Networking issue with my web server
 

Ok I have been trying to figure this out on and off for about 6 months now and have had no luck at all. I have my Ubuntu server up and running with apache, php, and mysql. I can see the server and the site on my local network with the static IP I gave it all good to go. But when I try my static my isp gave me I get nothing. I have a zoom adsl 5551a modem and a DLink 8 port 707p router, I have changed the nat setting on my modem as instructed by zoom and I have set the settings on the virtual server set up on the dlink. But still nothing.

I have called tech support from both hardware companies and my isp but non of the are any help.

Does any one have a hardware set up like mine or can anyone suggest a better modem or router that they use and have no problem with? Or is there something server side that might cause this?

Thanks in advance

Also I have turned off all firewalls that I could find.

First let me say that I am no expert at this and my terminology may be off but I have set up a few home servers. I needed the firewall to to forward incoming traffic to the server. Start at the modem and forward port 80 traffic to the ipaddress you give the box with the server on it. Check from that box with ifconfig. Next you will need to do the same thing on the router. Both should have a configuration page that you can open with a web browser. There may be a better way of doing it by setting the server up in a dmz zone;
http://www.boutell.com/newfaq/creating/dmz.html
Some port forwarding stuff;
http://www.brennan.id.au/06-Firewall_Concepts.html
Not sure about your modem but mine has a built in firewall.
It can be confusing and at least I got the ball rolling untill someone better comes along post some more info about how yor network is setup etc.

For starters you don't need a stand-alone router at all, Linux can take care of all that & will do a far better job of it than most commercial routers anyway. You wont need to do anything with the NAT capabilities of your modem either as iptables can do this as well. All you need to do is to get the server to access the Internet, then use iptables to configure routing, NAT & protection.

I could talk you through the entire process but this HOWTO -- http://www.tldp.org/HOWTO/IP-Masquer...WTO/index.html -- would be the best place for you to start. Especially important is how to configure iptables, it is the heart & soul of a good, fast & secure Internet gateway. It also includes a great script to get you started, but my advice would be for you to learn how the script works, especially the iptables part, & then either customize it to your own needs or get an iptables GUI to configure the firewall, router & any NAT'ing you might want, I use & love KMyFirewall which you should be able to get from http://kmyfirewall.sourceforge.net/

If you have any questions about anything you read in the HOWTO post it to this thread so I am sent a copy & can hopefully help you further.

Yes thats why nobody users routers....oh wait.


Very bad advice.

1. Hardware routers work better (in 90% of cases) than a pc running nat/firewall. Most people do not have the time or knowledge to setup a software based approach. Routers work because they are designed to do one job (or two). People also dont usually try to play doom on their router.

2. unless you need a feature that your router doesnt provide and you are just using this a home/soho system, their is no need to get rid of the router. You just need to forward your needed ports from the router to the PC.

Too many holes and things are left to chance for a novice to setup a linux/BSD firewall/router.


Soule

I have both my modem and my router forwarding port 80 to my server but I still get nothing. When I type in my ip from my isp it just times out and says documnet contains no data. I will post s.s. of my configs when I get home.

As a note make sure you have a public IP. Many ISP's are now using NAT internally. That way they can control bandwidth better and keep everyone from using home servers. That way if you want to run a home server (or just have remote access) you will have to pay more for a business account.


Soule

soulestream makes a good argument but all I have to go on is my own experience with stand-alone routers which have not been pleasant ones.
This is why I recommended using something like KMyFirewall which makes configuring iptables very simple to understand, much simpler than the routers that I have had to learn how to use over the years, but maybe these have been particular difficult ones, so if you feel comfortable with your router then it will do all the basic things.

As for Tux_Phoenix actual problem :
First off, the fact that you can configure port forwarding on your modem probably means your modem is a router as well so you don't need a separate router. So first try removing the router from the equation & ensure iptables is not running on your server, OR, if your modem does not have any firewalling functions, turn off ALL forwarding & NAT'ing on your modem & allow your router to do all the work. This might not be absolutely necessary but it will ensure that any port forwarding WILL get to your server.
But more that likely, as soulestream said, the problem is with your ISP. I know my ISP, Optusnet here in Australia, blocks certain ports particularly port 80. To check which ports your ISP is blocking you first need to temporarily either open all ports on your router/modem or remove your router entirely & connect directly to the Internet through your modem with no firewalling at all, also ensure iptables is not running on the PC that your modem plugs into which you have probably already done, remember you will be vulnerable during this but it's only temporary. Then go to an online port scanning site, I like www.grc.com the best (which seems to be down at the moment?!?) but there are hundreds out there, you could try http://www.portsense.com/prescan.cfm From the results you you will see which ports your ISP is blocking because this scan should find that ALL your ports are OPEN as your firewall is not doing anything but some will be closed/filtered/stealth/blocked or whatever the scanner calls it, these ports are the ones your ISP is blocking you from using.
To get around this you could configure Apache, or the HTTP server you use, to listen to a different port, like the secure HTTP port 443, the problem with this is that to access your HTTP server from the outside world one must add :443 to your web address.

So as soulestream stated, if you want to run a real HTTP server to host your own publicly available website you need to pay more to your ISP to get access to port 80. But just as a further note, a few years ago I was having trouble with my ISP so I called them to find out what was going on, I spoke to an unusually helpful bloke who unblocked port 80 for me, which he really wasn't supposed to do. I can't remember exactly what I said to get this but it happened, you might want to try the same, just don't tell them you wish to host a website!!!

Let us know how you go!