Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
04-30-2003, 06:11 PM
|
#1
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Rep:
|
server unreachable from internet
I'm running Redhat 9 (Shrike). Apache, Tux, mod_ssl, and openssl are installed from the Redhat rpm's. I've removed the directive "Listen 80" from httpd.conf so that Tux can handle static requests. Created a key and certificate with openssl and placed them in the appropriate directories. I then created a secure virtual host by adding the following to the bottom of httpd.conf:
Code:
<VirtualHost 192.168.0.3:443>
DocumentRoot /var/www/html/lassie/secure
ServerName lassie
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/lassie.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lassie.key
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I then added some content and voilla: the secure server works fine on the local network from my RH9 box. It is unreachable from the internet.
What is my network setup? I have a RH9 box (hosting the website) connected to the internet (wirelessly, Netgear card) through a router (made by Netgear) and to a WinXP box that is connected to the router (same one as before) via ethernet. I have opened up firewall holes for port 443 in the router and in the RH9 firewall.
So... if I go to https://192.168.0.3 on the RH9 box, everything works fine. If I go to the same address on the WinXP box, MSIE crashes. If I go to https://my.ip.on.web from either box or from a computer outside the local network, the "Connection was refused." I tried changing the virtualhost directive to my.ip.on.web:443 instead of my local IP; no change. I tried adding "Listen 443" to httpd.conf. No change. Thinking that my ISP might be blocking port 443, I tried changing ports to those used by lmule and gtk-gnutella (which, of course, are not running as I try to do all this). In doing so, I remembered to change my directives to "Listen <port#>", "my.ip.on.web:<port#>" and to go to "https://my.ip.on.web:<port#>". All to no avail.
So...
Why can't I access my server from the internet? And why does MSIE keep crashing?  Somebody please help me! 
|
|
|
04-30-2003, 06:22 PM
|
#2
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
1) Do you have any firewall rules in place
2) is "lassie" in the hosts files of all computers that need access.
3) when doing "http://my.ip.on.web:<port#>" I assume you mean like "http://my.ip.on.web:8080" for example.
|
|
|
04-30-2003, 07:18 PM
|
#3
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
My computer can connect actively with other computers on the ports used by file sharing agents, so these ports are not blocked by a local firewall, the Netgear router, or my ISP.
No, I do not enclose my port #'s in <> - your assumption was correct.
Place "lassie" in host files? Like, on another computer? Does Windows have host files? I always though I would just be prompted to accept the certificate... Do I need to modify a file on my RH9 box?
|
|
|
05-01-2003, 01:11 PM
|
#4
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
If you want to add an entry to a windows hosts file you only need to do it on the windwos box:
win9x: C:\windows\hosts
win2k: C:\WINDOWS\system32\drivers\etc\hosts
winxp: C:\WINDOWS\system32\drivers\etc\hosts
|
|
|
05-01-2003, 01:16 PM
|
#5
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
That hosts - but then it shouldn't matter whether or not lassie is in there because the server is accessed by IP address, not domain name.
This also doesn't explain why the box that runs the server cannot access the server via internet IP (although it is still accessable from that box via the local network IP).
|
|
|
05-01-2003, 01:21 PM
|
#6
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
You have told it to use:
ServerName lassie
Have you configured the router to forward the ports to the web server?
|
|
|
05-01-2003, 04:14 PM
|
#7
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
Interesting...
I initially had the router set to simply foward the appropriate ports. I decided to delete these services from the router and simply make the RH9 box the default DMZ server.
About 1 hour after making the modification to the network, the server was still unreachable from the internet. About 4 hours after that, the server became available on default ports (80, 8080, and 443) but not the Virtual Host I had defiend for lassie (port 44122). These ports were only accessible from a machine outside my home network. These ports are still not accessible from the RH9 box via the internet IP, although they are accessible via the local IP (i.e. 127.0.0.1 and 192.168.0.3).
So...
Why isn't the custom port accessable from the internet? I would assume it is something wrong with the way my virtualhost is setup. I currently have it as:
<VirtualHost lassie.no-ip.info:44122>
Additionally, the directive "Listen 44122" is also added to httpd.conf just below "Listen 8080".
Feel free to visit it. You will get the standard apache test page on ports 80, 8080, and 443. If you can actually connect to port 44122, you will get a test page asking for a username and password.
How should I modify my VirtualHost setup to fix this problem? Why is the server inaccessable from the local network via an internet IP but accessable via a local IP? Why does it take so long for the default ports to become accessable on the internet? And not that I really care, but why does WinXP keep crashing when accessing the server via a local IP?
Thanks!
|
|
|
05-01-2003, 04:23 PM
|
#8
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
I can access:
http://lassie.no-ip.info:44122/
no problem at all - Although I just get the apache test page.
Have you changed:
ServerName lassie
to:
ServerName lassie.no-ip.info
|
|
|
05-01-2003, 04:24 PM
|
#9
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
The only reason I can think that you can't get it via the external ip from inside is that your router isn't telling your local clients where to go.
|
|
|
05-01-2003, 04:53 PM
|
#10
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
I took your suggestion regarding ServerName - it is now "ServerName lassie.no-ip.info".
Would you be so kind as to try to access https://lassie.no-ip.info:44122/ again? Unfortunately, based on past experience, it may take five hours for anything to happen.
If you happen to have a lot of extra time on your hands, login (username="david_ross" password="password") and leave me a message. (The server will say you are banned. This is normal.)
I suspect your hypothesis regarding my router and ip addresses is correct.
Thanks for all your help!
|
|
|
05-01-2003, 05:21 PM
|
#12
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
I'm not sure why you got anything at all on http://lassie.no-ip.info:44122 . Try visiting http://lassie.no-ip.info:<some random port#> and see if you still get something.
Once again, here is my current modification to httpd.conf:
Code:
<VirtualHost lassie.no-ip.info:44122>
DocumentRoot /var/www/html/lassie/secure
ServerName lassie.no-ip.info
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/lassie.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/lassie.key
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Also recall that I removed the line "Listen 80" so that Tux could bind to port 80.
Assuming that accessing random port #'s on my RH9 box doesn't work, I suspect the line "Listen 44122" (just below "Listen 8080" in httpd.conf) is causing apache to put that test page where it shouldn't be. Consequently, I have removed the line. Try https://lassie.no-ip.info:44122/ again and see what happens.
|
|
|
05-01-2003, 05:39 PM
|
#13
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
I think you are right that I could access it because you had apache listeningto that port but I still can't get the https page. Unfortunately I'm not that familiar with SSL so I can't really help with that in partitcular.
|
|
|
05-01-2003, 05:43 PM
|
#14
|
Member
Registered: Feb 2003
Location: Cleveland, Ohio (USA)
Distribution: Gentoo, Kubuntu 6.06
Posts: 179
Original Poster
Rep:
|
Is there still a test page on port 44122? If so, "Listen 44122" probably was not the problem. What about on other random ports?
What happens if you go to https://lassie.no-ip.info/ ? You should, in theory, see the same test page only with a security certificate. If this it the case, SSL is working fine and it is my VirtualHost setup that needs brain surgery.
|
|
|
All times are GMT -5. The time now is 02:54 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|