LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 02-04-2010, 08:21 PM   #1
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Rep: Reputation: 17
Unable to connect to Apache at home from outside


I'm running Slackware 13. Apache has been configured and running. That is to say, I can access the server pages on my machine locally using the current DHCP IP address.

However I'm unable to access it from outside (say from a friends's house) using the same DHCP IP address. I read on the internet somewhere that some DSL providers disable port 80 to prevent individuals from hosting. I don't know if that's the case but I did try specifying different ports in httpd.conf and added the port number to the IP address URL but still didn't work.
Code:
Listen 80
Listen 300
I saw some LQ threads which said that the problem could be in the firewall. I don't think I have a firewall but I'm not sure. How do I know that?

I'm just trying some stuff without much concern for security at this point. I understand that a DHCP address can change but for now I don't mind entering the IP address explicitly.

Any suggestions would be much appreciated.

Thanks in advance,

Ash.
 
Old 02-04-2010, 08:57 PM   #2
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,216

Rep: Reputation: 131Reputation: 131
DHCP IP address, which is given by your local network devices or are you talking about dynamic public IP which is assigning by your ISP? if you want to run webserver you need static public IP and you should ask your ISP to open relevant ports(80, 443, etc), I believe for these you should pay some additional money to your ISP rather than these there are some other alternatives, if your network devices(broadband router)support with NAT and DMZ you can NAT local webserver ip and port with your dynamic public IP or otherwise you can try with dyndns
 
Old 02-05-2010, 12:50 PM   #3
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by kirukan View Post
DHCP IP address, which is given by your local network devices or are you talking about dynamic public IP which is assigning by your ISP?
It's the dynamic public IP given by the ISP.

Quote:
Originally Posted by kirukan View Post
if you want to run webserver you need static public IP and you should ask your ISP to open relevant ports(80, 443, etc), I believe for these you should pay some additional money to your ISP
Does it have to be a static IP? With a dynamic IP as long as I know the current assigned IP, it should work right?

Is there a way to tell if the port 80 (or any other for that matter) is being blocked?

Quote:
Originally Posted by kirukan View Post
rather than these there are some other alternatives, if your network devices(broadband router)support with NAT and DMZ you can NAT local webserver ip and port with your dynamic public IP or otherwise you can try with dyndns
Could you please elaborate on NAT and DMZ? I'm not familiar with it.

Regards,

Ash.
 
Old 02-05-2010, 03:11 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,058

Rep: Reputation: 295Reputation: 295Reputation: 295
You don't strictly have to have a public IP, but it helps. NAT (Network Address Translation) is the usual method of sharing one IP amongst multiple computers, e.g. when multiple computers in a house connect to a single DSL or cable line. What happens is that all the computers behind the router get private (RFC1918) address. The are 192.168.x.x, part of the 172.16.x.x range, and all of the 10.x.x.x range. The router has a public IP address and routes traffic between the private, internal network and the Internet. Traffic from the Internet cannot reach the internal network directly, and RFC1918 addresses are not routable. You should check and make sure that the IP address of your server is really public. Perhaps you have a combined modem/router that is issuing your box a private IP address. Or perhaps you have iptables running on your Linux box and blocking traffic ... have you checked this?
 
Old 02-14-2010, 01:17 PM   #5
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
You need to log into your cable/DSL router and forward all port 80 (http) requests to the internal ip address of your server. Sometimes they call it application or game sharing, but it is port forwarding. You may have a setting for Dynamic DNS too, so you can get a free domain name to use that always points at your server.
Who is your ISP and do you have cable or xDSL ?
 
Old 02-14-2010, 01:24 PM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,468

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Also make sure your provider doesn't block port 80 on dynamic IP's
 
Old 02-15-2010, 09:31 PM   #7
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by btmiller View Post
NAT (Network Address Translation) is the usual method of sharing one IP amongst multiple computers, e.g. when multiple computers in a house connect to a single DSL or cable line. What happens is that all the computers behind the router get private (RFC1918) address. The are 192.168.x.x, part of the 172.16.x.x range, and all of the 10.x.x.x range. The router has a public IP address and routes traffic between the private, internal network and the Internet. Traffic from the Internet cannot reach the internal network directly, and RFC1918 addresses are not routable. You should check and make sure that the IP address of your server is really public. Perhaps you have a combined modem/router that is issuing your box a private IP address. Or perhaps you have iptables running on your Linux box and blocking traffic ... have you checked this?
Thanks for the information. Now I realize that I have a private IP 10.x.x.x.

Quote:
Originally Posted by btmiller View Post
You don't strictly have to have a public IP, but it helps.
Given that I don't have a public IP, what are my alternatives? I don't have a separate router. My computer is just connected to the port in the wall.

Thanks and regards,

Ash.
 
Old 02-16-2010, 06:48 AM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,778
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Quote:
Thanks for the information. Now I realize that I have a private IP 10.x.x.x.
Are you getting that from your ISP? If so, you've pretty much got an insolvable problem as you would have to have your ISP do some port forwarding, and odds are they aren't going to do that.

Quote:
I don't have a separate router. My computer is just connected to the port in the wall.
OK, this doesn't make a lot of sense. There has to be SOMETHING that connects you to your ISP since all ISPs require some sort of "modem". Can we ask who your ISP is and what kind of connection it is?
 
Old 02-16-2010, 01:42 PM   #9
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by Hangdog42 View Post
Are you getting that from your ISP? If so, you've pretty much got an insolvable problem as you would have to have your ISP do some port forwarding, and odds are they aren't going to do that.
Yes, I'm getting it from an ISP.


Quote:
Originally Posted by Hangdog42 View Post
OK, this doesn't make a lot of sense. There has to be SOMETHING that connects you to your ISP since all ISPs require some sort of "modem". Can we ask who your ISP is and what kind of connection it is?
Maybe the port in the wall connects to a router/modem somewhere in the building which I don't have access to. I supposedly have Comcast Business which basically serves all the apartments in a building.
 
Old 02-16-2010, 02:37 PM   #10
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,778
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Quote:
Maybe the port in the wall connects to a router/modem somewhere in the building which I don't have access to. I supposedly have Comcast Business which basically serves all the apartments in a building.
That actually sounds like it might be right. I know Comcast doesn't hand out private IP addresses to its residential customers so it certainly isn't doing so to its business customers. One way to test would be to go to a site like http://www.whatismyip.com and see what your "real" IP address is.

If your building manager is amenable to it, you might ask them to forward a non-standard port to port 80 on your server. For example, if you could talk them into forwarding port 4080 to 80 on your server, you could get to your server using http://your.ip.address:4080. Of course this makes the assumption your building manager actually knows their ports from the IP addresses. I suspect they're just going to say no, in which case, you are out of luck.

Last edited by Hangdog42; 02-16-2010 at 02:38 PM.
 
Old 02-16-2010, 02:38 PM   #11
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,468

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Go to
http://www.whatismyip.com
to find your external IP
Then use a online portscanner to see if port 80 is open on the router.
If you don't have access to the router, I don't think you will be able to setup a webserver.
 
Old 02-16-2010, 07:38 PM   #12
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by Hangdog42 View Post
If your building manager is amenable to it, you might ask them to forward a non-standard port to port 80 on your server. For example, if you could talk them into forwarding port 4080 to 80 on your server, you could get to your server using http://your.ip.address:4080.
The "your.ip.address" in http://your.ip.address:4080 would actually be the public external ip address right?

Quote:
Originally Posted by repo View Post
Go to
http://www.whatismyip.com
to find your external IP
Then use a online portscanner to see if port 80 is open on the router.
If you don't have access to the router, I don't think you will be able to setup a webserver.
It appears that none of the standard ports are open on the router.

Oh well, at least I better understand what's going on. Thank you all.

Last edited by ash_zz_00; 02-16-2010 at 07:50 PM.
 
Old 02-16-2010, 08:42 PM   #13
MC10
LQ Newbie
 
Registered: Feb 2010
Posts: 5

Rep: Reputation: 0
Yes, probably port 80 is blocking access to the internet. http://127.0.0.1/ (or equivalently http://localhost/) only applies to the local machine, and cannot be accessed from another machine.
 
0 members found this post helpful.
Old 02-17-2010, 07:23 AM   #14
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,778
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Quote:
The "your.ip.address" in http://your.ip.address:4080 would actually be the public external ip address right?
Yeah, that would be the IP address that the building router gets from Comcast.

Quote:
It appears that none of the standard ports are open on the router.
That wouldn't be surprising, and wouldn't be of any use to you even if they were. If you want to access your computer from outside your building, you absolutely, positively have to have the cooperation of whoever owns the router connected directly to Comcast.
 
Old 03-08-2010, 09:57 PM   #15
ash_zz_00
Member
 
Registered: Aug 2009
Distribution: Slackware 13.0
Posts: 66

Original Poster
Rep: Reputation: 17
The building owner is trying to help with port forwarding, but has security concerns that someone could reach my computer through the forwarded port and now has access to the private network and wreck havoc.

Are there ways to minimize it?
E.g. Is it possible for port forwarding to limit it to one or two external IP addresses? That is, if I know that I will be accessing from one or two external machines, and if the router only forwards requests from these known IP addresses, it might be an acceptable compromise.

Thanks,

Ashok.
 
  


Reply

Tags
apache, dhcp, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to connect my home pc and work pc chetan_linux Linux - Networking 2 08-06-2008 12:28 PM
Linux unable to connect to my new home LAN tallmtt Linux - Networking 5 03-07-2008 02:11 PM
Apache - unable to connect, ssh ok feltdd Linux - Software 5 05-18-2006 04:03 PM
LAN Hosts unable to connect to Apache 2.0.40-21.11 Bedwig Linux - Newbie 6 02-14-2006 05:23 AM
apache unable to access /home/*/public_html directory cavemanf16 Linux - Software 6 07-08-2004 05:43 AM


All times are GMT -5. The time now is 05:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration