LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-05-2004, 02:46 PM   #1
rsmereka
Member
 
Registered: Jul 2003
Location: Southwestern Ontario, Canada
Distribution: LFS, OpenBSD, UBPorts, MX, Gentoo
Posts: 85
Blog Entries: 3

Rep: Reputation: 17
Apache Not Responding Behind a Firewall


Background:

Libranet (Debian) 2.8.1 (Kernel 2.4.22)
Apache 1.3.27

I am trying to get a web server on the internet. I have a fixed IP address from my ISP. I also have a fiirewall/router that forwards. The ftp server on the same machine is fine and is accessable from the internet.

Apache is running fine. No issues with the Apache logs or the Linux logs. When I use a browser and type the IP address of the machine in the browser address field of another machine, the website appears no problem. However, when I try to access the web server from the internet, the browser either stalls or times out. I have an old IIS server sitting here that has been servicing the internet on my network for years. I think the issue is with Apache and 'ServerName'. Does this have to match a DNS resolvable name? What about being behind a firewall? What about using 'VirtualName' to simulate the proper domain name?

This is my first attempt at Linux Apache on the internet. Please help.

Rick
 
Old 11-05-2004, 03:54 PM   #2
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
Do you get a static-ip from the router or through DHCP???

Set up portforwarding rules : port 80 [also NAT] on your router to your static-ip[intranet].

Start Apache bound to the static-ip:80

Make sure your Ip-tables firewall [on you comp box] is accepting connections from the internet and also httpd.conf is also configured to do the same..
 
Old 11-05-2004, 06:59 PM   #3
rsmereka
Member
 
Registered: Jul 2003
Location: Southwestern Ontario, Canada
Distribution: LFS, OpenBSD, UBPorts, MX, Gentoo
Posts: 85

Original Poster
Blog Entries: 3

Rep: Reputation: 17
Thanks for the reply,

Static Internet IP is from ISP, static IP on web server machine is hard coded, no DHCP is in use.

Port forwarding rules on the router are in place for http (80) and ftp (20&21). Ftp server is fine, can connect from inside the firewall or outside.

Isn't Apache already bound to staticIP:80 by default? If not, what statement in 'httpd.conf' changes this?

The firewall is Netopia (hardware) not IP-tables. How do I configure 'httpd.conf' to accept connections from the Internet?

Rick
 
Old 11-05-2004, 07:29 PM   #4
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
Ip-Tables is the software firewall in linux, make sure if it's accepting incoming connections from the internet.. I don't have any idea as to what the default firewall is in Libranet, wait WWW.distrowatch say's Iptables ,so check if its running on your system.

Stop the firewall, for the purpose of testing, you can later configure the firewall rule's once you get Apache going..
 
Old 11-05-2004, 07:50 PM   #5
rsmereka
Member
 
Registered: Jul 2003
Location: Southwestern Ontario, Canada
Distribution: LFS, OpenBSD, UBPorts, MX, Gentoo
Posts: 85

Original Poster
Blog Entries: 3

Rep: Reputation: 17
Upon installation, the IP tables firewall is disabled by default in Libranet and I did not turn it on because of the hardware firewall.

So, how do I bind Apache to the static IP on port 80 and how do I modify 'httpd.conf' to accept connections from the Internet?

Rick
 
Old 11-05-2004, 10:00 PM   #6
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
Check for the "Listen" line and put your static-ip-addr.

Listen static-ip-addr:80

I dont think you need to change anything in httpd.conf for allowing access from the internet unless you manually modified it ...
 
Old 11-05-2004, 10:36 PM   #7
jon_k
Member
 
Registered: Jul 2003
Location: Fort Worth, Texas
Distribution: Mepis Linux 2004
Posts: 547

Rep: Reputation: 30
Also check to see if there is anything in /etc/hosts.deny, and /etc/hosts.allow

Some distros put a rule in each that effectivly blocks all incoming connections on all ports.

I learned this the hard way after reinstalling a distribution (mepis) over 4 times (a different version each time)
 
Old 11-05-2004, 11:01 PM   #8
rsmereka
Member
 
Registered: Jul 2003
Location: Southwestern Ontario, Canada
Distribution: LFS, OpenBSD, UBPorts, MX, Gentoo
Posts: 85

Original Poster
Blog Entries: 3

Rep: Reputation: 17
I checked that eariler today. That's how I got ftp working from machines inside the firewall. I modified
'hosts.allow' to read:

apache: ALL: ALLOW
proftpd: ALL: ALLOW
ALL: ALL: DENY

I assume that these are read in order...yes? If not, that could be the cause. Also since I decided to use
the newer syntax, I renamed 'hosts.deny'.

Rick
 
Old 11-06-2004, 04:22 PM   #9
rsmereka
Member
 
Registered: Jul 2003
Location: Southwestern Ontario, Canada
Distribution: LFS, OpenBSD, UBPorts, MX, Gentoo
Posts: 85

Original Poster
Blog Entries: 3

Rep: Reputation: 17
I got it working. Thanks to everyone who responded.

I did not get Apache to respond through conventional means however. Everything I tired resulted in
Apache not to respond when I hit the server from the Internet. The server, however does respond properly
when you hit it from the Intranet.

I got it working by using a Proxy server on a Windows machine (it does both outgoing on incoming) to
redirect all requests on port 80 to the Linux machine. I am not completly happy with this solution but at
least it is working. One negative side effect is that the Apache logs show all requests from the Internet
coming from the proxy.

One day, I'll rip the whole thing apart and put the web and ftp server in front of the firewall where they
belong. That will mean I will have to create a DMZ though. Any suugestions on where to begin
researching this?

Thanks again
Rick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2 & Firewall Phonics3k Linux - Networking 3 02-15-2005 10:41 AM
Apache stops responding after several hours. seedsca Linux - Networking 6 03-29-2004 04:18 AM
Apache Not responding wgollie Linux - General 5 02-02-2004 02:07 AM
Firewall still responding to ping azebuski Linux - Security 2 01-28-2004 03:05 PM
Apache slow through firewall nkendrick Linux - Networking 0 11-04-2003 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration