Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Rep:
Apache DNS not recognised - config help requested
Hi,
Just finishing off setting up a server, and am having trouble getting Apache to recognise the domain name I've been assigned (statsmail.trehtcancer.nhs.uk).
Initially I was getting the following errors in the logs...
Code:
[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received. Doing graceful restart
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for
ServerName
So I added 'ServerName statsmail.trentcancer.nhs.uk' to /etc/apache2/httpd.conf and also /etc/apache2/apache2.conf, and restarted the server and the error message has gone...
Code:
[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received. Doing graceful restart
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for
ServerName
[Tue Oct 06 08:26:38 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations
[Tue Oct 06 09:27:55 2009] [notice] caught SIGTERM, shutting down
[Tue Oct 06 09:27:55 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations
[Tue Oct 06 10:06:02 2009] [notice] caught SIGTERM, shutting down
[Tue Oct 06 10:06:03 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations
But connections just time out now when I point the browser at the address, despite the fact I can see it on localhost *i.e. 127.0.1.1).
I think I'm missing something in the configuration though because it Apache doesn't appear to be listening on the Foreign Address as netstat shows...
Code:
root@miles:/etc/apache2# netstat netstat -a -tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:www *:* LISTEN 3368/apache2
tcp 0 0 localhost:ipp *:* LISTEN 3556/cupsd
tcp 0 0 *:smtp *:* LISTEN 29230/master
tcp 0 1 miles.local:45380 statsmail.trentcanc:www SYN_SENT 28248/firefox
tcp6 0 0 [::]:smtp [::]:* LISTEN 2160/sshd
Any pointers on where I might have gone wrong would be appreciated (can post config files if required). Feels like I'm so close, but not quite there!
apache listens on all the available interfaces as it's shown by the "*" in the netstat output. I guess you have to add an entry in /etc/hosts like this:
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Original Poster
Rep:
Forgot to add that I'd seen that mentioned in another thread in these forums and have the following already in there...
Code:
10.211.48.240 statsmail.trentcancer.nhs.uk
Restarted apache and still no dice.
There's no firewall in place on the local machine either...
Code:
root@miles:/etc/apache2# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
But this computer has been placed in a DMZ, and strangely the IP address that ifconfig reports is not the same as that which www.whatismyipaddress.com reports and I've been told the computer is configured as (purposefully omitted loopback btw)...
I've been told the computers been setup with DNS as statsmail.trentcancer.nhs.uk and nslookup reports a different IP associated with this address (its reporting the same as www.whatismyipaddress.com)
The DNS administrator here at the place I work has told me that port 80 isn't blocked at all (nor is 25), although given he doesn't appear to have read 80% of each of the emails I've sent him I get the impression he's not too up to speed on what I'm trying to do or how to set it up properly at his end.
So the ip of the box is 192.168.2.22. Can you access http://192.168.2.22 from the same box running apache?
If you can, I guess it's a problem with ip_forwarding from 10.211.48.240 --> 192.168.2.22 assuming that there is no firewall in between.
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Original Poster
Rep:
Quote:
Originally Posted by bathory
So the ip of the box is 192.168.2.22. Can you access http://192.168.2.22 from the same box running apache?
If you can, I guess it's a problem with ip_forwarding from 10.211.48.240 --> 192.168.2.22 assuming that there is no firewall in between.
Would it be an entry in /etc/hosts that maps one to another? (My suspicion is its not since /etc/hosts is traditionally for mapping names to IP address', no?)
Is forwarding of one IP's address's to another an aspect of the DMZ? Since the 10.211.48.240 is what this appears to the outside world, whilst within teh DMZ the server thinks its 192.168.2.22?
If everything is setup correctly in your router, you can access your server from outside your 192.168.2 network using its public ip 10.211.48.240. Try it from a computer in dmz and see what you get.
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Original Poster
Rep:
Quote:
Originally Posted by bathory
If everything is setup correctly in your router, you can access your server from outside your 192.168.2 network using its public ip 10.211.48.240. Try it from a computer in dmz and see what you get.
I'm not sure I have access to a computer on the DMZ, that itself is separate from the rest of the network here (IT are based in another building in the city).
I've contacted the guy who registered the DNS though and have asked (well basically told him, as the impression I get is that he knows less than I do, being cynical, but probably a M$-Windoze flunky) that the forwarding of requests to 10.211.48.240 isn't making it to 192.168.2.22 within the DMZ, because everything works on the server itself but not when the FQDN is used.
If you don't need your server to be accessible outside from your network, then ask the dns guy to change the ip in the dns to 192.168.2.22 and change the entry in your /etc/hosts accordingly.
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Original Poster
Rep:
Quote:
Originally Posted by bathory
If you don't need your server to be accessible outside from your network, then ask the dns guy to change the ip in the dns to 192.168.2.22 and change the entry in your /etc/hosts accordingly.
Regards
I don't think I can do that as I can't telnet to 192.168.2.22 (or 10.211.48.240 for that matter) from my computer here at work (nor ping either address) and my understanding is that the DMZ is isolated from the rest of the network.
I'll see what the IT/DNS guy comes back with, cheers for your help so far (got to head home and take my sick cat to the vets now though).
slack
Last edited by slack---line; 10-06-2009 at 09:47 AM.
FYI, 192.168.2.22 would NEVER be accessible to the outside world as this is an RFC 1918 private/reserved IP address. It may not be routed. If you are using a NAT-DMZ (Network Address Translation DMZ) they will need to forward requests for 10.211.48.240 to 192.168.2.22. Alternatively, they can place you on another subnet with direct internet access and the machine may be reconfigured as 10.211.48.240. (If you choose the latter route, I do suggest setting up a firewall at that time unless they will continue to keep you behind the corporate firewall.)
See http://en.wikipedia.org/wiki/IP_address: ip range 10.0.0.0 - 10.255.255.255 is also a reserved range.
I couldn't nslookup or ping 194.72.7.142 : is that a private server?
Distribution: Gentoo/Slackware10.0@AthlonXP2600, 1Gb RAM; Slackware9.1@Dell Latitude X300; Gentoo@Ultra10
Posts: 48
Original Poster
Rep:
Right, cheers for the pointers guys.
There is another set of firewalls in place that I was completely unaware of and it does appear as though port-forwarding isn't established correctly.
I've taken the computer out of the DMZ, put it on the local intranet and can access web-pages fine.
Apparently the people in charge of this extra firewall are "looking into the problem" (i.e. someones not in work today and I have to wait until they are back tomorrow before it can be fixed!).
Cheers for the help/pointers, kind of glad to know that its not anything I did!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.