I have begun looking at the data you supplied. One the apache server (That doesn't work) , it looks like the server just isn't sending the responses out. There should be an echo reply from the server back to the ip address for every echo request. There should be return (usually ack packets) from the server to the client for the http requests, and those aren't present either.
The iptables information returned says you are using iptables, but its setup to allow everything to and from your system (Which means that probably isn't the problem). On the apache webserver that is not working can you issue the command: route -n and return me the result. I am assuming that the apache webserver that isn't working has a 192.168.10.x address? On Tue, 2003-09-16 at 19:58, J. Rafael S�nchez wrote: > Here's some additional info based on feedback I've received from Michael and > Curtis... > > tcpdump capture from apache server while pinging from remote client while > also executing an http:// request. It looks like the apache server is > receiving the request but it's not acknowledging it ... /dev/null bucket? > > 19:03:29.856250 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:35.085713 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:40.096252 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:45.097648 192.168.10.100 > apacheserver.domain.com: icmp: echo request > > Now, the http request entry here... I'm not sure what's going on! Do you > guys? As you can see it's receiving the packet from the correct box > 192.168.10.100 but I dunno what's doing with it. Nor the icmp request for > that matter. > > 19:04:02.190346 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > 19:04:05.132444 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > 19:04:11.142748 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > > You tell me what you make out of this one here. It does not appear to be > running Iptables, does it? > ========================================================== > [EMAIL PROTECTED] root]# iptables --list -t nat -v > > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > ======================================================= > REMOTELY FROM VPN CLIENT - winxp home. > C:\ route print > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x2 ...00 c0 f0 40 7e e0 ...... VENDOR PCI Fast Ethernet Adapter (Generic) - > Packet Scheduler Miniport > 0x3 ...00 60 73 eb 6f 49 ...... FIREWALLVENDOR VPN Adapter - Packet > Scheduler Miniport > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.100 20 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.10.0 255.255.255.0 192.168.10.100 192.168.10.100 20 > 192.168.10.100 255.255.255.255 127.0.0.1 127.0.0.1 20 > 192.168.10.255 255.255.255.255 192.168.10.100 192.168.10.100 20 > 192.168.173.0 255.255.255.0 192.168.10.1 192.168.10.100 1 > xxx.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.100 1 > 224.0.0.0 240.0.0.0 192.168.10.100 192.168.10.100 20 > 255.255.255.255 255.255.255.255 192.168.10.100 192.168.10.100 1 > 255.255.255.255 255.255.255.255 192.168.10.100 3 1 > Default Gateway: 192.168.10.1 > =========================================================================== > Persistent Routes: None > > SOME NOTES: > VENDOR PCI = substituted for real ethernet adaptor. > FIREWALLVENDOR = substituted for real firewall vendor name > xxx.xxx.xxx.xxx = substituted for real fully routeable ip address [firewall > ip address] > 192.168.10.x = my client subnet > Default Gateway = dsl/router of the shelf box. > Version of Apache running: apache-1.3.23-11 on Red Hat 7.3 > > > Thanks again guys... > Rafael. > > > ----- Original Message ----- > From: "Michael Petch" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, September 16, 2003 6:30 PM > Subject: Re: (clug-talk) Not able to see apache server [INTRANET] > fromoutside firewall... -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
