LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 09-09-2005, 11:34 AM   #1
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Rep: Reputation: 15
Apache2 broken after updates - not responding


Hi

I have had apache2, php and mysql running nicely on an Ubuntu 5.04 server. When I set it up, I setup all of the above before doing the critical updates. It worked fine. I am running moregroupware - it was behaving fine. Then I applied the critical updates and it has stopped functioning.

ps -e shows apache2 is running, as is mysqld. Problem is that nothing connects to port 80 - either another PC or the server itself.

netstat -an shows the following:

tcp6 0 0 :::80 :::* LISTEN

Sadly I have no idea if this is right or not as I never needed to look at it before.

The server is internal facing only, has no direct internet connection and so had no firewall running. I have subsequently put one on in case it was a "patch" that blocked port 80, but it still is not functional.

***Just tried http://127.0.0.1 and it works. It will not work for the ip address (192,168.0.100). Still unsure where it has gone wrong, but at least apache is working (as is mysql and php).

Nothing too unusual in the logs. Apache log says:

[Fri Sep 09 16:46:05 2005] [notice] caught SIGTERM, shutting down
[Fri Sep 09 16:48:09 2005] [notice] Apache/2.0.53 (Ubuntu) PHP/4.3.10-10ubuntu4.1 configured -- resuming normal operations

This happens in the logs quite regularly but doesn't look like a crash. It isn't me shutting it down or rebooting.

I've googled for this problem after an ubuntu update, but can't find anything.

Could someone guide me towards getting apache working again?

Thanks

Last edited by mazzo; 09-12-2005 at 11:43 AM.
 
Old 09-09-2005, 02:00 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
I'd guess it is because you have ipv6 enabled and probably don't mean to.

Try following these steps:
http://ubuntuforums.org/archive/index.php/t-6841.html
 
Old 09-10-2005, 06:02 PM   #3
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
Thanks. Away from the office now, so will try on Monday!
 
Old 09-12-2005, 04:56 AM   #4
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
Unfortunately it has made no difference.

Still works on the PC itself if I use http://127.0.0.1

It's as if Apache isn't binding to port 80, but I don't know why.

netstat -an now gives:

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
 
Old 09-12-2005, 01:56 PM   #5
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
What error message do you actually get?

Do you have any firewall rules in place?
iptables -nL
 
Old 09-13-2005, 05:00 AM   #6
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
Oddly, there aren't any error messages! If I check the apache.log or the error.log there's nothing.

apache.log shows that I have accesses via 127.0.0.1

There was no firewall originally before it stopped, so I thought the update might have closed some ports. I put a firewall in place and opened the ports - I even tried with no firewall running.

I added additional lines to ports.conf (Listen 8000). Still didn't work!

Apache, php and mysql are all working ok via localhost, but no response on port 80 at all.

iptables -nL (only refs to port 80)

state RELATED, ESTABLISHED

ACCEPT all .. 10.0.0.0 0.0.0.0/0
ACCEPT tcp .. 10.0.0.0 0.0.0.0/0 tcp dpt:80
ACCEPT upd .. 10.0.0.0 0.0.0.0/0 upd dpt:80
LS al .. 0.0.0.0/0 0.0.0.0/0

I have changed the above also to give http access to all:

state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
LS all -- 0.0.0.0/0 0.0.0.0/0

No difference!

Thanks

Last edited by mazzo; 09-13-2005 at 05:25 AM.
 
Old 09-13-2005, 01:20 PM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
If there is no error then what does the browser do? It should eventually time out at least.

Without seeing the full ruleset I couldn't really tell much about the firewall.
 
Old 09-13-2005, 07:10 PM   #8
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
Sorry David. It does time out.

If you wish (and I'm at home again) I will post the full firewall rule set. Is that what you mean you need?

Thanks
 
Old 09-14-2005, 06:37 AM   #9
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
David

I might have found the problem - but I'm not sure why/how it happened and how to sort it out.

route gives me:

Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
default 10.0.0.4 0.0.0.0 UG 0 0 0 eth0

10.0.0.4 is our own internal squid proxy on another server. There is absolutely no mention in the route table of the apache server's ip (10.0.1.1) unless localnet includes that address.

I think it should be in there as a 10.0.0.0 entry - as it's not, I guess that's why even on the apache server I cannot connect to 10.0.1.1

I have now managed to get the browser on the server to access 10.0.1.1 and that works to as well as 127.0.0.1 Still nothing available to any other pc. I have removed iptables and re-installed it. Open ports 80 to all -and still nothing.

I cannot ssh into the box either. It has to be some routing issue or firewall. I can't see how it could be firewall if I totally removed it (as in the package itself).

Still very much scratching my head on this one.

You wanted the firewall rules. Here they are:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.0.0.4 0.0.0.0/0 tcp flags:!0x16/0x02
ACCEPT udp -- 10.0.0.4 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
NR all -- !10.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 10.0.0.255
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
LS all -f 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
INBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown '

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown '

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.0.0.99 10.0.0.4 tcp dpt:53
ACCEPT udp -- 10.0.0.99 10.0.0.4 udp dpt:53
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
OUTBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown '

Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT all -- 10.0.0.0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
ACCEPT tcp -- 10.0.0.4 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 10.0.0.4 0.0.0.0/0 udp dpt:22
LS all -- 0.0.0.0/0 0.0.0.0/0

Chain LS (91 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain NR (1 references)
target prot opt source destination
LS all -- 0.0.0.0/8 10.0.0.0/8
LS all -- 1.0.0.0/8 10.0.0.0/8
LS all -- 2.0.0.0/8 10.0.0.0/8
LS all -- 5.0.0.0/8 10.0.0.0/8
LS all -- 7.0.0.0/8 10.0.0.0/8
LS all -- 10.0.0.0/8 10.0.0.0/8
LS all -- 23.0.0.0/8 10.0.0.0/8
LS all -- 27.0.0.0/8 10.0.0.0/8
LS all -- 31.0.0.0/8 10.0.0.0/8
LS all -- 36.0.0.0/8 10.0.0.0/8
LS all -- 37.0.0.0/8 10.0.0.0/8
LS all -- 39.0.0.0/8 10.0.0.0/8
LS all -- 41.0.0.0/8 10.0.0.0/8
LS all -- 42.0.0.0/8 10.0.0.0/8
LS all -- 49.0.0.0/8 10.0.0.0/8
LS all -- 50.0.0.0/8 10.0.0.0/8
LS all -- 71.0.0.0/8 10.0.0.0/8
LS all -- 72.0.0.0/8 10.0.0.0/8
LS all -- 73.0.0.0/8 10.0.0.0/8
LS all -- 74.0.0.0/8 10.0.0.0/8
LS all -- 75.0.0.0/8 10.0.0.0/8
LS all -- 76.0.0.0/8 10.0.0.0/8
LS all -- 77.0.0.0/8 10.0.0.0/8
LS all -- 78.0.0.0/8 10.0.0.0/8
LS all -- 79.0.0.0/8 10.0.0.0/8
LS all -- 89.0.0.0/8 10.0.0.0/8
LS all -- 90.0.0.0/8 10.0.0.0/8
LS all -- 91.0.0.0/8 10.0.0.0/8
LS all -- 92.0.0.0/8 10.0.0.0/8
LS all -- 93.0.0.0/8 10.0.0.0/8
LS all -- 94.0.0.0/8 10.0.0.0/8
LS all -- 95.0.0.0/8 10.0.0.0/8
LS all -- 96.0.0.0/8 10.0.0.0/8
LS all -- 97.0.0.0/8 10.0.0.0/8
LS all -- 98.0.0.0/8 10.0.0.0/8
LS all -- 99.0.0.0/8 10.0.0.0/8
LS all -- 100.0.0.0/8 10.0.0.0/8
LS all -- 101.0.0.0/8 10.0.0.0/8
LS all -- 102.0.0.0/8 10.0.0.0/8
LS all -- 103.0.0.0/8 10.0.0.0/8
LS all -- 104.0.0.0/8 10.0.0.0/8
LS all -- 105.0.0.0/8 10.0.0.0/8
LS all -- 106.0.0.0/8 10.0.0.0/8
LS all -- 107.0.0.0/8 10.0.0.0/8
LS all -- 108.0.0.0/8 10.0.0.0/8
LS all -- 109.0.0.0/8 10.0.0.0/8
LS all -- 110.0.0.0/8 10.0.0.0/8
LS all -- 111.0.0.0/8 10.0.0.0/8
LS all -- 112.0.0.0/8 10.0.0.0/8
LS all -- 113.0.0.0/8 10.0.0.0/8
LS all -- 114.0.0.0/8 10.0.0.0/8
LS all -- 115.0.0.0/8 10.0.0.0/8
LS all -- 116.0.0.0/8 10.0.0.0/8
LS all -- 117.0.0.0/8 10.0.0.0/8
LS all -- 118.0.0.0/8 10.0.0.0/8
LS all -- 119.0.0.0/8 10.0.0.0/8
LS all -- 120.0.0.0/8 10.0.0.0/8
LS all -- 121.0.0.0/8 10.0.0.0/8
LS all -- 122.0.0.0/8 10.0.0.0/8
LS all -- 123.0.0.0/8 10.0.0.0/8
LS all -- 124.0.0.0/8 10.0.0.0/8
LS all -- 125.0.0.0/8 10.0.0.0/8
LS all -- 126.0.0.0/8 10.0.0.0/8
LS all -- 127.0.0.0/8 10.0.0.0/8
LS all -- 169.254.0.0/16 10.0.0.0/8
LS all -- 172.16.0.0/12 10.0.0.0/8
LS all -- 173.0.0.0/8 10.0.0.0/8
LS all -- 174.0.0.0/8 10.0.0.0/8
LS all -- 175.0.0.0/8 10.0.0.0/8
LS all -- 176.0.0.0/8 10.0.0.0/8
LS all -- 177.0.0.0/8 10.0.0.0/8
LS all -- 178.0.0.0/8 10.0.0.0/8
LS all -- 179.0.0.0/8 10.0.0.0/8
LS all -- 180.0.0.0/8 10.0.0.0/8
LS all -- 181.0.0.0/8 10.0.0.0/8
LS all -- 182.0.0.0/8 10.0.0.0/8
LS all -- 183.0.0.0/8 10.0.0.0/8
LS all -- 184.0.0.0/8 10.0.0.0/8
LS all -- 185.0.0.0/8 10.0.0.0/8
LS all -- 186.0.0.0/8 10.0.0.0/8
LS all -- 187.0.0.0/8 10.0.0.0/8
LS all -- 189.0.0.0/8 10.0.0.0/8
LS all -- 190.0.0.0/8 10.0.0.0/8
LS all -- 192.0.2.0/24 10.0.0.0/8
LS all -- 192.168.0.0/16 10.0.0.0/8
LS all -- 197.0.0.0/8 10.0.0.0/8
LS all -- 198.18.0.0/15 10.0.0.0/8
LS all -- 223.0.0.0/8 10.0.0.0/8
LS all -- 224.0.0.0/3 10.0.0.0/8

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

You can see I have specifically allowed 10.0.0.4 access through ssh (which doesn't work).

Any help on this would be very gratefully received!

Last edited by mazzo; 09-14-2005 at 10:25 AM.
 
Old 09-14-2005, 01:48 PM   #10
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 65
You should see the numeric version of route if you add a "-n" argument. I'm surprised the loopback address works though as it doesn't show in the routing table.

Your firewall ruleset looks rather complex and doesn't make sense in some places like the OUTPUT chain where you accept all for everywhere then drop all for everwhere later on.

Have you tried completely flushing the rules to accept all connections in order to eliminate it as a possibility:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
 
Old 09-15-2005, 08:12 AM   #11
mazzo
Member
 
Registered: Jun 2003
Location: Thames Valley, UK
Distribution: RedHat from 5 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux
Posts: 136

Original Poster
Rep: Reputation: 15
Sorted!

The rules must have been doing something wrong. Flushed them - it works. For the timebeing I will leave the firewall off, but then manually config later.

Thank you for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSE 10.0, Apache2, MySQL, PHP ? petelogan Suse/Novell 4 10-28-2005 11:14 AM
Apache2, MySQL & PHP Web Server. FTP Needed! Bobson Linux - Networking 4 02-07-2005 05:25 PM
Solution to ALL MySQL, PHP, Apache2 problems in SuSE SuSE_fan Linux - Software 5 06-03-2004 09:07 AM
Redhat 9's autotools broken for apache, mysql, php? rylan76 Linux - Software 0 04-15-2004 04:48 PM
AS 3 w/ PHP, MySQL, and Apache2 pollardw Red Hat 1 02-23-2004 09:47 PM


All times are GMT -5. The time now is 12:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration