Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Sep 2008 14:40:10 -0700 (PDT)
From:      Annelise Anderson <andrsn@andrsn.stanford.edu>
To:        Ian Smith <smithi@nimnet.asn.au>
Cc:        chris@smartt.com, mark@legios.org, freebsd-questions@freebsd.org
Subject:   Re: Apache 1.3 Problems
Message-ID:  <20080916143408.X16422@andrsn.stanford.edu>
In-Reply-To: <20080917002608.H439@sola.nimnet.asn.au>
References:  <20080916120019.4F06F10657DF@hub.freebsd.org> <20080917002608.H439@sola.nimnet.asn.au>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 2008, Ian Smith wrote:

> On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark@legios.org wrote:
> > > On Tue, 16 Sep 2008 mark@legios.org wrote:
>
>> From a digest post, trimming a bit ..
>
> > >>>  	After 3 years, by apache 1.3 server quite working.  It shows a
> > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD
> > >>> the home page comes up using lynx http://andrsn.stanford.edu
> > >>>
> > >>>  	But from outside, it times out.
> > >>>
> > >>>  	I have run the texts for valid configuration (I haven't changed
> > >>> anything) and I actually rebooted the machine.  The texts are okay and
> > >>> rebooting doesn't help.
> > >>>
> > >>>  	The machine is pingable.  It's running FreeBSD 5.5 or so.
> > >>>
> > >>>  	What to do next?
> > >>>
> > >>>  		Annelise
> > >>> _______________________________________________
> > >>
> > >> Hmm..
> > >> Can it connect to the outside world at all itself? Has the network
> > >> changed
> > >> at all recently? Did the server restart at all and if so are the
> > >> firewall
> > >> rules (if any) permitting external traffic?
> > >>
> > >> You could check the apache logs to see if any external connections are
> > >> getting through to the box at all, too.
> > >>
> > >> Is the lynx test connecting from the same box to itself? or from another
> > >> FreeBSD box..?
> > >
> > >>From the same box to itself.
>
> What about from other boxes 'inside' your domain?
>
> > >> --
> > >> Also, what Chris said would cover most of these. :)
> > >>
> > >> Cheers,
> > >> Mark
> > >
> > > Chris wrote:
> > >
> > >>Sounds like a (probebly external) firewall issue. Just because pings get
> > >>through, doesn't mean the http requests are.
> > >
> > > No firewall on my machine.
>
> No, but there are (hopefully :) Stanford firewall/s between you and the
> outside world.  Might they have upgraded policy about allowing inbound
> port 80 connections to boxes not known/expected to be running servers?
>
> > >>I'd run ngrep or tcpdump on the console and double-check that the packets
> > >>are actually making it to the server.
> > >
> > >>Also, do a "sockstat -4" and make sure it's listening on the approprate
> > >>IP.
> > >
> > > Thank you both--
> > >
> > > sockstat -4 show that it's listening on *:80, which is right.
> > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log
> > > shows any tcp packets at all getting through except when lynx is run
> > > from the machine on which apache is running after Sept 12 at 2:12 a.m.
> > > Thus, I assume packets are not getting to the server, except when
> > > requested from the local machine.
>
> Sounds like your machine is setup ok, but inbound tcp setup packets are
> apparently getting blocked upstream.
>
> > > email and ftp are working--and I can log into the machine remotely--
> > > so stuff is getting out and in.  tcpdump shows a lot of other activity,
>
> Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise.
>
> > > So, I'm stumped.
> > >
> > >  	Annelise
>
> Ok, ping and DNS look fine.  I (also) can traceroute your box this far:
>
> 14  bbrb-isp.Stanford.EDU (171.64.1.155)  193.489 ms  193.562 ms  195.603 ms
> 15  * * *
> 16  * * *
> 17  * * *
> 18  * *^C
>
> I don't know whether you allow inbound traceroutes? but the question
> now is, how many routers between you and and bbrb-isp.Stanford.EDU ?
>
> Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine?
>
> > This might sound like an odd test, but try configuring it to sit on a port
> > other than 80 (8080, for example) and seeing if you get the same problem
> > there.
> >
> > Cheers,
> > Mark
>
> If you're thinking what I'm thinking, 8080's just as unlikely to work :)
>
> cheers, Ian

I think port 80 is being filtered.  I have started talking to the admins.
The traceroute looks like this--

andrsn  2:23PM ~ % traceroute bbrb-isp.Stanford.EDU
traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte 
packets
  1  goz-srtr-vlan910.Stanford.EDU (171.66.112.1)  0.610 ms  0.571 ms 
0.711 ms
  2  * bbra-rtr.Stanford.EDU (172.20.4.1)  1.093 ms *
  3  * * *
  4  * * *
  ....and so forth indefinitely.

When I filter out non-tcp traffic nothing shows up at all.

I have not tried another port yet, but will do that now.

 	Annelise



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080916143408.X16422>