Relic2K Posted February 9, 2003 Report Share Posted February 9, 2003 :x I have ran local web servers before, but suddenly using Apache 1.3.26, on Mandrake 9.0. Now no one can get to it from the Internet. We can access it from the LAN just fine. I am using Guarddog FW, but have both opened up the ports on it for Web Traffic, and I have also just diabled it all together. I also have a Linksys Cable/DSL Router (BEFSR41) and for now I have just put myself in the DMZ to try to figure out why this is happening. Like I said, I have run Web Sites from my own maching using apache and have never had so much problems like I am this time. I can even run dedicated gaming servers with no problems. Here is my /etc/httpd.conf file. ### Main Configuration Section### You really shouldn't change these settings unless you're a guru ### ServerType standalone ServerRoot /etc/httpd ServerName webserver.no-ip.org ServerTokens ProductOnly HostnameLookups on #LockFile /etc/httpd/httpd.lock PidFile /var/run/httpd.pid ScoreBoardFile /etc/httpd/httpd.scoreboard ErrorLog logs/error_log LogLevel warn ResourceConfig /dev/null AccessConfig /dev/null DocumentRoot /var/www/html ### Dynamic Shared Object (DSO) Support ### ### #LoadModule mmap_static_module modules/mod_mmap_static.so LoadModule env_module modules/mod_env.so LoadModule config_log_module modules/mod_log_config.so LoadModule agent_log_module modules/mod_log_agent.so LoadModule referer_log_module modules/mod_log_referer.so #LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule status_module modules/mod_status.so LoadModule info_module modules/mod_info.so LoadModule includes_module modules/mod_include.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so LoadModule cgi_module modules/mod_cgi.so LoadModule asis_module modules/mod_asis.so LoadModule imap_module modules/mod_imap.so LoadModule action_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule proxy_module modules/libproxy.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule anon_auth_module modules/mod_auth_anon.so #LoadModule dbm_auth_module modules/mod_auth_dbm.so #LoadModule db_auth_module modules/mod_auth_db.so LoadModule digest_module modules/mod_digest.so #LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so #LoadModule example_module modules/mod_example.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so <IfDefine HAVE_PHP4> LoadModule php4_module extramodules/libphp4.so </IfDefine> <IfDefine HAVE_SXNET> LoadModule sxnet_module extramodules/mod_sxnet.so </IfDefine> <IfDefine HAVE_SSL> LoadModule ssl_module extramodules/libssl.so </IfDefine> LoadModule vhost_alias_module modules/mod_vhost_alias.so # Reconstruction of the complete module list from all available modules # (static and shared ones) to achieve correct module execution order. # [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO] ClearModuleList #AddModule mod_mmap_static.c AddModule mod_env.c AddModule mod_log_config.c AddModule mod_log_agent.c AddModule mod_log_referer.c #AddModule mod_mime_magic.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_status.c AddModule mod_info.c AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_asis.c AddModule mod_imap.c AddModule mod_actions.c #AddModule mod_speling.c AddModule mod_userdir.c AddModule mod_proxy.c AddModule mod_alias.c AddModule mod_rewrite.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_auth_anon.c #AddModule mod_auth_dbm.c #AddModule mod_auth_db.c AddModule mod_digest.c #AddModule mod_cern_meta.c AddModule mod_expires.c AddModule mod_headers.c AddModule mod_usertrack.c #AddModule mod_example.c #AddModule mod_unique_id.c AddModule mod_so.c AddModule mod_setenvif.c <IfDefine HAVE_PHP4> AddModule mod_php4.c </IfDefine> <IfDefine HAVE_SXNET> AddModule mod_sxnet.c </IfDefine> <IfDefine HAVE_SSL> AddModule mod_ssl.c </IfDefine> AddModule mod_vhost_alias.c ### ### Global Configuration ### # We now support multiple apache configurations on the same server. In # common.conf, we put all directives that are common to all implementations # (httpd, httpd-perl, etc.) Include conf/commonhttpd.conf ### ### IP Address/Port and Proxied configuration section ### # The APACHEPROXIED setting can be set in /etc/rc.d/init.d/httpd if you # are using a proxy or accelerator, like the Apache-SGI or khttpd, so that # the fast web server serves static content while Apache handles the # cgi or php files BindAddress x.x.x.x #<IfDefine APACHEPROXIED> # Port 8080 # Listen 8080 #</IfDefine> #<IfDefine !APACHEPROXIED> # Port 8080 # Listen 8080 #</IfDefine> Listen x.x.x.x:80 # Likewise, we can set apache as the server by default and send perl # requests via ProxyPass to apache-mod_perl. It increases performance # since the perl interpreter is only used for perl and the standard apache # does all the html and image files, with a smaller footprint. # # If you install apache and apache-mod_perl, this is the default config. # If you don't want two web servers to use perl, uninstall apache, and # apache-mod_perl will not be proxied. <IfDefine PERLPROXIED> RewriteEngine on RewriteRule ^proxy:.* - [F] RewriteRule ^(.*/perl/.*)$ http://%{HTTP_HOST}:8200 [P] RewriteRule ^(.*/cgi-perl/.*)$ http://%{HTTP_HOST}:8200 [P] </IfDefine> ### ### Log configuration Section ### #Single logfile with access, agent and referer information #This is the default, if vlogs are not defined for the main server CustomLog logs/access_log combined env=!VLOG #If VLOG is defined in conf/vhosts/Vhost.conf, we use this entry CustomLog "|/usr/sbin/advxsplitlogfile" vhost env=VLOG ### ### Virtual Hosts ### # We include different templates for Virtual Hosting. Have a look in the # vhosts directory and modify to suit your needs. Include conf/vhosts/Vhosts.conf #Include conf/vhosts/DynamicVhosts.conf #Include conf/vhosts/VirtualHomePages.conf ### ### Performance settings Section ### # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 # # Server-pool size regulation. Rather than making you guess how many # server processes you need, Apache dynamically adapts to the load it # sees --- that is, it tries to maintain enough server processes to # handle the current load, plus a few spare servers to handle transient # load spikes (e.g., multiple simultaneous requests from a single # Netscape browser). # # It does this by periodically checking how many servers are waiting # for a request. If there are fewer than MinSpareServers, it creates # a new spare. If there are more than MaxSpareServers, some of the # spares die off. The default values are probably OK for most sites. # MinSpareServers 4 MaxSpareServers 10 # # Number of servers to start initially --- should be a reasonable ballpark # figure. # StartServers 4 # # Limit on total number of servers running, i.e., limit on the number # of clients who can simultaneously connect --- if this limit is ever # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. # It is intended mainly as a brake to keep a runaway server from taking # the system with it as it spirals down... # MaxClients 150 # # MaxRequestsPerChild: the number of requests each child process is # allowed to process before the child dies. The child will exit so # as to avoid problems after prolonged use when Apache (and maybe the # libraries it uses) leak memory or other resources. On most systems, this # isn't really needed, but a few (such as Solaris) do have notable leaks # in the libraries. For these platforms, set to something like 10000 # or so; a setting of 0 means unlimited. # # NOTE: This value does not include keepalive requests after the initial # request per connection. For example, if a child process handles # an initial request and 10 subsequent "keptalive" requests, it # wo# MaxRequestsPerChild 500 Include conf/addon-modules/php.conf Include conf/mailman.conf Include conf/ssl/mod_ssl.conf Include conf/ssl/ssl.default-vhost.conf uld only count as 1 request towards this limit. Most of it is just the default settings, and I have tried a few combinations in the Global Settings, but anyone who tries to connect get permission denied or files can't be accessed error, with either the redirect or just using the IP Address directly. I have tried changing the file permissions /var/www from ROOT to Apache, but this didn't seem to do anything either. Anyone else have any ideas ? I am mega stumped on this one. Thanks. Quote Link to comment Share on other sites More sharing options...
Guest LinuxExplorer Posted February 12, 2003 Report Share Posted February 12, 2003 Comment out the first line with the SeverType standalone with a # As root, do this in the console: chmod -R 755 /var/www/html See what that does. Quote Link to comment Share on other sites More sharing options...
