LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   apache RH9 problem (https://www.linuxquestions.org/questions/linux-software-2/apache-rh9-problem-105875/)

ashv3524 10-19-2003 08:33 AM
apache RH9 problem
 
Hi,

I have been grappling with this problem for the last few days, would much appreciate any advice.

I have apache running on redhat9 on an internal LAN behind a cable & router. I am able to browse the website through other m/cs on the internal LAN, but get a connection refused from outside (internet). The apache server is configured to listen to all addresses on port 80, and does not have any virtual hosts configured. The error log for apache does not show anything.

I also have an ftp server on this m/c, and this works fine from external ip addresses.

Ashv

david_ross 10-19-2003 08:47 AM
A few posibilities:
1) Is this machine directly connected to the outside world or do you need to forward ports from a router etc (if so have you done this for port 80?)
2) Do you have any firewall rules in place:
iptables -L
3) Check with your ISP to see if they allow you to run a server on port 80 - some ISPs block this as it is against there aceptable use policy.

ashv3524 10-19-2003 08:58 AM
1. This m/c is not directly connected to the outside world, but it *is* sitting in the DMZ of the router that connects to the outside world. I don't have port forwarding set up for ftp, which works.
2. iptables -L shows no rules whatsoever in place.
3. called my ISP, they confirmed that they don't block port 80.

i used a net-based port scanner, this is what it showed:

Port 21 ftp is open
Port 22 ssh is open
Port 111 sunrpc is open

this was using:
http://readyadmin.com/custom/content/tools/portscan.php

I had mod_ssl installed, and it showed 443 is open. but i uninstalled it and the above is the result.

i think it is some problem with the way I have configured apache...but i have no idea what.
I appreciate your response.

david_ross 10-19-2003 09:08 AM
Can you post he output of:
netstat -nlp

ashv3524 10-19-2003 09:16 AM
Thanks for your time David!!! Here's the output of netstat -nlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1561/
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN 1679/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1542/
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3542/httpd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1891/X
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3093/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1665/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1757/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1699/
udp 0 0 0.0.0.0:1025 0.0.0.0:* 1561/
udp 0 0 0.0.0.0:68 0.0.0.0:* 1469/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 1542/
udp 0 0 0.0.0.0:631 0.0.0.0:* 1757/cupsd
udp 0 0 0.0.0.0:889 0.0.0.0:* 1561/
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 2183 1718/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2553 1968/gconfd-2 /tmp/orbit-root/linc-7b0-0-4c045efc35906
unix 2 [ ACC ] STREAM LISTENING 2561 1900/gnome-session /tmp/orbit-root/linc-76c-0-5a0911fe3ebc1
unix 2 [ ACC ] STREAM LISTENING 2323 1815/ /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2989 2007/notification-a /tmp/orbit-root/linc-7d7-0-461d6cc2f06dd
unix 2 [ ACC ] STREAM LISTENING 2660 1970/bonobo-activat /tmp/orbit-root/linc-7b2-0-550a1e7a3fc2e
unix 2 [ ACC ] STREAM LISTENING 2437 1847/ /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 2697 1977/ /tmp/.fam_socket
unix 2 [ ACC ] STREAM LISTENING 2764 1984/metacity /tmp/orbit-root/linc-7c0-0-4e6c5e378c566
unix 2 [ ACC ] STREAM LISTENING 2681 1972/gnome-settings /tmp/orbit-root/linc-7b4-0-2c820528b361d
unix 2 [ ACC ] STREAM LISTENING 2794 1992/magicdev /tmp/orbit-root/linc-7c8-0-756fdbcac97fa
unix 2 [ ACC ] STREAM LISTENING 2812 1988/gnome-panel /tmp/orbit-root/linc-7c4-0-47c6f1762720b
unix 2 [ ACC ] STREAM LISTENING 2845 1990/nautilus /tmp/orbit-root/linc-7c6-0-47c6f1775ee2
unix 2 [ ACC ] STREAM LISTENING 2896 1995/eggcups /tmp/orbit-root/linc-7cb-0-19cc5bef75519
unix 2 [ ACC ] STREAM LISTENING 3023 1999/python /tmp/orbit-root/linc-7cf-0-3c0f5be4e5eb9
unix 2 [ ACC ] STREAM LISTENING 3760 2032/gnome-terminal /tmp/orbit-root/linc-7f0-0-b4706089e8fd
unix 2 [ ACC ] STREAM LISTENING 55759 3490/nautilus-throb /tmp/orbit-root/linc-da2-0-7ef2dcb0d92a7
unix 2 [ ACC ] STREAM LISTENING 2447 1891/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2525 1957/ssh-agent /tmp/ssh-XXnpxNFd/agent.1900
unix 2 [ ACC ] STREAM LISTENING 2650 1900/gnome-session /tmp/.ICE-unix/1900

antus 10-19-2003 09:19 AM
.

