LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-19-2003, 09:33 AM   #1
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Rep: Reputation: 0
Unhappy apache RH9 problem


Hi,

I have been grappling with this problem for the last few days, would much appreciate any advice.

I have apache running on redhat9 on an internal LAN behind a cable & router. I am able to browse the website through other m/cs on the internal LAN, but get a connection refused from outside (internet). The apache server is configured to listen to all addresses on port 80, and does not have any virtual hosts configured. The error log for apache does not show anything.

I also have an ftp server on this m/c, and this works fine from external ip addresses.

Ashv
 
Old 10-19-2003, 09:47 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
A few posibilities:
1) Is this machine directly connected to the outside world or do you need to forward ports from a router etc (if so have you done this for port 80?)
2) Do you have any firewall rules in place:
iptables -L
3) Check with your ISP to see if they allow you to run a server on port 80 - some ISPs block this as it is against there aceptable use policy.
 
Old 10-19-2003, 09:58 AM   #3
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
1. This m/c is not directly connected to the outside world, but it *is* sitting in the DMZ of the router that connects to the outside world. I don't have port forwarding set up for ftp, which works.
2. iptables -L shows no rules whatsoever in place.
3. called my ISP, they confirmed that they don't block port 80.

i used a net-based port scanner, this is what it showed:

Port 21 ftp is open
Port 22 ssh is open
Port 111 sunrpc is open

this was using:
http://readyadmin.com/custom/content/tools/portscan.php

I had mod_ssl installed, and it showed 443 is open. but i uninstalled it and the above is the result.

i think it is some problem with the way I have configured apache...but i have no idea what.
I appreciate your response.
 
Old 10-19-2003, 10:08 AM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Can you post he output of:
netstat -nlp
 
Old 10-19-2003, 10:16 AM   #5
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks for your time David!!! Here's the output of netstat -nlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1561/
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN 1679/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1542/
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3542/httpd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1891/X
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3093/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1665/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1757/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1699/
udp 0 0 0.0.0.0:1025 0.0.0.0:* 1561/
udp 0 0 0.0.0.0:68 0.0.0.0:* 1469/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 1542/
udp 0 0 0.0.0.0:631 0.0.0.0:* 1757/cupsd
udp 0 0 0.0.0.0:889 0.0.0.0:* 1561/
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 2183 1718/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2553 1968/gconfd-2 /tmp/orbit-root/linc-7b0-0-4c045efc35906
unix 2 [ ACC ] STREAM LISTENING 2561 1900/gnome-session /tmp/orbit-root/linc-76c-0-5a0911fe3ebc1
unix 2 [ ACC ] STREAM LISTENING 2323 1815/ /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2989 2007/notification-a /tmp/orbit-root/linc-7d7-0-461d6cc2f06dd
unix 2 [ ACC ] STREAM LISTENING 2660 1970/bonobo-activat /tmp/orbit-root/linc-7b2-0-550a1e7a3fc2e
unix 2 [ ACC ] STREAM LISTENING 2437 1847/ /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 2697 1977/ /tmp/.fam_socket
unix 2 [ ACC ] STREAM LISTENING 2764 1984/metacity /tmp/orbit-root/linc-7c0-0-4e6c5e378c566
unix 2 [ ACC ] STREAM LISTENING 2681 1972/gnome-settings /tmp/orbit-root/linc-7b4-0-2c820528b361d
unix 2 [ ACC ] STREAM LISTENING 2794 1992/magicdev /tmp/orbit-root/linc-7c8-0-756fdbcac97fa
unix 2 [ ACC ] STREAM LISTENING 2812 1988/gnome-panel /tmp/orbit-root/linc-7c4-0-47c6f1762720b
unix 2 [ ACC ] STREAM LISTENING 2845 1990/nautilus /tmp/orbit-root/linc-7c6-0-47c6f1775ee2
unix 2 [ ACC ] STREAM LISTENING 2896 1995/eggcups /tmp/orbit-root/linc-7cb-0-19cc5bef75519
unix 2 [ ACC ] STREAM LISTENING 3023 1999/python /tmp/orbit-root/linc-7cf-0-3c0f5be4e5eb9
unix 2 [ ACC ] STREAM LISTENING 3760 2032/gnome-terminal /tmp/orbit-root/linc-7f0-0-b4706089e8fd
unix 2 [ ACC ] STREAM LISTENING 55759 3490/nautilus-throb /tmp/orbit-root/linc-da2-0-7ef2dcb0d92a7
unix 2 [ ACC ] STREAM LISTENING 2447 1891/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2525 1957/ssh-agent /tmp/ssh-XXnpxNFd/agent.1900
unix 2 [ ACC ] STREAM LISTENING 2650 1900/gnome-session /tmp/.ICE-unix/1900
 
Old 10-19-2003, 10:19 AM   #6
antus
LQ Newbie
 
Registered: Oct 2003
Posts: 13

Rep: Reputation: 0
.

Last edited by antus; 10-19-2003 at 10:20 AM.
 
Old 10-19-2003, 10:27 AM   #7
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
the output of netstat -l is:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:1024 *:* LISTEN
tcp 0 0 localhost.localdom:1025 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdoma:ipp *:* LISTEN
tcp 0 0 localhost.localdom:smtp *:* LISTEN
udp 0 0 *:1025 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:631 *:*
udp 0 0 *:889 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 2183 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2553 /tmp/orbit-root/linc-7b0-0-4c045efc35906
unix 2 [ ACC ] STREAM LISTENING 2561 /tmp/orbit-root/linc-76c-0-5a0911fe3ebc1
unix 2 [ ACC ] STREAM LISTENING 2323 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 2989 /tmp/orbit-root/linc-7d7-0-461d6cc2f06dd
unix 2 [ ACC ] STREAM LISTENING 2660 /tmp/orbit-root/linc-7b2-0-550a1e7a3fc2e
unix 2 [ ACC ] STREAM LISTENING 2437 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 2697 /tmp/.fam_socket
unix 2 [ ACC ] STREAM LISTENING 2764 /tmp/orbit-root/linc-7c0-0-4e6c5e378c566
unix 2 [ ACC ] STREAM LISTENING 2681 /tmp/orbit-root/linc-7b4-0-2c820528b361d
unix 2 [ ACC ] STREAM LISTENING 2794 /tmp/orbit-root/linc-7c8-0-756fdbcac97fa
unix 2 [ ACC ] STREAM LISTENING 2812 /tmp/orbit-root/linc-7c4-0-47c6f1762720b
unix 2 [ ACC ] STREAM LISTENING 2845 /tmp/orbit-root/linc-7c6-0-47c6f1775ee2
unix 2 [ ACC ] STREAM LISTENING 2896 /tmp/orbit-root/linc-7cb-0-19cc5bef75519
unix 2 [ ACC ] STREAM LISTENING 3023 /tmp/orbit-root/linc-7cf-0-3c0f5be4e5eb9
unix 2 [ ACC ] STREAM LISTENING 3760 /tmp/orbit-root/linc-7f0-0-b4706089e8fd
unix 2 [ ACC ] STREAM LISTENING 55759 /tmp/orbit-root/linc-da2-0-7ef2dcb0d92a7
unix 2 [ ACC ] STREAM LISTENING 2447 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 2525 /tmp/ssh-XXnpxNFd/agent.1900
unix 2 [ ACC ] STREAM LISTENING 2650 /tmp/.ICE-unix/1900
 
Old 10-19-2003, 10:42 AM   #8
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Well - apache is listening:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3542/httpd

What firewall device are you using for setting up the dmz - are you sure there are no rules denying access to port 80?
 
Old 10-19-2003, 10:48 AM   #9
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
it is a netgear mr814 wireless router... it doesn't have any explicit firewall... i don't have any rules in it saying block port 80...

i disabled iptables service, and also set security to "no firewall", flushed the iptables etc. etc.

I think I am going to have to re-install the whole system... i tried to uninstall the apache server, and RH9's package mgr is saying it needs httpd to be installed first?! and when i try to install is from disc1, it says it is already installed!!
 
Old 10-19-2003, 11:02 AM   #10
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Looking at the docs for that router you will need to NAT port 80 to ther address of the web server - I assume that you don't actually have a physical DMZ:
http://kbserver.netgear.com/kb_web_files/n101145.asp
 
Old 10-19-2003, 11:14 AM   #11
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
you're right, its not a physical DMZ... but i shouldn't need port forwarding if the server is put in the DMZ?

FTP seems to work fine from the DMZ without having port forwarding configured...

i've tried it with the port forwarding for 80 enabled... no good.

i'm thinking this is a apache issue... ethereal traces on the server m/c show that the tcp socket connection from external addresses is being rejected: for a working connect (example, ftp, or http from internal lan) the initiating [SYN] packet is responded to with a [SYN, ACK], while for http from external addresses it responds with a [RST, ACK].

So the packets are getting through from outside the LAN to the server m/c, but they are being refused by the machine. i tried uninstalling apache, but it is not happening as mentioned..

thanks for your time David, i have to go someplace now and i will tackle this when i get back.

Ashv
 
Old 10-19-2003, 11:14 AM   #12
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
you're right, its not a physical DMZ... but i shouldn't need port forwarding if the server is put in the DMZ?

FTP seems to work fine from the DMZ without having port forwarding configured...

i've tried it with the port forwarding for 80 enabled... no good.

i'm thinking this is a apache issue... ethereal traces on the server m/c show that the tcp socket connection from external addresses is being rejected: for a working connect (example, ftp, or http from internal lan) the initiating [SYN] packet is responded to with a [SYN, ACK], while for http from external addresses it responds with a [RST, ACK].

So the packets are getting through from outside the LAN to the server m/c, but they are being refused by the machine. i tried uninstalling apache, but it is not happening as mentioned..

thanks for your time David, i have to go someplace now and i will tackle this when i get back.

Ashv
 
Old 10-19-2003, 11:26 AM   #13
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
When you say it is in the DMZ - do you mean that the server has its own public IP address?
 
Old 10-19-2003, 03:35 PM   #14
ashv3524
LQ Newbie
 
Registered: Oct 2003
Posts: 12

Original Poster
Rep: Reputation: 0
The server has a private ip address in the internal LAN, and this server is "exported" to the DMZ, so that all services not meant for other m/cs on the lan are re-directed to this server...
 
Old 10-19-2003, 06:30 PM   #15
Devboy
Member
 
Registered: Jul 2003
Location: IOM
Distribution: Slackware 10.
Posts: 194

Rep: Reputation: 30
so does anyone know howto fix this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Apache to work on RH9 dwg22guitar Linux - Networking 0 03-14-2004 09:22 PM
apache 2.0 in RH9 tpark Linux - Networking 3 02-09-2004 06:51 PM
apache 2.0 RH9 siphi Linux - Newbie 9 12-07-2003 09:13 AM
RH9: PHP session problem (or Apache problem) fengcn Red Hat 0 12-01-2003 07:32 PM
Configuring Apache 2 on RH9 verbal Linux - Software 3 10-28-2003 11:15 PM


All times are GMT -5. The time now is 08:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration