Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've installed RHEL 4 and I've installed apache 2. I'm having problems accessing it from outside the local domain.
All the clients on the local network get served with pages from apache. I've commented out the restrictions in hosts.allow and hosts.deny and checked that they arent blocking anything. I've also flushed iptables and stopped the service from running. Still nothing though.
Doing a netstat shows me that port 80 is open and is listening.
I also have tomcat running on port 8080 and thats visable from outside the local domain (so DNS is working). So I'm sure its a configuration problem. Also, we do not have any restrictions on the network.
I've also set SELinux to permissive in case it was stopping the pages from being served.
I've installed RHEL 4 and I've installed apache 2. I'm having problems accessing it from outside the local domain.
All the clients on the local network get served with pages from apache. I've commented out the restrictions in hosts.allow and hosts.deny and checked that they arent blocking anything. I've also flushed iptables and stopped the service from running. Still nothing though.
Doing a netstat shows me that port 80 is open and is listening.
I also have tomcat running on port 8080 and thats visable from outside the local domain (so DNS is working). So I'm sure its a configuration problem. Also, we do not have any restrictions on the network.
I've also set SELinux to permissive in case it was stopping the pages from being served.
Any help would be much appreciated.
Thanks,
Tony.
when you say "outside the local domain" do you mean via the Internet??
if so, are you sure your ISP isn't blocking TCP port 80??
I tried starting Apache on port 90 and I still wasnt getting Access, so I started it on port 9090 and I can view the web pages on this port. I think I vaguely remeber linux having tighter control over the first 1024 ports, could it be something to do with this? ICMP packets are blocked on the network so ping, traceroute (tracert) will not give me any info.
I tried starting Apache on port 90 and I still wasnt getting Access, so I started it on port 9090 and I can view the web pages on this port. I think I vaguely remeber linux having tighter control over the first 1024 ports, could it be something to do with this? ICMP packets are blocked on the network so ping, traceroute (tracert) will not give me any info.
make it listen on 80 and then post the output of these:
Code:
netstat -an | grep "LISTEN "
Code:
iptables -L -n -v
yes, ports up to 1024 are privilaged, which means only root can listen on them... so what daemons usually do is they start as root to bind to the privilaged port but then immediately switch to a non-root user for greater security...
perhaps you are starting apache as a non-root user instead of root??
if it's still not working after running the above script, then i don't really have any good ideas (maybe someone else does)... although considering it works fine on non-privilaged ports it does indeed sound like a permissions issue... perhaps something with inetd??
also, are you 100% sure that the port 80 shown on netstat is indeed apache and not something else?? on second thought, that's unlikely, as you'd get an error from apache saying it couldn't bind to the port cuz the port was busy or something...
let me know how it goes with the fresh iptables rules...
I ran that script and it ran fine, but I still wasnt getting access to the webserver from the internet. Even if i completely turn iptables off. I still dont get served any webpages from the internet. Is there a command that I can run to make sure apache is starting off as root. I tried
'su root -c "/usr/local/apache/bin/apachectl start"' and it seemed to start apache as root.
Would it be possible to have apache running on port 9090 (or some other port that is not privelidged) and then use iptables to forward the packet to this port?
Thats the only work around that I can think of at the moment.
Has anyone else got any idea's about whats happening here?
I ran that script and it ran fine, but I still wasnt getting access to the webserver from the internet. Even if i completely turn iptables off. I still dont get served any webpages from the internet. Is there a command that I can run to make sure apache is starting off as root. I tried
'su root -c "/usr/local/apache/bin/apachectl start"' and it seemed to start apache as root.
the ps output you posted shows that the parent process is indeed owned by root...
Quote:
Would it be possible to have apache running on port 9090 (or some other port that is not privelidged) and then use iptables to forward the packet to this port?
Thats the only work around that I can think of at the moment.
i'm not sure... i was thinking about the REDIRECT target (typcially used for transparent proxies), but i think it only works in the PREROUTING chain...
i don't understand if your webserver is on other machine .. if is on the other machine .. u need use iptable -t nat -A PROTSROUING for redirct tcp connectio, and the machine must have real ip if is private ip u must have redirect pot on the router or the isp !
The server does have a real IP Address. We have all our servers/web servers in the same VLAN and all the other servers in the VLAN are accessable from the internet, which means port 80 cannot be blocked.
I have disabled SELinux completely and I'm still getting the same. I'm not sure whats going on here.
let's say from local machine is u have response .. try links 127.0.0.1 to see if someting is hapening then if all is op try to use iptables -F INPUT and iptables -F OUTPUT with this 2 roule erased u shuld conect even from internet .. but the bisrt thing u must know u can open a page from local machine
[root@router ~]# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to router.topallnet.ro (127.0.0.1).
Escape character is '^]'.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.