|
apache works locally but not globally
I set up apache (apache2) to create a moodle server, but I can't get it to work globally. Here is the rub:
http://192.168.0.150 works beautifully, showing me the index page at /var/www http://mysite.homelinux.org (my dyndns) or http://96.49.75.14 (my current IP address) doesn't work. ssh works well globally, i.e. ssh -l myname mysite.homelinux.org works. pinging mysite.homelinux.org works without a problem. Ports 22, 80 and 443 are open on my router (checked my router's settings). I use ubuntu 10.4. Is it an iptables problem, as in http://www.linuxquestions.org/questi...achine-750157/ ? But I couldn't figure out the iptables manpage. Please help if you can. |
Did you forward port 80 from your router to 192.168.0.150 ?
What address(es) is Apache listening on (netstat -nap | grep -E "LISTEN.*(httpd|apache)")? |
Thanks! Great question. I just looked at a screenshot and it looks like port 22 (ssh) is forwarded to 192.168.0.150 while port 80 is forwarded to 0.0.0.0. I'll change it when I get home and report on whether that fixes the problem.
|
Yeah you have to make sure port 80 is forwarded to the correct ip address. I know this because I spent around 6 hours last month having the exact same problem lol.
Justin |
No luck though! In the advanced tab of my router, I changed
Virtual Server HTTP 0.0.0.0 TCP 80/80 always to Virtual Server HTTP 192.168.0.150 TCP 80/80 always, expecting triumph, but it turned out the problem didn't go away. http://192.168.0.150 still works beautifully, http://96.49.75.14 (my current IP address) or http://myname.homelinux.org (my dyndns) don't ("The server at 96.49.75.14 is taking too long to respond") What else needs to be checked? |
Are you accepting the incoming connections on your router? If you have blocked them then there is no meaning in forwarding them.
And I am not able to ping your ip address. |
Sorry, I should have mentioned that I changed the temporary IP address just a bit because I didn't know if it would be a security risk to put it on a public forum. I tried pinging it and it works fine (again, I changed the IP address a bit).
ping -c 4 96.49.75.14 PING 96.49.75.14 (96.49.75.14) 56(84) bytes of data. 64 bytes from 96.49.75.14: icmp_seq=1 ttl=127 time=2.90 ms 64 bytes from 96.49.75.14: icmp_seq=2 ttl=127 time=2.90 ms 64 bytes from 96.49.75.14: icmp_seq=3 ttl=127 time=2.95 ms 64 bytes from 96.49.75.14: icmp_seq=4 ttl=127 time=2.93 ms --- 96.49.75.14 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.900/2.924/2.951/0.043 ms Then: ping -c 4 myname.homelinux.org PING myname.homelinux.org (96.49.75.14) 56(84) bytes of data. 64 bytes from S01060014c20eff70.vc.shawcable.net (96.49.75.14): icmp_seq=1 ttl=1 27 time=1.18 ms 64 bytes from S01060014c20eff70.vc.shawcable.net (96.49.75.14): icmp_seq=2 ttl=1 27 time=2.57 ms 64 bytes from S01060014c20eff70.vc.shawcable.net (96.49.75.14): icmp_seq=3 ttl=1 27 time=2.94 ms 64 bytes from S01060014c20eff70.vc.shawcable.net (96.49.75.14): icmp_seq=4 ttl=1 27 time=2.92 ms --- myname.homelinux.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 1.184/2.408/2.946/0.724 ms I just went into my router again and found a filters tab. It says TCP 80 always with IP range *, but it seems to be `disabled'. I enabled it and tried http://96.49.75.16 no luck, so I changed it back to disabled (and it still doesn't work). |
I just tried https://www.grc.com/x/ne.dll?bh0bkyd2 (Shield Up) and it appears that my ISP is blocking port 80. I guess I'll have to talk to them (Shaw).
|
All right. I went through ShieldsUP and you were right, they can ping me, but they can't get through at port 80. So I talked to my internet service provider, Shaw, and they said:
Quote:
I ran "netstat -nap" and looked for apache in the output. There was nothing. Is that the problem? |
I use Shaw cable in the greater Vancouver area, and have run a HTTP server on port 80 for years. Other people that I know do the same.