Guest tezca Posted February 12, 2003 Report Share Posted February 12, 2003 The problem is not your webserver the problem is the linksys router! I had the same type of headache a year ago, solved it by ditching that piece of c$#% what I did was set up a 3-way linux router with 3 ethernet cards 1 card connected to the dsl modem one card connected to a DMZ using global ipaddress and one card connected to a private LAN masqueraded of course the firewall/routeing software is Shorewall avail at shorewall.net but I might just with replace the firewall with my own handwritten one in the next couple of days just "Becuase" (To see if I got the hang of iptables now) I know you probably dont fell up to doing what I did but..... perhaps you don't have to 1. are you using Global ip addresses? if so Ditch the Linksys it wont work, none of those smalltime routers will for a Global IP 2. if you are using a private ip and NAT through the Linksys thats about the only way it'll work what you'll be doing is "Portforwarding" write back and I'll help Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 12, 2003 Author Report Share Posted February 12, 2003 Yes I am using Private Network address range and Port forwarding on the Linksys. I use to run a webserver using linux, and never had any problems with the router before. That is until I moved from Canada to the US, then I let Cox host my personal site. Now I want to create another one on my own box, and since I moved to Mandrake 9, it has been giving me problems suddenly. Quote Link to comment Share on other sites More sharing options...
tyme Posted February 12, 2003 Report Share Posted February 12, 2003 did you check with your ISP to make sure they aren't purposely blocking port 80? Quote Link to comment Share on other sites More sharing options...
Guest LinuxExplorer Posted February 12, 2003 Report Share Posted February 12, 2003 Oh yeah...I forgot about the ISP. Cable internet providers are notorious for this. Some will even cut you off temporarily until you turn the web server off. You have to really read the fine print in some of those contracts. Cable internet providers are usually worse about it since they dislike someone doing any unusual amount of time or sustained uploads. If you call into their tech support and the tech(s) you usually talking to sound like they're reading from a script, request to talk to a local or higher level tech. If there isn't one....ask immediately if they block port 80. Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 12, 2003 Author Report Share Posted February 12, 2003 Will give them a call and find out. Thanks for the input. Quote Link to comment Share on other sites More sharing options...
Ronin Posted February 12, 2003 Report Share Posted February 12, 2003 Will give them a call and find out. Thanks for the input. Don't call them. That will only tip them off that you're breaking your TOS. Have you tried putting the server on a different port instead? Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 13, 2003 Author Report Share Posted February 13, 2003 Not yet. It is hard to verify if anyone can access it or not. Can anyone see if you can get to; http://mandrake101.no-ip.org:9000/ Thanks. I will also check from work today. Quote Link to comment Share on other sites More sharing options...
tyme Posted February 13, 2003 Report Share Posted February 13, 2003 connection refused :-( Quote Link to comment Share on other sites More sharing options...
Ronin Posted February 13, 2003 Report Share Posted February 13, 2003 Likewise connection refused. Did you open and forward the appropriate port back? Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 13, 2003 Author Report Share Posted February 13, 2003 I put myself on the DMZ, so all ports should automatically be forwarded to my linux box. I still can't access it from work either. I am going to disconnect my router when I get a chance. Maybe this weekend. Just to see if it is Cox Cable or me. From there I can trouble shoot the problem...hopefully. Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 14, 2003 Author Report Share Posted February 14, 2003 I really didn't have much time last night, but I took the router out of the loop, put another NIC in the box. I was able to get the LAN working just fine, but for some reason, I could not get my Cable setup on eth0/eth1. It didn't seems to retreive the IP Address using DHCP, and if I tried to go static, it didn't work either. So I plugged the router back into the network, removed the second NIC, and finally got things back up and running. This morning, I reset the router totally, then ran into problems getting an IP Address again. I finally did though. I still can't access the Website now. I really wish ISPs would give more space for Web Hosting. I will play with it on saturday when I actually have more time. Quote Link to comment Share on other sites More sharing options...
Guest LinuxExplorer Posted February 14, 2003 Report Share Posted February 14, 2003 You might not be able to acquire an IP address with the cable modem connected directly to the NIC possibly because the ISP authenticates via the media access control address on the NIC, or rather in your case, the router MAC. When you tried via the different port (9000), are you sure the DNS entry for your computer was correct? I'll PM you on the address it resolves to.Of course, this may all just lie in the router itself as tezca suggested. If that's the case and you go with a different router and can no longer connect, then I'm pretty sure your ISP uses the MAC address to authenticate. Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 14, 2003 Author Report Share Posted February 14, 2003 I understand what you are saying about the MAC authentication. I have change the MAC on the Router to the NIC MAC to get authenticated by Cox. I have moved NICs around before from puter to puter, and I will no longer be able to connect. So I do understand what you are saying. As to what my address resolves to, is beyond me. I do run a pretty tight firewall and block all ICMP at the router. I do have all 3 ISP DNS entries in my /etc/resolv.conf. If I use the NIC (Same MAC as what the router was set to) removing the router all together, should I not be able to connect directly to the Modem, and configure DHCP to get my connection running again ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.