[SOLVED-unhappily] can't access httpd server externally

brisbin33 · 2009-01-08 22:52:02

--EDIT--

due to here and here i have learned that my ISP is in fact blocking inbound TCP connections on port 80. i have sent an email to RCN requesting they're "static IP service" which that second link claims has no ports blocked.

if/when they open port 80 i will retry my apache setup and if i still have problems i may resurrect this thread.

thanks for all your help guys.

--/EDIT--

I'm trying to set up a simple server on my home box. i've got apache/php up and running with a simple test /example.html file and the test.php from the LAMP wiki.

my router has port 80 forwarded (among others)
my external IP is mapped to pbrisbin.com (resolves for vsftp and sshd just fine)
httpd running, with `httpd: ALL` and `http: ALL` in my hosts.allow file`
no firewalls, no iptables

http://localhost/example.html works great
http://www.pbrisbin.com/example.html also works great when run from _inside_ my network
http://www.pbrisbin.com/example.html does not work from outside my network

so, calling the loopback interface works
calling the external IP from inside the network works
calling the external IP from outside the network does not work

when i connect from inside the network, my php test page indicates the server address as my internal IP (192.168...) and the remote address as my external IP. so even though i type pbrisbin.com (which resolves to my 64.25... external IP), the php test page shows the "server address" as my 192.168.../internal IP address.

is there some step i missed? is it possible to do what i'm trying to do behind a router?

any help much appreciated

my config files are out of the box but i can supply them later if you like.

thanks,
pat

Last edited by brisbin33 (2009-01-09 15:21:25)

Wintervenom · 2009-01-08 22:55:02

Did you remember to allow HTTP and HTTPS in your /etc/hosts.allow?

Last edited by Wintervenom (2009-01-08 22:59:35)

brisbin33 · 2009-01-08 22:57:02

brisbin33 wrote:

httpd running, with `httpd: ALL` and `http: ALL` in my hosts.allow file`

do i need https too?

also, since when connected from inside my network the "remote address" is shown as my external IP (64.25...) so i'm guess that connection was 'allow'ed meaning my hosts.allow file is not at fault? am i wrong?

uastasi · 2009-01-08 22:59:40

You should modify your httpd.conf and add a line like this

Listen your_lan_ip:80

Wintervenom · 2009-01-08 23:00:13

Never mind, I missed that line in your post.
I forgot to add though, does your ISP block port 80?

brisbin33 · 2009-01-08 23:01:22

uastasi,

sorry for being a bit thick at the moment; by my_lan_ip you mean my router's IP address or my box's internal IP?

EDIT: with my routers IP, httpd fails to start, my box's internal IP works; so i'm guessing that's it

EDIT2: by "works" i mean httpd starts... still no external connections

Last edited by brisbin33 (2009-01-08 23:13:18)

brisbin33 · 2009-01-08 23:03:46

Wintervenom wrote:

does your ISP block port 80?

this i would not know, do you know the nmap command or similar so i could check?

brisbin33 · 2009-01-08 23:08:44

nmap says:

--snip--

80/tcp    open   Apache...

--/snip--

but that was running nmap on my external IP from inside my network so, i'm assuming those results aren't really valid?

Sjoden · 2009-01-08 23:26:17

I'd suggest asking a friend, or maybe someone from here that you trust to nmap your IP, but your ISP might not like that. Who is your ISP and where is your general location/region/town/whatever, maybe someone can just look up if they block the port or not.

/edit
Also, can we get the exact error message from the browser?

/edit
Ok, so I pinged your domain name, and it resolved to an IP other than the one you posted above, but I never got any replies back.

/edit
Perhaps you can run a different service, say ssh, or even a game server, and in the conf files set the listening port to 80, and then try it again on the default ports. That could tell us if your ISP is blocking incoming http requests or not. If those services are reachable from the outside world over port 80, then it is likely an Apache configuration issue, if they can't be reached, then your ISP is probably blocking them. You could also just send an email to your ISP, from an email address other than one provided from them, and ask if they are blocking port 80.

Last edited by Sjoden (2009-01-08 23:35:03)

uastasi · 2009-01-08 23:32:18

brisbin33 wrote:

uastasi,
sorry for being a bit thick at the moment; by my_lan_ip you mean my router's IP address or my box's internal IP?
EDIT: with my routers IP, httpd fails to start, my box's internal IP works; so i'm guessing that's it
EDIT2: by "works" i mean httpd starts... still no external connections

I meant your box's internal IP, the same that you set for forwarding.
If you want to use another port just replace both it in that line and in your router administration panel.

Wintervenom · 2009-01-09 00:05:47

brisbin33 wrote:

Wintervenom wrote:
does your ISP block port 80?
this i would not know, do you know the nmap command or similar so i could check?

It's been way too long since I've last used nmap, so nope.
But you could move everything from port 80 to 8080 or something and try it.

fukawi2 · 2009-01-09 00:56:40

Run this command on the server when you try, and see if anything comes up:

tcpdump -lnn -i ethX port 80

Replace ethX with your interface (presumably eth0).

If it shows traffic, then the traffic is coming through the NAT gateway correctly but is being FUBAR'ed internally. If nothing shows up, then the traffic is making it either to and/or past the NAT gateway.

Last edited by fukawi2 (2009-01-09 00:57:38)

brisbin33 · 2009-01-09 14:37:09

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:28:41.389672 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [S], seq 3890161873, win 5840, options [mss 1460,sackOK,TS val 456489250 ecr 0,nop,wscale 6], length 0
09:28:41.426192 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [S.], seq 4011900771, ack 3890161874, win 16384, options [mss 1460,nop,wscale 0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0
09:28:41.426203 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [.], ack 1, win 92, options [nop,nop,TS val 456489261 ecr 0], length 0
09:28:41.426371 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [P.], ack 1, win 92, options [nop,nop,TS val 456489261 ecr 0], length 192
09:28:41.589064 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [.], ack 193, win 65343, options [nop,nop,TS val 282118 ecr 456489261], length 1448
09:28:41.589070 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [.], ack 1449, win 137, options [nop,nop,TS val 456489310 ecr 282118], length 0
09:28:41.589181 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [P.], ack 193, win 65343, options [nop,nop,TS val 282118 ecr 456489261], length 600
09:28:41.589184 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [.], ack 2049, win 182, options [nop,nop,TS val 456489310 ecr 282118], length 0
09:28:41.589497 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [.], ack 193, win 65343, options [nop,nop,TS val 282118 ecr 456489261], length 872
09:28:41.589503 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [.], ack 2921, win 227, options [nop,nop,TS val 456489310 ecr 282118], length 0
09:28:41.616491 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [FP.], seq 2921:3034, ack 193, win 65343, options [nop,nop,TS val 282118 ecr 456489310], length 113
09:28:41.616596 IP 192.168.0.5.37669 > 207.242.93.22.80: Flags [F.], seq 193, ack 3035, win 227, options [nop,nop,TS val 456489318 ecr 282118], length 0
09:28:41.652062 IP 207.242.93.22.80 > 192.168.0.5.37669: Flags [.], ack 194, win 65343, options [nop,nop,TS val 282118 ecr 456489318], length 0
09:30:00.065474 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [S], seq 833785785, win 5840, options [mss 1460,sackOK,TS val 456512853 ecr 0,nop,wscale 6], length 0
09:30:00.167007 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [S.], seq 159355854, ack 833785786, win 4380, options [mss 1460,nop,wscale 0,nop,nop,TS val 3151313888 ecr 456512853,sackOK,eol], length 0
09:30:00.167020 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [.], ack 1, win 92, options [nop,nop,TS val 456512883 ecr 3151313888], length 0
09:30:00.167192 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [P.], ack 1, win 92, options [nop,nop,TS val 456512883 ecr 3151313888], length 144
09:30:00.383987 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [.], ack 145, win 4524, options [nop,nop,TS val 3151314106 ecr 456512883], length 0
09:30:06.346279 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [.], ack 145, win 4524, options [nop,nop,TS val 3151320069 ecr 456512883], length 1448
09:30:06.346289 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [.], ack 1449, win 137, options [nop,nop,TS val 456514737 ecr 3151320069], length 0
09:30:06.346291 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [P.], ack 145, win 4524, options [nop,nop,TS val 3151320069 ecr 456512883], length 12
09:30:06.346295 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [.], ack 1461, win 137, options [nop,nop,TS val 456514737 ecr 3151320069], length 0
09:30:06.450650 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [P.], ack 145, win 4524, options [nop,nop,TS val 3151320174 ecr 456514737], length 341
09:30:06.450657 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [.], ack 1802, win 182, options [nop,nop,TS val 456514768 ecr 3151320174], length 0
09:30:06.451024 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [P.], ack 1802, win 182, options [nop,nop,TS val 456514769 ecr 3151320174], length 191
09:30:06.658371 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [.], ack 336, win 4715, options [nop,nop,TS val 3151320382 ecr 456514769], length 0
09:30:06.868707 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [P.], ack 336, win 4715, options [nop,nop,TS val 3151320591 ecr 456514769], length 307
09:30:06.869006 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [F.], seq 336, ack 2109, win 227, options [nop,nop,TS val 456514894 ecr 3151320591], length 0
09:30:06.980473 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [.], ack 337, win 4715, options [nop,nop,TS val 3151320705 ecr 456514894], length 0
09:30:06.982140 IP 64.85.73.40.80 > 192.168.0.5.56804: Flags [F.], seq 2109, ack 337, win 4715, options [nop,nop,TS val 3151320705 ecr 456514894], length 0
09:30:06.982149 IP 192.168.0.5.56804 > 64.85.73.40.80: Flags [.], ack 2110, win 227, options [nop,nop,TS val 456514928 ecr 3151320705], length 0
^C
31 packets captured
31 packets received by filter
0 packets dropped by kernel

192.168... is my lan IP
my external IP is 209.94.131.65
the IP of the computer i was connecting _from_ is 216.204.172.218

i don't know where the other IP's in that output come from

so now it's down to a hosts.allow/httpd.conf problem?

brisbin33 · 2009-01-09 14:45:52

@Sjodan

i use RCN cable in the boston/MA area; i don't think they block port 80 due to the tcpdump output above.

sorry about the IP, i misread some output it's actually 209.94... from above; i suspect that's what you got when you pinged me.

i think due to the tcpdump output the traffic is getting into the box.

errormessage wrote:

Network Timeout
The server at www.pbrisbin.com is taking too long to respond.
The requested site did not respond to a connection request and the browser has stopped waiting for a reply.
* Could the server be experiencing high demand or a temporary outage? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.
* Still having trouble? Consult your network administrator or Internet provider for assistance.

but you can just head over to http://www.pbrisbin.com/example.html to see it in your own browser

EDIT: shit.

Last edited by brisbin33 (2009-01-09 15:00:49)

brisbin33 · 2009-01-09 15:22:44

marked as solved (sorta) -- please see OP for details.

many thanks to all.

Sjoden · 2009-01-10 00:24:25

Sorry to hear that man. You could see how much extra a static IP costs. Idk about your situation, living with parents, or have your own apartment or w/e, but depending on your disposable income, you could get a virtual private server. I have one from slicehost, linode is also popular, and possibly a better deal, idk for sure. I pay 20 dollars a month for mine.

brisbin33 · 2009-01-10 20:52:24

Sjoden wrote:

Sorry to hear that man. You could see how much extra a static IP costs. Idk about your situation, living with parents, or have your own apartment or w/e, but depending on your disposable income, you could get a virtual private server. I have one from slicehost, linode is also popular, and possibly a better deal, idk for sure. I pay 20 dollars a month for mine.

thanks for the info; it's just me in my apartment and i wouldn't mind tacking on a bit per month for their static-ip service, it's just not listed as an option on their website so i'm waitin for a reply to my email before i debate sitting on hold for 5 hours to find out about it. i only started this whole thing b/c i wanted to learn and i liked the idea of it all being on my box right here next to me, having full control over what happens and why/how it happens. for that reason, i think i'll stay away from the virtual server stuff until i'm in a situation where i *need* some webspace and can't get it any other way.

cheers,
pat

baeksu · 2009-01-12 01:31:12

Does your ISP block other ports as well? I'm thinking in particular of port 443, which would allow you to run your site over ssl (with a self-signed certificate).

You can run the server over any port you wish, just include the port number in the url when you want to access it with a browser.

brisbin33 · 2009-01-12 16:50:49

baeksu,

they claim to block 80 incoming and 25 outgoing in an attempt to prevent my box becoming some spam-bot. i like your 443 SSL idea... maybe some day.

i was aware that i could choose the port, but i'd rather not have to include (really, tell others to include) the port number in my url.

thanks for the info, if you have any tutorials on the 443/SSL method, i'd be much appreciative.

Arch Linux

#1 2009-01-08 22:52:02

[SOLVED-unhappily] can't access httpd server externally

#2 2009-01-08 22:55:02

Re: [SOLVED-unhappily] can't access httpd server externally

#3 2009-01-08 22:57:02

Re: [SOLVED-unhappily] can't access httpd server externally

#4 2009-01-08 22:59:40

Re: [SOLVED-unhappily] can't access httpd server externally

#5 2009-01-08 23:00:13

Re: [SOLVED-unhappily] can't access httpd server externally

#6 2009-01-08 23:01:22

Re: [SOLVED-unhappily] can't access httpd server externally

#7 2009-01-08 23:03:46

Re: [SOLVED-unhappily] can't access httpd server externally

#8 2009-01-08 23:08:44

Re: [SOLVED-unhappily] can't access httpd server externally

#9 2009-01-08 23:26:17

Re: [SOLVED-unhappily] can't access httpd server externally

#10 2009-01-08 23:32:18

Re: [SOLVED-unhappily] can't access httpd server externally

#11 2009-01-09 00:05:47

Re: [SOLVED-unhappily] can't access httpd server externally

#12 2009-01-09 00:56:40

Re: [SOLVED-unhappily] can't access httpd server externally

#13 2009-01-09 14:37:09

Re: [SOLVED-unhappily] can't access httpd server externally

#14 2009-01-09 14:45:52

Re: [SOLVED-unhappily] can't access httpd server externally

#15 2009-01-09 15:22:44

Re: [SOLVED-unhappily] can't access httpd server externally

#16 2009-01-10 00:24:25

Re: [SOLVED-unhappily] can't access httpd server externally

#17 2009-01-10 20:52:24

Re: [SOLVED-unhappily] can't access httpd server externally

#18 2009-01-12 01:31:12

Re: [SOLVED-unhappily] can't access httpd server externally

#19 2009-01-12 16:50:49

Re: [SOLVED-unhappily] can't access httpd server externally

Board footer