LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-30-2003, 06:11 PM   #1
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Rep: Reputation: 30
server unreachable from internet


I'm running Redhat 9 (Shrike). Apache, Tux, mod_ssl, and openssl are installed from the Redhat rpm's. I've removed the directive "Listen 80" from httpd.conf so that Tux can handle static requests. Created a key and certificate with openssl and placed them in the appropriate directories. I then created a secure virtual host by adding the following to the bottom of httpd.conf:
Code:
<VirtualHost 192.168.0.3:443>
DocumentRoot /var/www/html/lassie/secure
ServerName lassie
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/lassie.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lassie.key
<Files ~ "\.(cgi|shtml)$">
	SSLOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
	SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I then added some content and voilla: the secure server works fine on the local network from my RH9 box. It is unreachable from the internet.

What is my network setup? I have a RH9 box (hosting the website) connected to the internet (wirelessly, Netgear card) through a router (made by Netgear) and to a WinXP box that is connected to the router (same one as before) via ethernet. I have opened up firewall holes for port 443 in the router and in the RH9 firewall.

So... if I go to https://192.168.0.3 on the RH9 box, everything works fine. If I go to the same address on the WinXP box, MSIE crashes. If I go to https://my.ip.on.web from either box or from a computer outside the local network, the "Connection was refused." I tried changing the virtualhost directive to my.ip.on.web:443 instead of my local IP; no change. I tried adding "Listen 443" to httpd.conf. No change. Thinking that my ISP might be blocking port 443, I tried changing ports to those used by lmule and gtk-gnutella (which, of course, are not running as I try to do all this). In doing so, I remembered to change my directives to "Listen <port#>", "my.ip.on.web:<port#>" and to go to "https://my.ip.on.web:<port#>". All to no avail.

So...

Why can't I access my server from the internet? And why does MSIE keep crashing? Somebody please help me!
 
Old 04-30-2003, 06:22 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
1) Do you have any firewall rules in place
2) is "lassie" in the hosts files of all computers that need access.
3) when doing "http://my.ip.on.web:<port#>" I assume you mean like "http://my.ip.on.web:8080" for example.
 
Old 04-30-2003, 07:18 PM   #3
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
My computer can connect actively with other computers on the ports used by file sharing agents, so these ports are not blocked by a local firewall, the Netgear router, or my ISP.

No, I do not enclose my port #'s in <> - your assumption was correct.

Place "lassie" in host files? Like, on another computer? Does Windows have host files? I always though I would just be prompted to accept the certificate... Do I need to modify a file on my RH9 box?
 
Old 05-01-2003, 01:11 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
If you want to add an entry to a windows hosts file you only need to do it on the windwos box:

win9x: C:\windows\hosts
win2k: C:\WINDOWS\system32\drivers\etc\hosts
winxp: C:\WINDOWS\system32\drivers\etc\hosts
 
Old 05-01-2003, 01:16 PM   #5
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
That hosts - but then it shouldn't matter whether or not lassie is in there because the server is accessed by IP address, not domain name.

This also doesn't explain why the box that runs the server cannot access the server via internet IP (although it is still accessable from that box via the local network IP).
 
Old 05-01-2003, 01:21 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
You have told it to use:
ServerName lassie

Have you configured the router to forward the ports to the web server?
 
Old 05-01-2003, 04:14 PM   #7
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
Interesting...
I initially had the router set to simply foward the appropriate ports. I decided to delete these services from the router and simply make the RH9 box the default DMZ server.

About 1 hour after making the modification to the network, the server was still unreachable from the internet. About 4 hours after that, the server became available on default ports (80, 8080, and 443) but not the Virtual Host I had defiend for lassie (port 44122). These ports were only accessible from a machine outside my home network. These ports are still not accessible from the RH9 box via the internet IP, although they are accessible via the local IP (i.e. 127.0.0.1 and 192.168.0.3).

So...
Why isn't the custom port accessable from the internet? I would assume it is something wrong with the way my virtualhost is setup. I currently have it as:
<VirtualHost lassie.no-ip.info:44122>
Additionally, the directive "Listen 44122" is also added to httpd.conf just below "Listen 8080".
Feel free to visit it. You will get the standard apache test page on ports 80, 8080, and 443. If you can actually connect to port 44122, you will get a test page asking for a username and password.

How should I modify my VirtualHost setup to fix this problem? Why is the server inaccessable from the local network via an internet IP but accessable via a local IP? Why does it take so long for the default ports to become accessable on the internet? And not that I really care, but why does WinXP keep crashing when accessing the server via a local IP?

Thanks!
 
Old 05-01-2003, 04:23 PM   #8
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
I can access:
http://lassie.no-ip.info:44122/

no problem at all - Although I just get the apache test page.

Have you changed:
ServerName lassie

to:
ServerName lassie.no-ip.info
 
Old 05-01-2003, 04:24 PM   #9
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
The only reason I can think that you can't get it via the external ip from inside is that your router isn't telling your local clients where to go.
 
Old 05-01-2003, 04:53 PM   #10
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
I took your suggestion regarding ServerName - it is now "ServerName lassie.no-ip.info".

Would you be so kind as to try to access https://lassie.no-ip.info:44122/ again? Unfortunately, based on past experience, it may take five hours for anything to happen.

If you happen to have a lot of extra time on your hands, login (username="david_ross" password="password") and leave me a message. (The server will say you are banned. This is normal.)

I suspect your hypothesis regarding my router and ip addresses is correct.

Thanks for all your help!
 
Old 05-01-2003, 05:05 PM   #11
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
I just reallised that the first time I used:
http://lassie.no-ip.info:44122/

I can still get the test page with that but I get nothing with:
https://lassie.no-ip.info:44122/
 
Old 05-01-2003, 05:21 PM   #12
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
I'm not sure why you got anything at all on http://lassie.no-ip.info:44122 . Try visiting http://lassie.no-ip.info:<some random port#> and see if you still get something.
Once again, here is my current modification to httpd.conf:
Code:
<VirtualHost lassie.no-ip.info:44122>
DocumentRoot /var/www/html/lassie/secure
ServerName lassie.no-ip.info
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/lassie.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lassie.key
<Files ~ "\.(cgi|shtml)$">
	SSLOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
	SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Also recall that I removed the line "Listen 80" so that Tux could bind to port 80.
Assuming that accessing random port #'s on my RH9 box doesn't work, I suspect the line "Listen 44122" (just below "Listen 8080" in httpd.conf) is causing apache to put that test page where it shouldn't be. Consequently, I have removed the line. Try https://lassie.no-ip.info:44122/ again and see what happens.
 
Old 05-01-2003, 05:39 PM   #13
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
I think you are right that I could access it because you had apache listeningto that port but I still can't get the https page. Unfortunately I'm not that familiar with SSL so I can't really help with that in partitcular.
 
Old 05-01-2003, 05:43 PM   #14
kc8tbe
Member
 
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179

Original Poster
Rep: Reputation: 30
Is there still a test page on port 44122? If so, "Listen 44122" probably was not the problem. What about on other random ports?
What happens if you go to https://lassie.no-ip.info/ ? You should, in theory, see the same test page only with a security certificate. If this it the case, SSL is working fine and it is my VirtualHost setup that needs brain surgery.
 
Old 05-01-2003, 05:54 PM   #15
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
https://lassie.no-ip.info/ Works no problem - I get the certificate and test page
http://lassie.no-ip.info:44122/ Nothing
https://lassie.no-ip.info:44122/ Nothing

Nothing on random ports either - it was the listen statement.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
server unreachable... pimij Linux - Networking 4 09-29-2005 07:34 AM
server ifup: RTNETLINK answers: Network is unreachable problem evasion81 Linux - Networking 5 07-07-2005 09:44 AM
Getting message "connect: Network is unreachable" trying to access the Internet denver1980 Linux - Networking 5 12-29-2004 06:22 PM
Internet Problems? Network unreachable plehman Fedora 0 07-11-2004 06:18 PM
Server unreachable flash71 Linux - Networking 0 10-01-2001 01:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration