apache 2.0 RH9

siphi · 12-06-2003, 05:57 PM

Hi I'm hosting my own little webserver for transfering files to friends online and i'm after running into a problem. I can view my website from this machine by going to http://localhost/ but my friend can't acess the page from his box with http://myip/

What could be wrong?

Thanks

siphi · 12-07-2003, 06:55 AM

anyone?

druuna · 12-07-2003, 06:57 AM

The reason for this happening can have more then one cause.

1) Take a look at the Listen and ServerName directives in your httpd.conf. Are these correct?
2) Is your firewall blocking incomming (http/80, https/443) connections?

Just 2 reasons that come to mind.

siphi · 12-07-2003, 07:19 AM

Ok I've checked the Listen and ServerName Settings and they are ok.
HOw do i check the firewall?

druuna · 12-07-2003, 07:31 AM

I don't know if (and if so which) firewall you are using.

iptables (and the 'older' ipchains) are the one's used most frequently. If you are using one of these try something like:

$ iptables -L -n | grep dpt

There will be entries starting with ACCEPT and DENY (maybe even LOG). A combo of DENY, 0.0.0.0/0 your IP (outside, not the 192.168.x.y one) and dpt:80 tells you that http acces is not allowed.

But it also depends on the way iptables was set up. So your output might not hold the info you are looking for.

siphi · 12-07-2003, 07:34 AM

ACCEPT udp -- 66.187.233.4 0.0.0.0/0 udp spt:123 dpt:123
ACCEPT udp -- 66.187.233.4 0.0.0.0/0 udp spt:123 dpt:123
ACCEPT udp -- 193.193.165.21 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 193.193.165.20 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable

this is what came up. No sign of port 80 being blocked is there?

Edit: My iptables was set up when i installed redhat9 and im not sure what way it was done.

druuna · 12-07-2003, 07:46 AM

Nope, no port 80, which tells you that it is blocked

The normal way of setting up iptables is to 'block everything unless stated different'. You do not have a rule that allows incomming traffic on port 80, so it is blocked.

Your next question might be "How do I add this rule?"

There are many ways to set up an iptables firewall, so the following might not work for you:

iptables -A INPUT -p tcp -i ppp0 -d 1.2.3.4 --dport http -m state --state NEW -j ACCEPT

1.2.3.4 being the IP address that you ISP gave you.

If you enter this from the commandline, the rule will be lost after the next reboot. Find the script/config file that is used by iptables on startup and add it there after you confirmed this will work for you.

siphi · 12-07-2003, 07:54 AM

My friend still has no luck viewing it. Can you try so that i'll know if its his problem or mine. http://193.193.168.140 It should have my website on it. Ps. I can view the site from that link.

druuna · 12-07-2003, 08:09 AM

No luck on this side.

No http, no ftp, no ssh. All 'connection refused' or 'could no connect to'. I am able to ping you.

Does Cablesurf allow local hosted webpages??

siphi · 12-07-2003, 08:13 AM

yeah. Its a small host of about 700 users on a 250meg line. So they dont really care what you do with the connection. Ill put up the iptables thing after i did that allow command.

ACCEPT tcp -- 0.0.0.0/0 193.193.168.140 tcp dpt:80 state NEW
ACCEPT udp -- 66.187.233.4 0.0.0.0/0 udp spt:123 dpt:123
ACCEPT udp -- 66.187.233.4 0.0.0.0/0 udp spt:123 dpt:123
ACCEPT udp -- 193.193.165.21 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 193.193.165.20 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable