LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 07-03-2006, 09:29 PM   #1
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Rep: Reputation: 31
Question Running Apache on a non-standard port


I'm running Apache 1.3.36 on FreeBSD 6.1-STABLE. I've just moved and had to change ISPs from Time Warner Cable to Optimum Online/Cablevision, who blocks user server access on standard server ports, such as 80 for HTTP servers (and 8080 for that matter).

I've changed the port values from 80 to a non-standard port for each of the following parameters in /usr/local/etc/apache/httpd.conf:
Listen
Port
NameVirtualHost
VirtualHost (2 instances, for each of 2 virtual hosts)

After changing the parameters, I created a network address translation entry on my router to forward any incoming traffic on port 80 to the non-standard port. After doing this, I restarted the Apache httpd daemon.

But I must be missing something: before I changed the port, I could access the site internally from my LAN, but not from the WAN/Internet (because of the ISP port 80 block). After changing the port, I can't access the site from anywhere, not even from the machine that's hosting the site, unless I specifically add the new port number to the URL. I'm not able to test from the WAN side due to an issue with my router that doesn't allow me to test my own site, but I assume it's the same from there (I'd be glad to give the URL if anyone's willing to try).

What am I missing? Is there another Apache parameter, or something else I can do to use the non-standard port yet make it transparent to users? I'm not running a firewall on the FreeBSD machine, and nmap reports the new port as "open unknown"

Thanks for your help.
 
Old 07-04-2006, 12:51 AM   #2
tgo
Member
 
Registered: Dec 2004
Posts: 125

Rep: Reputation: 15
If you dont want to have to do someting like yoursite.com:88 everytime then you could run the server all https:// and then all your links would have to point to the secure site since most ips dont block incoming 443.

If you dont like that option there are redirection services like no-ip.org that will forward yourname.no-ip.org ( or you can buy a full domain ) to a iport combo for you.
 
Old 07-04-2006, 01:56 AM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You should be able to redirect port 80 to , say, port 88 using iptables, something along the lines of

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-port 88

Otherwise, it may be simpler toi leave Apache listening on port 80, and do the redirect for external traffic only. External users will still have to add the :88 at the end of the address though

Last edited by billymayday; 07-04-2006 at 01:58 AM.
 
Old 07-04-2006, 11:38 AM   #4
tgo
Member
 
Registered: Dec 2004
Posts: 125

Rep: Reputation: 15
Quote:
Originally Posted by billymayday
You should be able to redirect port 80 to , say, port 88 using iptables, something along the lines of

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.1.1 --dport 80 -j REDIRECT --to-port 88

Otherwise, it may be simpler toi leave Apache listening on port 80, and do the redirect for external traffic only. External users will still have to add the :88 at the end of the address though
If he cant accept connections on port 80 incoming then would the external requests ever even hit that iptables rule? port 80 is probably blocked by a router in front of him on the network path by the isp.
 
Old 07-04-2006, 11:49 AM   #5
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by tgo
If he cant accept connections on port 80 incoming then would the external requests ever even hit that iptables rule? port 80 is probably blocked by a router in front of him on the network path by the isp.
Right: I believe any external traffic to port 80 at my IP is blocked by the ISP before it gets here.

I am certain that I used to be able to route incoming port 80 traffic at my router to another, non-standard port... but it doesn't seem to be working now. I have a domain name, and I use Zone Edit (which is a great, free service) to perform other functions, such as DNS resolution and mail forwarding... is there something else I could do to route web traffic from 80 to another port, before it hits my IP?

Last edited by deesto; 07-04-2006 at 12:02 PM.
 
Old 07-04-2006, 06:59 PM   #6
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Agreed - that was why I popped the second thought down - redirect external 88 to internal 80.

I don't think you can redirect from zoneedit, but you could ask them.

Have you asked the ISP if they can open 80, because otherwise you may have to change ISP.


Rgds


Bill
 
Old 07-04-2006, 09:58 PM   #7
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
The ISP won't unblock server ports unless the subscriber wants to pay more for an "upgraded" package, which claims to offer faster speeds (but doesn't) and opens up common server ports.

Zone Edit may offer a solution:
http://www.zoneedit.com/doc/faq.html#faq24

I've done as they suggest but it doesn't seem to be working... maybe I'm still missing a final piece of this puzzle?

Last edited by deesto; 07-04-2006 at 10:00 PM.
 
Old 07-04-2006, 10:37 PM   #8
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I suspect

http://ww2.domainname:6000/

is a typo and should read

http://ww2.domainname.com:6000/

or did you pick this up?
 
Old 07-05-2006, 07:53 AM   #9
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
Yes, saw that as well; thank you though.
 
  


Reply

Tags
apache, freebsd, port


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd on non-standard port baronsam Linux - Networking 3 08-21-2006 03:40 PM
Proftp with non standard port ryedunn Linux - Software 5 04-08-2006 10:36 PM
Using an USB port as a standard DB9 Serial Port Lsteele Linux - Newbie 1 10-22-2005 09:48 AM
VNC on non-standard port king_scott_2 Linux - Software 2 07-19-2005 07:25 AM
stealth port 80 while running apache web server? TheOneAndOnlySM Linux - General 3 04-24-2004 08:52 AM


All times are GMT -5. The time now is 05:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration