080: S 2489588123:2489588123(0) win
> 64240
> <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 17227)
> 192.168.2.204.8080 > 192.168.2.206.3365: S 3798610920:3798610920(0) ack
> 2489588124
> win 17520 <mss 1460> (DF) (ttl 64, id 56459)
> 192.168.2.206.3365 > 192.168.2.204.8080: . ack 1 win 64240 (DF) (ttl 128,
> id 17229)
> 192.168.2.206.3365 > 192.168.2.204.8080: P 1:459(458) ack 1 win 64240 (DF)
> (ttl 128, id 17230)
>
>
> -----Original Message-----
> From: Al Sparks [mailto:data345@yahoo.com]
> Sent: Tuesday, September 14, 2004 3:50 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] apache not responding to firewall routed
> ports
>
>
> It sounds like packets are coming in and reaching your server, but not
> going back out. When your server answers, the FW is probably blocking
> outgoing packets.
>
> I'd check your firewall logs. You may have to turn on logging, depending
> on the firewall.
> === Al
>
> --- Harry Patterson <ha...@visiontm.com> wrote:
>
> > I'm sure I am missing something obvious here, but I cannot get my apache
> > server to respond to requests that are routed through our firewall. I
have
> > provided some pertinent info below, if you need more let me know.
> >
> > The firewall forwards all port 8080 request for IP 216.49.170.99 to an
> > internal address 192.168.2.204 also on port 8080. Apache responds fine
> using
> > the internal address on an internal computer (same subnet). When using
an
> > external computer going to the external address, I can see the packets
> > coming in to the server using tcpdump. As expected their destination is
> > 192.168.2.204 and the .8080 shows they are coming in to port 8080. But I
> get
> > a "Cannot find Server" error in the browser. There are no errors
recorded
> in
> > the apache logs. So why isn't it accepting those requests?
> >
> > Any help would be appreciated.
> > Harry
> > ===========================
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] apache not responding to firewall routed ports
Posted by Al Sparks <da...@yahoo.com>.
What I here you saying is that you see the server coming back with an ack internally via tcpdump,
but you're not seeing that packet reach anything externally.
You also say that you are getting responses (web pages) back
internally.
There's a couple of things to check. I already mentioned the
firewall; find out if the packets are reaching the firewall.
The other thing to check on the server itself, and it's related to
checking the firewall, is if there's a default gateway back out of the
network.
The following command will work on most (all?) linux distros, and
maybe BSD distros too:
$ netstat �rn
Destination Gateway Genmask Flags MSS Window irtt Iface
[other stuff]
0.0.0.0 192.168.2.1 0.0.0.0 UG 40 0 0 eth0
The last line basically says anything going outside the LAN will go
through a network device (usually a router) with an IP address of
192.168.2.1 (assuming that's your "gateway"). When doing a network
configuration, if you leave out the "gateway" setting, the server
doesn't know where to send the packets if it's outside the LAN. It's
a fairly common error.
=== Al
--- Harry Patterson <ha...@visiontm.com> wrote:
> Hi Al,
>
> Thanks for responding. That's what I thought as well which is what prompted
> me to do the tcpdump. I am by no means an expert at reading those dumps, but
> in looking at the internal connection query I see an acknowledgement back
> from Apache. I would think I would at least see the ack back from Apache on
> the external whether it reached me through the firewall or not. There is no
> ack back. If you look below you will see the tcpdump of the internal
> communication, the 1st & 2nd line is the query and the 3rd-8th lines show
> some of the acks. If you have my original post you will see the external
> attempts with no ack. I even opened all ports on the firewall for my
> external IP address just in case to no avail. It's baffling to say the
> least. Any more thoughts would be appreciated, including if I am reading
> these correctly.
>
> Harry
>
> 192.168.2.206.3365 > 192.168.2.204.8080: S 2489588123:2489588123(0) win
> 64240
> <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 17227)
> 192.168.2.204.8080 > 192.168.2.206.3365: S 3798610920:3798610920(0) ack
> 2489588124
> win 17520 <mss 1460> (DF) (ttl 64, id 56459)
> 192.168.2.206.3365 > 192.168.2.204.8080: . ack 1 win 64240 (DF) (ttl 128,
> id 17229)
> 192.168.2.206.3365 > 192.168.2.204.8080: P 1:459(458) ack 1 win 64240 (DF)
> (ttl 128, id 17230)
>
>
> -----Original Message-----
> From: Al Sparks [mailto:data345@yahoo.com]
> Sent: Tuesday, September 14, 2004 3:50 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] apache not responding to firewall routed
> ports
>
>
> It sounds like packets are coming in and reaching your server, but not
> going back out. When your server answers, the FW is probably blocking
> outgoing packets.
>
> I'd check your firewall logs. You may have to turn on logging, depending
> on the firewall.
> === Al
>
> --- Harry Patterson <ha...@visiontm.com> wrote:
>
> > I'm sure I am missing something obvious here, but I cannot get my apache
> > server to respond to requests that are routed through our firewall. I have
> > provided some pertinent info below, if you need more let me know.
> >
> > The firewall forwards all port 8080 request for IP 216.49.170.99 to an
> > internal address 192.168.2.204 also on port 8080. Apache responds fine
> using
> > the internal address on an internal computer (same subnet). When using an
> > external computer going to the external address, I can see the packets
> > coming in to the server using tcpdump. As expected their destination is
> > 192.168.2.204 and the .8080 shows they are coming in to port 8080. But I
> get
> > a "Cannot find Server" error in the browser. There are no errors recorded
> in
> > the apache logs. So why isn't it accepting those requests?
> >
> > Any help would be appreciated.
> > Harry
> > ===========================
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] apache not responding to firewall routed ports
Posted by Harry Patterson <ha...@visiontm.com>.
Hi Al,
Thanks for responding. That's what I thought as well which is what prompted
me to do the tcpdump. I am by no means an expert at reading those dumps, but
in looking at the internal connection query I see an acknowledgement back
from Apache. I would think I would at least see the ack back from Apache on
the external whether it reached me through the firewall or not. There is no
ack back. If you look below you will see the tcpdump of the internal
communication, the 1st & 2nd line is the query and the 3rd-8th lines show
some of the acks. If you have my original post you will see the external
attempts with no ack. I even opened all ports on the firewall for my
external IP address just in case to no avail. It's baffling to say the
least. Any more thoughts would be appreciated, including if I am reading
these correctly.
Harry
192.168.2.206.3365 > 192.168.2.204.8080: S 2489588123:2489588123(0) win
64240
<mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 17227)
192.168.2.204.8080 > 192.168.2.206.3365: S 3798610920:3798610920(0) ack
2489588124
win 17520 <mss 1460> (DF) (ttl 64, id 56459)
192.168.2.206.3365 > 192.168.2.204.8080: . ack 1 win 64240 (DF) (ttl 128,
id 17229)
192.168.2.206.3365 > 192.168.2.204.8080: P 1:459(458) ack 1 win 64240 (DF)
(ttl 128, id 17230)
-----Original Message-----
From: Al Sparks [mailto:data345@yahoo.com]
Sent: Tuesday, September 14, 2004 3:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] apache not responding to firewall routed
ports
It sounds like packets are coming in and reaching your server, but not
going back out. When your server answers, the FW is probably blocking
outgoing packets.
I'd check your firewall logs. You may have to turn on logging, depending
on the firewall.
=== Al
--- Harry Patterson <ha...@visiontm.com> wrote:
> I'm sure I am missing something obvious here, but I cannot get my apache
> server to respond to requests that are routed through our firewall. I have
> provided some pertinent info below, if you need more let me know.
>
> The firewall forwards all port 8080 request for IP 216.49.170.99 to an
> internal address 192.168.2.204 also on port 8080. Apache responds fine
using
> the internal address on an internal computer (same subnet). When using an
> external computer going to the external address, I can see the packets
> coming in to the server using tcpdump. As expected their destination is
> 192.168.2.204 and the .8080 shows they are coming in to port 8080. But I
get
> a "Cannot find Server" error in the browser. There are no errors recorded
in
> the apache logs. So why isn't it accepting those requests?
>
> Any help would be appreciated.
> Harry
> ===========================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache not responding to firewall routed ports
Posted by Al Sparks <da...@yahoo.com>.
It sounds like packets are coming in and reaching your server, but not
going back out. When your server answers, the FW is probably blocking
outgoing packets.
I'd check your firewall logs. You may have to turn on logging, depending
on the firewall.
=== Al
--- Harry Patterson <ha...@visiontm.com> wrote:
> I'm sure I am missing something obvious here, but I cannot get my apache
> server to respond to requests that are routed through our firewall. I have
> provided some pertinent info below, if you need more let me know.
>
> The firewall forwards all port 8080 request for IP 216.49.170.99 to an
> internal address 192.168.2.204 also on port 8080. Apache responds fine using
> the internal address on an internal computer (same subnet). When using an
> external computer going to the external address, I can see the packets
> coming in to the server using tcpdump. As expected their destination is
> 192.168.2.204 and the .8080 shows they are coming in to port 8080. But I get
> a "Cannot find Server" error in the browser. There are no errors recorded in
> the apache logs. So why isn't it accepting those requests?
>
> Any help would be appreciated.
> Harry
> ===========================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org