Make apache/httpd listen to a local IP only.

turalo · 10-13-2014, 06:43 AM

Hi guys,

I'm stuck with this problem.

I have a server that is on publick IP.

this server has only publick acces to ports 5060 and 10000-20000, voip traffic.

I have blocked all other ports from outside with IP tables.

Now, I want to make sure that the webserver/httpd listens only to IP 192.168.1.1

because I have a vpn pptpd on this server, so when I need to config something on webinterface I would make vpn connection to the server, server will give me 192.x.x.x IP, and I will be able to reach the web gui on 192.168.1.1

so when I go to /etc/httpd/conf/httpd.conf

change the listing settings to the local IP, then I get this :

root@pbx:~ $ service httpd start
Starting httpd: (99)Cannot assign requested address: make_sock: could not bind to address 192.168.1.1:9080
no listening sockets available, shutting down
Unable to open logs

this is my config :

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
#Listen *:80
Listen 192.168.1.1:9080
Listen *:9080

----

just for the info.

If I comment the listen IP setting

and start httpd normally with port 9080 it works fine, but then it's vailable on public IP and also on local IP 192. so I know that my httpd works fine on defined port 9080.

please help / advise.

thanks in advance.

bathory · 10-13-2014, 12:23 PM

Hi,

You should make sure that you only have the following "Listen" directive in httpd.conf

Code:

Listen 192.168.1.1:9080

Regards

turalo · 10-13-2014, 03:36 PM

Same result.

root@localhost:~ $ service httpd start
Starting httpd: (99)Cannot assign requested address: make_sock: could not bind to address 192.168.1.1:9080
no listening sockets available, shutting down
Unable to open logs
[FAILED]

bathory · 10-14-2014, 12:42 AM

These should be another "Listen...' directive directive, perhaps in an included file. You didn't say your distro, but you can run:

Code:

find /etc/httpd/conf  -type f -exec grep 9080 {} /dev/null \;

to check

You can also stop apache and run:

Code:

netstat -tanpl|grep 9080

to see if there is some other instance listening on that port

turalo · 10-14-2014, 04:25 AM

Quote:

Originally Posted by bathory

These should be another "Listen...' directive directive, perhaps in an included file. You didn't say your distro, but you can run:

Code:

find /etc/httpd/conf  -type f -exec grep 9080 {} /dev/null \;

to check

You can also stop apache and run:

Code:

netstat -tanpl|grep 9080

to see if there is some other instance listening on that port

I have only 1 place where it's set :

root@localhost:/var/log/asterisk $ find /etc/httpd/conf -type f -exec grep 9080 {} /dev/null \;
/etc/httpd/conf/httpd.conf:#Listen 192.168.1.1:9080
/etc/httpd/conf/httpd.conf:Listen *:9080
root@localhost:/var/log/asterisk $

and no there is no other instance that listens to that port.

bathory · 10-14-2014, 08:07 AM

Quote:

I have only 1 place where it's set :

root@localhost:/var/log/asterisk $ find /etc/httpd/conf -type f -exec grep 9080 {} /dev/null \;
/etc/httpd/conf/httpd.conf:#Listen 192.168.1.1:9080
/etc/httpd/conf/httpd.conf:Listen *:9080
root@localhost:/var/log/asterisk $

and no there is no other instance that listens to that port.

Is that IP (192.168.1.1) the IP of your box?
What is the output of

Code:

ifconfig