ashv3524 10-19-2003 09:27 AM
the output of netstat -l is:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:1024 *:* LISTEN
tcp 0 0 localhost.localdom:1025 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdoma:ipp *:* LISTEN
tcp 0 0 localhost.localdom:smtp *:* LISTEN
udp 0 0 *:1025 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:631 *:*
udp 0 0 *:889 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 2183 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2553 /tmp/orbit-root/linc-7b0-0-4c045efc35906
unix 2 [ ACC ] STREAM LISTENING 2561 /tmp/orbit-root/linc-76c-0-5a0911fe3ebc1
unix 2 [ ACC ] STREAM LISTENING 2323 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2989 /tmp/orbit-root/linc-7d7-0-461d6cc2f06dd
unix 2 [ ACC ] STREAM LISTENING 2660 /tmp/orbit-root/linc-7b2-0-550a1e7a3fc2e
unix 2 [ ACC ] STREAM LISTENING 2437 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 2697 /tmp/.fam_socket
unix 2 [ ACC ] STREAM LISTENING 2764 /tmp/orbit-root/linc-7c0-0-4e6c5e378c566
unix 2 [ ACC ] STREAM LISTENING 2681 /tmp/orbit-root/linc-7b4-0-2c820528b361d
unix 2 [ ACC ] STREAM LISTENING 2794 /tmp/orbit-root/linc-7c8-0-756fdbcac97fa
unix 2 [ ACC ] STREAM LISTENING 2812 /tmp/orbit-root/linc-7c4-0-47c6f1762720b
unix 2 [ ACC ] STREAM LISTENING 2845 /tmp/orbit-root/linc-7c6-0-47c6f1775ee2
unix 2 [ ACC ] STREAM LISTENING 2896 /tmp/orbit-root/linc-7cb-0-19cc5bef75519
unix 2 [ ACC ] STREAM LISTENING 3023 /tmp/orbit-root/linc-7cf-0-3c0f5be4e5eb9
unix 2 [ ACC ] STREAM LISTENING 3760 /tmp/orbit-root/linc-7f0-0-b4706089e8fd
unix 2 [ ACC ] STREAM LISTENING 55759 /tmp/orbit-root/linc-da2-0-7ef2dcb0d92a7
unix 2 [ ACC ] STREAM LISTENING 2447 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2525 /tmp/ssh-XXnpxNFd/agent.1900
unix 2 [ ACC ] STREAM LISTENING 2650 /tmp/.ICE-unix/1900

david_ross 10-19-2003 09:42 AM
Well - apache is listening:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3542/httpd

What firewall device are you using for setting up the dmz - are you sure there are no rules denying access to port 80?

ashv3524 10-19-2003 09:48 AM
it is a netgear mr814 wireless router... it doesn't have any explicit firewall... i don't have any rules in it saying block port 80...

i disabled iptables service, and also set security to "no firewall", flushed the iptables etc. etc.

I think I am going to have to re-install the whole system... i tried to uninstall the apache server, and RH9's package mgr is saying it needs httpd to be installed first?! and when i try to install is from disc1, it says it is already installed!!

david_ross 10-19-2003 10:02 AM
Looking at the docs for that router you will need to NAT port 80 to ther address of the web server - I assume that you don't actually have a physical DMZ:
http://kbserver.netgear.com/kb_web_files/n101145.asp

ashv3524 10-19-2003 10:14 AM
you're right, its not a physical DMZ... but i shouldn't need port forwarding if the server is put in the DMZ?

FTP seems to work fine from the DMZ without having port forwarding configured...

i've tried it with the port forwarding for 80 enabled... no good.

i'm thinking this is a apache issue... ethereal traces on the server m/c show that the tcp socket connection from external addresses is being rejected: for a working connect (example, ftp, or http from internal lan) the initiating [SYN] packet is responded to with a [SYN, ACK], while for http from external addresses it responds with a [RST, ACK].

So the packets are getting through from outside the LAN to the server m/c, but they are being refused by the machine. i tried uninstalling apache, but it is not happening as mentioned..

thanks for your time David, i have to go someplace now and i will tackle this when i get back.

Ashv

ashv3524 10-19-2003 10:14 AM
you're right, its not a physical DMZ... but i shouldn't need port forwarding if the server is put in the DMZ?

FTP seems to work fine from the DMZ without having port forwarding configured...

i've tried it with the port forwarding for 80 enabled... no good.

i'm thinking this is a apache issue... ethereal traces on the server m/c show that the tcp socket connection from external addresses is being rejected: for a working connect (example, ftp, or http from internal lan) the initiating [SYN] packet is responded to with a [SYN, ACK], while for http from external addresses it responds with a [RST, ACK].

So the packets are getting through from outside the LAN to the server m/c, but they are being refused by the machine. i tried uninstalling apache, but it is not happening as mentioned..

thanks for your time David, i have to go someplace now and i will tackle this when i get back.

Ashv

david_ross 10-19-2003 10:26 AM
When you say it is in the DMZ - do you mean that the server has its own public IP address?

ashv3524 10-19-2003 02:35 PM
The server has a private ip address in the internal LAN, and this server is "exported" to the DMZ, so that all services not meant for other m/cs on the lan are re-directed to this server...

Devboy 10-19-2003 05:30 PM
so does anyone know howto fix this?


All times are GMT -5. The time now is 04:12 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page