Apache works locally (on LAN) but not remotely (Internet)

ktulu

Ok...

I've got a linux box setup at work with apache running along with a few other services. On the LAN at work I have no problems whatsoever. Web, SSH, VNC, etc all work fine. We have a DSL connection and I've got my box set under the DMZ (so any incoming requests from the internet to the router are forwarded to the box). Now... I can SSH in from the internet to the box without a problem. I can VNC in without a problem. But for some reason, I can't pull up the website. IE just times out and I've tried using lynx from other places and they do the same.

I don't quite get it. On the local box I can load up the page with either IP address (the one of the box on the LAN 192.168.7.x and the internet connection). Something doesn't seem quite right. Could it possibly be a problem with the Linksys router just with port 80? I know apache can be configured to only allow local IP's to retreive websites, but I figure apache is configured correctly if I can enter in the IP address of the inet connection and it still work from localhost.

I'm not able to figure out (nor do I really know how) if the box is actually receiving the http requests and denying/not responding for some reason, or are the requests just not getting to it. I've tried using netstat to try and see if I can figure anything out but I admit, attempting to figure that out is a bit beyond my ability. I've checked the apache logs (error_log) and have not noticed any entries coming from machines other than ones on the LAN and the timestamp is when I was still at work, so it seems as though the packets aren't even getting to the linux box.

I've been messing around with the box turning off services here and there to try and increase security but I don't think anything I've done will cause these symptoms. It used to work just dandy for awhile then stopped. Any ideas?

ahundiak

I am far from an expert on this subject but the address 192.168.7.x seems like it be a non-routable address which means you cannot use it over the internet.

But you said you could ssh to it? So from home you can
ssh 192.168.7.x
That seems strange.

Try
telnet 192.168.7.x 80
And see if you get any response (a telnet prompt). The will tell you positivily if port 80 is open or closed.

ktulu

192.168.7.x is the class C they chose to use for the internal LAN, instead of 192.168.0.x or 1.x, and you're right, it's not routable directly, which is why I have that box on the DMZ of the Linksys DSL router.

From home I don't do ssh 192.168.7.x, I use the IP address that the Linksys gets from Verizon for the DSL, which happens to be a 151.198.x.x number. Same goes for all other services: VNC, HTTP, etc...

I've tried the telnet trick. Again, it's the same response. From the box if I do a telnet 192.168.7.x 80 or telnet 151.198.x.x 80 it responds, but if I do it from home (obviously with the 151.198.x.x internet address) it will not respond. Seems like it's only port 80 that's not being forwarded or something. 😕

The only thing that I can think of doing which will help troubleshoot will be to get on another PC on that LAN and try accessing the box via http. If it works, I know it's a Linksys problem, if not, it's probably apache. Unfortunately I can't login to any other machines on the LAN (they're all Windows). I'll have to wait till Monday.

ktulu

Well figured out the problem. Posted same problem on another forum and someone suggested my ISP was blocking port 80. I said, nah couldn't possibly be that, it worked fine the other day.

Changed 'Listen' port in httpd.conf and bingo, it works. Damn Verizon. ::mutters under breath::

Only question now is what is a 'standard' port to use for this since 80 is blocked. 8080? Is there any typical port admins use for webservers when 80 is blocked? Thanks again for all the help.

dalecosp

Hmmm, 8080 would be second most oft-used, I expect.

Question is, what's a guy to do? Browsers don't do it by default...are you gonna promote your website as [url]www.mysite.com:8080?[/url]

#include disclaimer.h

Maybe point the DNS at some other page, not on Verizon, that redirects to yourIP:8080 ?

Boy, I dunno....

miahfost

You may be able to point the document root to another port through Apache's virtual host directive in httpd.conf.

Just a thought.

keith73

Originally posted by ktulu
Well figured out the problem. Posted same problem on another forum and someone suggested my ISP was blocking port 80. I said, nah couldn't possibly be that, it worked fine the other day.

Changed 'Listen' port in httpd.conf and bingo, it works. Damn Verizon. ::mutters under breath::

ISP's will not typically allow services like web hosting through a DSL, or cable line. Too much bandwidth. What type of DSL line do you have, ADSL, SDSL? That's important because you want people hitting your site to read pages with little or no wait time. If your DSL is not the same speed going in and out, then your viewers will have problems loading pages.

You most definitely do not want to be running a web site off a DSL pipe, try T1 or better. My experience with 4 different DSL providers is that it is unstable and unreliable for critical applications like web hosting. It's up it's down, it's up it's down....

If it's just a production server for office workers to login from home or something, then sure, use it and specify the port, otherwise, you need a more reliable connection.

dalecosp

While I would agree that a T1 is a much better link for web hosting, several companies do allow hosting on broadband, particularly if it's a "high end" package. Cox/TCA, for example allows servers on business accounts....

It it much easier to gain bandwidth from the overlords if it costs $60/month instead of $600.....

miahfost

Perhaps another route to take is to get a remote or co-located server. You can get them for about $75 per mo. and then run anything you want on them. Many come pre-installed with Apache, php4, etc.

Then you do not need to pay expensive fees for a T1, purchase a static IP, or rely on the ISP's connection. Plus you can do virtual hosting and host multiple domains.

Just my 2 cents.

pakman

Is there any typical port admins use for webservers when 80 is blocked?

Not really, 8080 is a port usually used for web-proxies(3128/1080 are others). If your ISP blocks port 80 they more than likely block port 8080 also. You could try port 443 which is https but the best thing to do is pick some easily memorable port (e.g. 666, 69, etc) and use that. If they block port 80 it is probably against their AUP to run servers so you could be booted off for running a webserver, even on a non-standard port.

You most definitely do not want to be running a web site off a DSL pipe, try T1 or better.

It depends on many things, how busy the site is, quality of dsl in your area, cost etc. In Germany atm it isnt worth buying an E1/T1 as you can get 2mbit SDSL with better latency thats just as reliable for about 1/10th the cost.