Unable to connect to Apache at home from outside
 

I'm running Slackware 13. Apache has been configured and running. That is to say, I can access the server pages on my machine locally using the current DHCP IP address.

However I'm unable to access it from outside (say from a friends's house) using the same DHCP IP address. I read on the internet somewhere that some DSL providers disable port 80 to prevent individuals from hosting. I don't know if that's the case but I did try specifying different ports in httpd.conf and added the port number to the IP address URL but still didn't work.
I saw some LQ threads which said that the problem could be in the firewall. I don't think I have a firewall but I'm not sure. How do I know that?

I'm just trying some stuff without much concern for security at this point. I understand that a DHCP address can change but for now I don't mind entering the IP address explicitly.

Any suggestions would be much appreciated.

Thanks in advance,

Ash.

DHCP IP address, which is given by your local network devices or are you talking about dynamic public IP which is assigning by your ISP? if you want to run webserver you need static public IP and you should ask your ISP to open relevant ports(80, 443, etc), I believe for these you should pay some additional money to your ISP rather than these there are some other alternatives, if your network devices(broadband router)support with NAT and DMZ you can NAT local webserver ip and port with your dynamic public IP or otherwise you can try with dyndns

It's the dynamic public IP given by the ISP.

Does it have to be a static IP? With a dynamic IP as long as I know the current assigned IP, it should work right?

Is there a way to tell if the port 80 (or any other for that matter) is being blocked?

Could you please elaborate on NAT and DMZ? I'm not familiar with it.

Regards,

Ash.

You don't strictly have to have a public IP, but it helps. NAT (Network Address Translation) is the usual method of sharing one IP amongst multiple computers, e.g. when multiple computers in a house connect to a single DSL or cable line. What happens is that all the computers behind the router get private (RFC1918) address. The are 192.168.x.x, part of the 172.16.x.x range, and all of the 10.x.x.x range. The router has a public IP address and routes traffic between the private, internal network and the Internet. Traffic from the Internet cannot reach the internal network directly, and RFC1918 addresses are not routable. You should check and make sure that the IP address of your server is really public. Perhaps you have a combined modem/router that is issuing your box a private IP address. Or perhaps you have iptables running on your Linux box and blocking traffic ... have you checked this?

You need to log into your cable/DSL router and forward all port 80 (http) requests to the internal ip address of your server. Sometimes they call it application or game sharing, but it is port forwarding. You may have a setting for Dynamic DNS too, so you can get a free domain name to use that always points at your server.
Who is your ISP and do you have cable or xDSL ?

Also make sure your provider doesn't block port 80 on dynamic IP's

Thanks for the information. Now I realize that I have a private IP 10.x.x.x.

Given that I don't have a public IP, what are my alternatives? I don't have a separate router. My computer is just connected to the port in the wall.

Thanks and regards,

Ash.

Are you getting that from your ISP? If so, you've pretty much got an insolvable problem as you would have to have your ISP do some port forwarding, and odds are they aren't going to do that.

OK, this doesn't make a lot of sense. There has to be SOMETHING that connects you to your ISP since all ISPs require some sort of "modem". Can we ask who your ISP is and what kind of connection it is?

Yes, I'm getting it from an ISP.


Maybe the port in the wall connects to a router/modem somewhere in the building which I don't have access to. I supposedly have Comcast Business which basically serves all the apartments in a building.

That actually sounds like it might be right. I know Comcast doesn't hand out private IP addresses to its residential customers so it certainly isn't doing so to its business customers. One way to test would be to go to a site like http://www.whatismyip.com and see what your "real" IP address is.

If your building manager is amenable to it, you might ask them to forward a non-standard port to port 80 on your server. For example, if you could talk them into forwarding port 4080 to 80 on your server, you could get to your server using http://your.ip.address:4080. Of course this makes the assumption your building manager actually knows their ports from the IP addresses. I suspect they're just going to say no, in which case, you are out of luck.

Go to
http://www.whatismyip.com
to find your external IP
Then use a online portscanner to see if port 80 is open on the router.
If you don't have access to the router, I don't think you will be able to setup a webserver.

The "your.ip.address" in http://your.ip.address:4080 would actually be the public external ip address right?

It appears that none of the standard ports are open on the router.

Oh well, at least I better understand what's going on. Thank you all.

Yes, probably port 80 is blocking access to the internet. http://127.0.0.1/ (or equivalently http://localhost/) only applies to the local machine, and cannot be accessed from another machine.

Yeah, that would be the IP address that the building router gets from Comcast.

That wouldn't be surprising, and wouldn't be of any use to you even if they were. If you want to access your computer from outside your building, you absolutely, positively have to have the cooperation of whoever owns the router connected directly to Comcast.

The building owner is trying to help with port forwarding, but has security concerns that someone could reach my computer through the forwarded port and now has access to the private network and wreck havoc.

Are there ways to minimize it?
E.g. Is it possible for port forwarding to limit it to one or two external IP addresses? That is, if I know that I will be accessing from one or two external machines, and if the router only forwards requests from these known IP addresses, it might be an acceptable compromise.

Thanks,

Ashok.