I'm trying to set up an Apache server on an ancient iMac running Fedora Core 5, that is running behind a D-Link DI-604 router connected to the internet via a cable modem. Despite apparently doing everything necessary to set Apache up on the iMac, I've been unable access the http server from other computers on the LAN (specifically an OSX box), let alone from a WAN client.

HTTPD doesn't give me any problems when I try to start it up. "netstat -na" confirms that httpd is listening on port 80 ("tcp 0 0 92.168.0.101:80 0.0.0.0:* LISTEN"), and pgrep also confirms that httpd is active. I am thus very puzzled why I apparently cannot access the HTTP even from within the LAN (safari reports that it cannot connect to 192.168.0.101), let alone from the outside (safari times out trying to connect to xx.xx.xx.xxx:80, where xx.xx.xx.xxx is the DHCP-assigned router IP)!

I have already done the following:

1) configured the router for forwarding. The router forwards port 80 requests to the private IP of the Fedora Box, namely 192.168.0.101. I have also set up a SSHD server on the Fedora Box, and with the help of some friends have confirmed that WAN clients are able to connect to the server via router forwarding. Therefore, there seems to be nothing wrong with the router.

2) configured /etc/httpd/conf/httpd.conf. Pertinent settings are as follows:

Listen 192.168.0.101:80

ServerName xx.xx.xx.xxx:80, where xx.xx.xx.xxx is the WAN address assigned to the router

I suspect there's something wrong with the way I've set up httpd.conf, possibly with how I've used the LAN and WAN addresses. Any help would be greatly appreciated.

Ben

Are you sure of the "netstat -na" result, or is that a typo?
If it's not a typo and that is what netstat is acutally reporting, you'll need to revisit the httpd.conf file and fix the problem there.

Try to access Apache using loopback, does that work?

And finally, do a :
and look for any errors mentioned.

Thanks for your excellent questions. They are helping me focus my thinking.

It is hard for me to do anything locally as the computer is so starved of space that I installed a text-only system. I'm going to see about getting lynx installed so I can do basic local testing.

In the meantime, here are some preliminary answers:

1) There is a typo in the local IP address: the actual line reads "tcp 0 0 192.168.0.101:80 0.0.0.0:* LISTEN"

2) I *am* getting some errors in /var/log/messages:


Jun 9 18:46:18 alaric kernel: audit(1149893178.244:10): avc: denied { name_bind } for pid=1744 comm="httpd" src=8181 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Jun 9 21:30:05 alaric kernel: audit(1149903005.710:4): avc: denied { name_bind } for pid=2590 comm="httpd" src=8000 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
Jun 9 22:05:00 alaric kernel: audit(1149905100.870:6): avc: denied { name_bind } for pid=3016 comm="httpd" src=81 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
Jun 9 22:05:52 alaric kernel: audit(1149905152.869:8): avc: denied { name_bind } for pid=3034 comm="httpd" src=81 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket

3) I tried restarting httpd with various settings last night. There is the following /var/log/httpd_log content that was generated each time I did so:

[Fri Jun 09 17:53:34 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations
[Fri Jun 09 18:13:21 2006] [notice] caught SIGTERM, shutting down
[Fri Jun 09 18:13:22 2006] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0
[Fri Jun 09 18:13:22 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jun 09 18:13:26 2006] [notice] Digest: generating secret for digest authentication ...
[Fri Jun 09 18:13:26 2006] [notice] Digest: done
[Fri Jun 09 18:13:26 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.

... [to the output of tail]

[Fri Jun 09 23:53:04 2006] [notice] Digest: done
[Fri Jun 09 23:53:04 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Jun 09 23:53:07 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations
[Sat Jun 10 00:00:49 2006] [notice] caught SIGTERM, shutting down
[Sat Jun 10 00:04:49 2006] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t:s0
[Sat Jun 10 00:04:49 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Jun 10 00:04:51 2006] [notice] Digest: generating secret for digest authentication ...
[Sat Jun 10 00:04:51 2006] [notice] Digest: done
[Sat Jun 10 00:04:52 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Sat Jun 10 00:04:53 2006] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations

I confess myself clueless as to what any of this means. However, it does seem that they reflect errors with how how HTTPD is operating, and I will immediately start investigating. In the meantime, any further help would be greatly appreciated, thanks!

Ben

I now have lynx installed. It CAN access 192.168.0.101 -- the local LAN address of the machine running httpd.

Another thing that might be relevant:

httpd refuses to start up when I try to configure it to listen on a different port (i.e., by setting "Listen 81" and "ServerName xx.xx.xx.xxx:81" in httpd_config). This is making it impossible to determine whether there is a problem with the port HTTPD's listening on

I a running an older version of apache, and am no expert, so this may not work, but...
Try commenting out both the server name and the "Listen" directive and run with defaults. See if that works.

Also, to try a different port try changing the "Port" directive instead of the "Listen" one.

Brian

OK... when I comment out the two options, httpd boots successfuly, but even the localhost fails to access the webpage through Lynx. netstat -na confirms that the httpd is no longer listening on any port

Interestingly, httpd will fail if Listen is commented out, but if only servername (as before, the router's WAN IP address) is commented out everything works "fine" (i.e. the localhost lynx can find the webpage).

Unfortunately I am running Apache 2.2 (sorry for not mentioning this before, it slipped my mind). When I try to insert a port directive it screams at me for using an Apache 1.3 configuration directive. According to /usr/chare/doc/http-2.2.0/migration.html, Listen has superseded the Port directive.

I have another thought. Perhaps /etc/hosts is not set correctly. Right now this is what I have:

does there need to be a third line pointing to the WAN address for my router? for the LAN address to the router? I think the problem may not be with httpd but rather with how the localhost is talking to the router -- it's hard otherwise to explain why other computers on the LAN can't access the web pages (but yet SSH works perfectly). It's also weird that httpd absolutely refuses to launch with any port other than 80.

Looks like a long nite of reading the apache user manual. KNew I bought a new monitor for something...

seem to be talking to myself... but anyway I've at least figured out why httpd isn't allowing me to arbitrarily change the port number, apparently in my configuration it has to match the http-alt value in /etc/services. changing it to another value doesn't make any difference, and it doesn't make sense that it would

PROBLEM SOLVED. Finally realized that iptables was blocking http requests to localhost. I took down iptables and access was enabled within the LAN and from the outside world. Hallelujah!!!!!!

Sorry i couldn't re-visit this thread earlier.

Glad to hear that your problem is solved