Jump to content

Can't access Web Server from Internet ???


Relic2K
 Share

Recommended Posts

:x I have ran local web servers before, but suddenly using Apache 1.3.26, on Mandrake 9.0. Now no one can get to it from the Internet. We can access it from the LAN just fine. I am using Guarddog FW, but have both opened up the ports on it for Web Traffic, and I have also just diabled it all together. I also have a Linksys Cable/DSL Router (BEFSR41) and for now I have just put myself in the DMZ to try to figure out why this is happening. Like I said, I have run Web Sites from my own maching using apache and have never had so much problems like I am this time. I can even run dedicated gaming servers with no problems. Here is my /etc/httpd.conf file.

 

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerType standalone

ServerRoot /etc/httpd

ServerName webserver.no-ip.org

ServerTokens ProductOnly

HostnameLookups on

#LockFile /etc/httpd/httpd.lock

PidFile /var/run/httpd.pid

ScoreBoardFile /etc/httpd/httpd.scoreboard

ErrorLog logs/error_log

LogLevel warn

ResourceConfig /dev/null

AccessConfig /dev/null

DocumentRoot /var/www/html

 

 

### Dynamic Shared Object (DSO) Support

### 

###

#LoadModule mmap_static_module modules/mod_mmap_static.so

LoadModule env_module        modules/mod_env.so

LoadModule config_log_module  modules/mod_log_config.so

LoadModule agent_log_module  modules/mod_log_agent.so

LoadModule referer_log_module modules/mod_log_referer.so

#LoadModule mime_magic_module  modules/mod_mime_magic.so

LoadModule mime_module        modules/mod_mime.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule status_module      modules/mod_status.so

LoadModule info_module        modules/mod_info.so

LoadModule includes_module    modules/mod_include.so

LoadModule autoindex_module  modules/mod_autoindex.so

LoadModule dir_module        modules/mod_dir.so

LoadModule cgi_module        modules/mod_cgi.so

LoadModule asis_module        modules/mod_asis.so

LoadModule imap_module        modules/mod_imap.so

LoadModule action_module      modules/mod_actions.so

#LoadModule speling_module    modules/mod_speling.so

LoadModule userdir_module    modules/mod_userdir.so

LoadModule proxy_module      modules/libproxy.so

LoadModule alias_module      modules/mod_alias.so

LoadModule rewrite_module    modules/mod_rewrite.so

LoadModule access_module      modules/mod_access.so

LoadModule auth_module        modules/mod_auth.so

LoadModule anon_auth_module  modules/mod_auth_anon.so

#LoadModule dbm_auth_module    modules/mod_auth_dbm.so

#LoadModule db_auth_module    modules/mod_auth_db.so

LoadModule digest_module      modules/mod_digest.so

#LoadModule cern_meta_module  modules/mod_cern_meta.so

LoadModule expires_module    modules/mod_expires.so

LoadModule headers_module    modules/mod_headers.so

LoadModule usertrack_module  modules/mod_usertrack.so

#LoadModule example_module    modules/mod_example.so

#LoadModule unique_id_module  modules/mod_unique_id.so

LoadModule setenvif_module    modules/mod_setenvif.so

<IfDefine HAVE_PHP4>

LoadModule php4_module    extramodules/libphp4.so

</IfDefine>

<IfDefine HAVE_SXNET>

LoadModule sxnet_module    extramodules/mod_sxnet.so

</IfDefine>

<IfDefine HAVE_SSL>

LoadModule ssl_module    extramodules/libssl.so

</IfDefine>

LoadModule vhost_alias_module  modules/mod_vhost_alias.so

 

#  Reconstruction of the complete module list from all available modules

#  (static and shared ones) to achieve correct module execution order.

#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]

ClearModuleList

#AddModule mod_mmap_static.c

AddModule mod_env.c

AddModule mod_log_config.c

AddModule mod_log_agent.c

AddModule mod_log_referer.c

#AddModule mod_mime_magic.c

AddModule mod_mime.c

AddModule mod_negotiation.c

AddModule mod_status.c

AddModule mod_info.c

AddModule mod_include.c

AddModule mod_autoindex.c

AddModule mod_dir.c

AddModule mod_cgi.c

AddModule mod_asis.c

AddModule mod_imap.c

AddModule mod_actions.c

#AddModule mod_speling.c

AddModule mod_userdir.c

AddModule mod_proxy.c

AddModule mod_alias.c

AddModule mod_rewrite.c

AddModule mod_access.c

AddModule mod_auth.c

AddModule mod_auth_anon.c

#AddModule mod_auth_dbm.c

#AddModule mod_auth_db.c

AddModule mod_digest.c

#AddModule mod_cern_meta.c

AddModule mod_expires.c

AddModule mod_headers.c

AddModule mod_usertrack.c

#AddModule mod_example.c

#AddModule mod_unique_id.c

AddModule mod_so.c

AddModule mod_setenvif.c

<IfDefine HAVE_PHP4>

AddModule mod_php4.c

</IfDefine>

<IfDefine HAVE_SXNET>

AddModule mod_sxnet.c

</IfDefine>

<IfDefine HAVE_SSL>

AddModule mod_ssl.c

</IfDefine>

AddModule mod_vhost_alias.c

 

###

### Global Configuration

###

# We now support multiple apache configurations on the same server. In 

# common.conf, we put all directives that are common to all implementations

# (httpd, httpd-perl, etc.)

Include conf/commonhttpd.conf

 

 

###

### IP Address/Port and Proxied configuration section

###

# The APACHEPROXIED setting can be set in /etc/rc.d/init.d/httpd if you

# are using a proxy or accelerator, like the Apache-SGI or khttpd, so that

# the fast web server serves static content while Apache handles the 

# cgi or php files

 

BindAddress x.x.x.x

#<IfDefine APACHEPROXIED>

#    Port 8080

#    Listen 8080

#</IfDefine>

#<IfDefine !APACHEPROXIED>

#    Port 8080

#    Listen 8080

#</IfDefine>

Listen x.x.x.x:80

 

# Likewise, we can set apache as the server by default and send perl

# requests via ProxyPass to apache-mod_perl. It increases performance

# since the perl interpreter is only used for perl and the standard apache

# does all the html and image files, with a smaller footprint.

#

# If you install apache and apache-mod_perl, this is the default config.

# If you don't want two web servers to use perl, uninstall apache, and

# apache-mod_perl will not be proxied.

 

<IfDefine PERLPROXIED>

    RewriteEngine on

    RewriteRule ^proxy:.*  -  [F]

    RewriteRule ^(.*/perl/.*)$  http://%{HTTP_HOST}:8200 [P]

    RewriteRule ^(.*/cgi-perl/.*)$  http://%{HTTP_HOST}:8200 [P]

</IfDefine>

 

###

### Log configuration Section

###

 

#Single logfile with access, agent and referer information

#This is the default, if vlogs are not defined for the main server

CustomLog logs/access_log combined env=!VLOG

#If VLOG is defined in conf/vhosts/Vhost.conf, we use this entry

CustomLog "|/usr/sbin/advxsplitlogfile" vhost env=VLOG

 

 

###

### Virtual Hosts 

###

# We include different templates for Virtual Hosting. Have a look in the 

# vhosts directory and modify to suit your needs.

Include conf/vhosts/Vhosts.conf

#Include conf/vhosts/DynamicVhosts.conf

#Include conf/vhosts/VirtualHomePages.conf

 

 

###

### Performance settings Section

###

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

 

#

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

 

#

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

#

KeepAliveTimeout 15

 

#

# Server-pool size regulation.  Rather than making you guess how many

# server processes you need, Apache dynamically adapts to the load it

# sees --- that is, it tries to maintain enough server processes to

# handle the current load, plus a few spare servers to handle transient

# load spikes (e.g., multiple simultaneous requests from a single

# Netscape browser).

#

# It does this by periodically checking how many servers are waiting

# for a request.  If there are fewer than MinSpareServers, it creates

# a new spare.  If there are more than MaxSpareServers, some of the

# spares die off.  The default values are probably OK for most sites.

#

MinSpareServers 4

MaxSpareServers 10

 

#

# Number of servers to start initially --- should be a reasonable ballpark

# figure.

#

StartServers 4

 

#

# Limit on total number of servers running, i.e., limit on the number

# of clients who can simultaneously connect --- if this limit is ever

# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.

# It is intended mainly as a brake to keep a runaway server from taking

# the system with it as it spirals down...

#

MaxClients 150

 

#

# MaxRequestsPerChild: the number of requests each child process is

# allowed to process before the child dies.  The child will exit so

# as to avoid problems after prolonged use when Apache (and maybe the

# libraries it uses) leak memory or other resources.  On most systems, this

# isn't really needed, but a few (such as Solaris) do have notable leaks

# in the libraries. For these platforms, set to something like 10000

# or so; a setting of 0 means unlimited.

#

# NOTE: This value does not include keepalive requests after the initial

#      request per connection. For example, if a child process handles

#      an initial request and 10 subsequent "keptalive" requests, it

#      wo#

MaxRequestsPerChild 500

 

Include  conf/addon-modules/php.conf

Include conf/mailman.conf

Include  conf/ssl/mod_ssl.conf

Include  conf/ssl/ssl.default-vhost.conf

uld only count as 1 request towards this limit.

 

Most of it is just the default settings, and I have tried a few combinations in the Global Settings, but anyone who tries to connect get permission denied or files can't be accessed error, with either the redirect or just using the IP Address directly. I have tried changing the file permissions /var/www from ROOT to Apache, but this didn't seem to do anything either. Anyone else have any ideas ? I am mega stumped on this one. Thanks.

Link to comment
Share on other sites

The problem is not your webserver the problem is the linksys router!

I had the same type of headache a year ago, solved it by ditching that piece of c$#%

 

what I did was set up a 3-way linux router with 3 ethernet cards 1 card connected to the dsl modem

one card connected to a DMZ using global ipaddress

and one card connected to a private LAN masqueraded of course

the firewall/routeing software is Shorewall avail at shorewall.net

 

but I might just with replace the firewall with my own handwritten one in the next couple of days just "Becuase" (To see if I got the hang of iptables now)

 

I know you probably dont fell up to doing what I did but.....

perhaps you don't have to

 

1. are you using Global ip addresses? if so Ditch the Linksys it wont work, none of those smalltime routers will for a Global IP

 

2. if you are using a private ip and NAT through the Linksys thats about the only way it'll work what you'll be doing is "Portforwarding"

 

write back and I'll help

Link to comment
Share on other sites

Yes I am using Private Network address range and Port forwarding on the Linksys. I use to run a webserver using linux, and never had any problems with the router before. That is until I moved from Canada to the US, then I let Cox host my personal site. Now I want to create another one on my own box, and since I moved to Mandrake 9, it has been giving me problems suddenly.

Link to comment
Share on other sites

Guest LinuxExplorer

Oh yeah...I forgot about the ISP. Cable internet providers are notorious for this. Some will even cut you off temporarily until you turn the web server off. You have to really read the fine print in some of those contracts. Cable internet providers are usually worse about it since they dislike someone doing any unusual amount of time or sustained uploads. If you call into their tech support and the tech(s) you usually talking to sound like they're reading from a script, request to talk to a local or higher level tech. If there isn't one....ask immediately if they block port 80.

Link to comment
Share on other sites

I put myself on the DMZ, so all ports should automatically be forwarded to my linux box. I still can't access it from work either. I am going to disconnect my router when I get a chance. Maybe this weekend. Just to see if it is Cox Cable or me. From there I can trouble shoot the problem...hopefully.

Link to comment
Share on other sites

I really didn't have much time last night, but I took the router out of the loop, put another NIC in the box. I was able to get the LAN working just fine, but for some reason, I could not get my Cable setup on eth0/eth1. It didn't seems to retreive the IP Address using DHCP, and if I tried to go static, it didn't work either. So I plugged the router back into the network, removed the second NIC, and finally got things back up and running. This morning, I reset the router totally, then ran into problems getting an IP Address again. I finally did though. I still can't access the Website now. I really wish ISPs would give more space for Web Hosting. I will play with it on saturday when I actually have more time.

Link to comment
Share on other sites

Guest LinuxExplorer

You might not be able to acquire an IP address with the cable modem connected directly to the NIC possibly because the ISP authenticates via the media access control address on the NIC, or rather in your case, the router MAC. When you tried via the different port (9000), are you sure the DNS entry for your computer was correct? I'll PM you on the address it resolves to.Of course, this may all just lie in the router itself as tezca suggested. If that's the case and you go with a different router and can no longer connect, then I'm pretty sure your ISP uses the MAC address to authenticate.

Link to comment
Share on other sites

I understand what you are saying about the MAC authentication. I have change the MAC on the Router to the NIC MAC to get authenticated by Cox. I have moved NICs around before from puter to puter, and I will no longer be able to connect. So I do understand what you are saying. As to what my address resolves to, is beyond me. I do run a pretty tight firewall and block all ICMP at the router. I do have all 3 ISP DNS entries in my /etc/resolv.conf. If I use the NIC (Same MAC as what the router was set to) removing the router all together, should I not be able to connect directly to the Modem, and configure DHCP to get my connection running again ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...