Apache through firewall help

Discuss Networking
Post Reply
Copperhead
scripter
scripter
Posts: 83
Joined: Wed May 14, 2003 1:12 am
Location: Los Angeles, CA, USA

Apache through firewall help

Post by Copperhead »

I just recently upgraded my system to FC4 and I am having some problems getting apache to pass through my network's firewall.

I am using a Linksys BEFSX41 router, with my apache box set up to 192.168.1.100. Locally, I can view the apache start page, but when I hook it up through dyndns.org, it just tries to connect and then eventually fails. I can view the page on all of the other computers on my network, but it won't pass through the router to the rest of the world.

I think that i have the port forwarding set up correctly in the router's config page (I have ports 80-8080 forwarded on 192.168.1.100), and I have turned off iptables on my box. Is there something I am missing here?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

What's the address/URL? I can check it from here and see if port 80 and 8080 are listening. Your ISP doesn't block them do they? There isn't anything special required on the Linux/Apache side, I do this all the time. I have to assume it's either a misconfigured firewall or ISP blocking.

Copperhead
scripter
scripter
Posts: 83
Joined: Wed May 14, 2003 1:12 am
Location: Los Angeles, CA, USA

Post by Copperhead »

The URL is:

http://kegdaddy.kicks-ass.net

I tried to set Apache to listen to another port (85, 666, 777...tried a few), but I got the same result.

I don't think my ISP (SBC) is blocking port 80 or 8080 because it was working before I upgraded to FC4. During the install, I set it so that there is no firewall, and I had my router configured the same way before I upgraded, so I am really bafrfled as to what is going on.

Thaks for the help.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I can get to it just fine (I see your Fedora test page). I tell you what, if you don't also forward for your inside addresses you will not be able to get to your web site from the inside via the outside address. Does that make sense? What you can do is make it so your internal DNS resolves kegdaddy.kicks-ass.net as your inside address (192.168.1.100) either via an internal DNS server or via hosts files on your internal machines, or see if your firewall can also forward to your DMZ address from the inside. I have to add special rules to my shorewall configuration for this. Another way you can check this is go to an outside machine and try and get to your site. For instance, use the HTML validator and put your URL in:

http://validator.w3.org/

That's odd, I am getting a 403 forbidden message when trying to validate your web site. That would indicate configuration on your side. Here's what I get when I nmap you:

Code: Select all

$ nmap 69.230.204.183

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-09-20 18:10 CDT
Interesting ports on adsl-69-230-204-183.dsl.irvnca.pacbell.net (69.230.204.183):
(The 1651 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
443/tcp  open     https
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
4444/tcp filtered krb524
8080/tcp open     http-proxy

Copperhead
scripter
scripter
Posts: 83
Joined: Wed May 14, 2003 1:12 am
Location: Los Angeles, CA, USA

Post by Copperhead »

Thanks. I remember reading somewhere that I would have to configure internal DNS to get to it from inside the network.

If I resolved internal DNS to that address, what would happen to virtual hosts? Would I still be able to run them on the Apache server on this machine? I am kind of new to this stuff...

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Yes as long as you are using name based virtual hosts (which you are). Apache detects what name was used to get to it and that's how it knows what virtual host to serve.

Post Reply