Your problem may be at the router, or on your local LAN, or on your web server. To isolate, first start by listening with something non-apache, like netcat (nc). Turn off Apache, temporarily, and run Code:
nc -p 80 -l -vvIf you can provide more details about your router and what configuration you've performed to set up for your web server, perhaps someone can identify a problem there. If you had used a Linux based firewall, I think many people could advise you. ---- rod. |
Thanks. Yes, it isn't Shaw. (And I don't think it is my router.) I think it has to do with my apache setup, but I still can't find the problem. I added
Quote:
Quote:
Quote:
Quote:
Quote:
BTW, my hostname and `myname' in the servername myname.homelinux.org are not identical. I am quite foggy on hostnames, servernames, domainnames and their black magic, so I thought I'd mention it. I also found a very nice website which demonstrates my problem. http://ping.eu/ will ping myname.homelinux.org without a problem, but when I do their port check it shows me that my port 80 is closed. |
Okay, apparently different versions of netcat have different arguments. On my Fedora 9 host, this works:
Code:
sudo nc -l -vv 80Code:
$ wget http://192.168.0.11Code:
Connection from 192.168.0.17 port 80 [tcp/http] acceptedCode:
--2010-05-22 13:17:50-- http://192.168.0.11/Hope this helps. --- rod. |
I ran
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Please keep helping. You guys have been awesome so far. |
I ran
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Please keep helping. You guys have been awesome so far. |
Quote:
But did you set the "ServerName" in the http.conf file? Are you using VirtualHosts? If you're forwarding the right ports to the right ip then maybe the conf file is the issue? Have you tried hitting your site with your external ip yet? |
So now we have learned that the router is probably not forwarding from the WAN side of your connection. In a Linux based firewall, we would normally do this in two stages:
1. mangle the packet, so that the destination port is now the port used by the server. 2. re-send the packet on the LAN interface, to the LAN server host. Do these steps make any sense in terms of how your router setup is done? Are you sure that some other rule is not swallowing the packet in the router, or sending it somewhere else? --- rod |
I did not change the apache conf files at all except add
Quote:
Quote:
I put a screenshot of my router settings at http://www.streetgreek.com/anderson/di-624.png |
I didn't add anything to my apache configuration files except
# added servername to avoid the could not determine fqdn error ServerName myname.homelinux.org to apache2.conf. So if I need to do anything else please let me know. (Although, as I said, apache works locally.) Here is a screenshot of my router settings: http://www.streetgreek.com/anderson/di-624.png (And ssh-ing in works from an external computer, so port 22 is open, which is confirmed by doing a port check on http://ping.eu/port-chk/, whereas port 80 is closed, also confirmed by http://ping.eu/port-chk/ -- ) |
Quote:
But have you tried turning off your firewall on your gateway/router to see if that works? That way you can see if its a firewall issue or if its a forwarding issue.... |
Quote:
--- rod. |
I just found out that if I turn on Remote Management on my router (on port 80), it opens up port 80, but the http://myname.homelinux.org goes to my router, not to my apache index page. So the router seems to be fine, now I just need to figure out how to forward it to my desktop.
|
I just found out that there is a tiny button I needed to enable on the router, which I failed to do. Problem solved. Many thanks!
|
For the benefit of others who may read this in the future, (and for my curiosity) can you give enough detail about the tiny, but magical, button that others may not fall victim to the same trap?
--- rod. |
You can see it on my screenshot provided above. You need to click on the edit icon for the http virtual server and then click on `enable'. Then the square box next to the virtual server line will be checked rather than unchecked (which it is in the screenshot). Thanks again for your help. Couldn't do it without you guys.
|
| All times are GMT -5. The time now is 08:30 AM. |