Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Sep 2008 01:10:44 +1000 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        mark@legios.org
Cc:        chris@smartt.com, freebsd-questions@freebsd.org
Subject:   Re: Apache 1.3 Problems
Message-ID:  <20080917002608.H439@sola.nimnet.asn.au>
In-Reply-To: <20080916120019.4F06F10657DF@hub.freebsd.org>
References:  <20080916120019.4F06F10657DF@hub.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark@legios.org wrote:
 > > On Tue, 16 Sep 2008 mark@legios.org wrote:

>From a digest post, trimming a bit ..

 > >>>  	After 3 years, by apache 1.3 server quite working.  It shows a
 > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD
 > >>> the home page comes up using lynx http://andrsn.stanford.edu
 > >>>
 > >>>  	But from outside, it times out.
 > >>>
 > >>>  	I have run the texts for valid configuration (I haven't changed
 > >>> anything) and I actually rebooted the machine.  The texts are okay and
 > >>> rebooting doesn't help.
 > >>>
 > >>>  	The machine is pingable.  It's running FreeBSD 5.5 or so.
 > >>>
 > >>>  	What to do next?
 > >>>
 > >>>  		Annelise
 > >>> _______________________________________________
 > >>
 > >> Hmm..
 > >> Can it connect to the outside world at all itself? Has the network
 > >> changed
 > >> at all recently? Did the server restart at all and if so are the
 > >> firewall
 > >> rules (if any) permitting external traffic?
 > >>
 > >> You could check the apache logs to see if any external connections are
 > >> getting through to the box at all, too.
 > >>
 > >> Is the lynx test connecting from the same box to itself? or from another
 > >> FreeBSD box..?
 > >
 > >>From the same box to itself.

What about from other boxes 'inside' your domain?

 > >> --
 > >> Also, what Chris said would cover most of these. :)
 > >>
 > >> Cheers,
 > >> Mark
 > >
 > > Chris wrote:
 > >
 > >>Sounds like a (probebly external) firewall issue. Just because pings get
 > >>through, doesn't mean the http requests are.
 > >
 > > No firewall on my machine.

No, but there are (hopefully :) Stanford firewall/s between you and the 
outside world.  Might they have upgraded policy about allowing inbound 
port 80 connections to boxes not known/expected to be running servers?

 > >>I'd run ngrep or tcpdump on the console and double-check that the packets
 > >>are actually making it to the server.
 > >
 > >>Also, do a "sockstat -4" and make sure it's listening on the approprate
 > >>IP.
 > >
 > > Thank you both--
 > >
 > > sockstat -4 show that it's listening on *:80, which is right.
 > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log
 > > shows any tcp packets at all getting through except when lynx is run
 > > from the machine on which apache is running after Sept 12 at 2:12 a.m.
 > > Thus, I assume packets are not getting to the server, except when
 > > requested from the local machine.

Sounds like your machine is setup ok, but inbound tcp setup packets are 
apparently getting blocked upstream.

 > > email and ftp are working--and I can log into the machine remotely--
 > > so stuff is getting out and in.  tcpdump shows a lot of other activity,

Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise.

 > > So, I'm stumped.
 > >
 > >  	Annelise

Ok, ping and DNS look fine.  I (also) can traceroute your box this far:

14  bbrb-isp.Stanford.EDU (171.64.1.155)  193.489 ms  193.562 ms  195.603 ms
15  * * *
16  * * *
17  * * *
18  * *^C

I don't know whether you allow inbound traceroutes? but the question 
now is, how many routers between you and and bbrb-isp.Stanford.EDU ?

Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine?

 > This might sound like an odd test, but try configuring it to sit on a port
 > other than 80 (8080, for example) and seeing if you get the same problem
 > there.
 >
 > Cheers,
 > Mark

If you're thinking what I'm thinking, 8080's just as unlikely to work :)

cheers, Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080917002608.H439>