Re: Apache 1.3 Problems
On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: From a digest post, trimming a bit .. After 3 years, by apache 1.3 server quite working. It shows a PID, it's running, it can be stopped and restarted, and from FreeBSD the home page comes up using lynx http://andrsn.stanford.edu But from outside, it times out. I have run the texts for valid configuration (I haven't changed anything) and I actually rebooted the machine. The texts are okay and rebooting doesn't help. The machine is pingable. It's running FreeBSD 5.5 or so. What to do next? Annelise ___ Hmm.. Can it connect to the outside world at all itself? Has the network changed at all recently? Did the server restart at all and if so are the firewall rules (if any) permitting external traffic? You could check the apache logs to see if any external connections are getting through to the box at all, too. Is the lynx test connecting from the same box to itself? or from another FreeBSD box..? From the same box to itself. What about from other boxes 'inside' your domain? -- Also, what Chris said would cover most of these. :) Cheers, Mark Chris wrote: Sounds like a (probebly external) firewall issue. Just because pings get through, doesn't mean the http requests are. No firewall on my machine. No, but there are (hopefully :) Stanford firewall/s between you and the outside world. Might they have upgraded policy about allowing inbound port 80 connections to boxes not known/expected to be running servers? I'd run ngrep or tcpdump on the console and double-check that the packets are actually making it to the server. Also, do a sockstat -4 and make sure it's listening on the approprate IP. Thank you both-- sockstat -4 show that it's listening on *:80, which is right. Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log shows any tcp packets at all getting through except when lynx is run from the machine on which apache is running after Sept 12 at 2:12 a.m. Thus, I assume packets are not getting to the server, except when requested from the local machine. Sounds like your machine is setup ok, but inbound tcp setup packets are apparently getting blocked upstream. email and ftp are working--and I can log into the machine remotely-- so stuff is getting out and in. tcpdump shows a lot of other activity, Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. So, I'm stumped. Annelise Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? This might sound like an odd test, but try configuring it to sit on a port other than 80 (8080, for example) and seeing if you get the same problem there. Cheers, Mark If you're thinking what I'm thinking, 8080's just as unlikely to work :) cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 1.3 Problems
On Wed, 17 Sep 2008, Ian Smith wrote: On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: From a digest post, trimming a bit .. After 3 years, by apache 1.3 server quite working. It shows a PID, it's running, it can be stopped and restarted, and from FreeBSD the home page comes up using lynx http://andrsn.stanford.edu But from outside, it times out. I have run the texts for valid configuration (I haven't changed anything) and I actually rebooted the machine. The texts are okay and rebooting doesn't help. The machine is pingable. It's running FreeBSD 5.5 or so. What to do next? Annelise ___ Hmm.. Can it connect to the outside world at all itself? Has the network changed at all recently? Did the server restart at all and if so are the firewall rules (if any) permitting external traffic? You could check the apache logs to see if any external connections are getting through to the box at all, too. Is the lynx test connecting from the same box to itself? or from another FreeBSD box..? From the same box to itself. What about from other boxes 'inside' your domain? -- Also, what Chris said would cover most of these. :) Cheers, Mark Chris wrote: Sounds like a (probebly external) firewall issue. Just because pings get through, doesn't mean the http requests are. No firewall on my machine. No, but there are (hopefully :) Stanford firewall/s between you and the outside world. Might they have upgraded policy about allowing inbound port 80 connections to boxes not known/expected to be running servers? I'd run ngrep or tcpdump on the console and double-check that the packets are actually making it to the server. Also, do a sockstat -4 and make sure it's listening on the approprate IP. Thank you both-- sockstat -4 show that it's listening on *:80, which is right. Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log shows any tcp packets at all getting through except when lynx is run from the machine on which apache is running after Sept 12 at 2:12 a.m. Thus, I assume packets are not getting to the server, except when requested from the local machine. Sounds like your machine is setup ok, but inbound tcp setup packets are apparently getting blocked upstream. email and ftp are working--and I can log into the machine remotely-- so stuff is getting out and in. tcpdump shows a lot of other activity, Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. So, I'm stumped. Annelise Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? This might sound like an odd test, but try configuring it to sit on a port other than 80 (8080, for example) and seeing if you get the same problem there. Cheers, Mark If you're thinking what I'm thinking, 8080's just as unlikely to work :) cheers, Ian I think port 80 is being filtered. I have started talking to the admins. The traceroute looks like this-- andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte packets 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * 3 * * * 4 * * * and so forth indefinitely. When I filter out non-tcp traffic nothing shows up at all. I have not tried another port yet, but will do that now. Annelise ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 1.3 Problems
On Tue, 16 Sep 2008, Annelise Anderson wrote: On Wed, 17 Sep 2008, Ian Smith wrote: On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: From a digest post, trimming a bit .. Trimming lots this time .. Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? [..] I think port 80 is being filtered. I have started talking to the admins. The traceroute looks like this-- andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte packets 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * 3 * * * 4 * * * and so forth indefinitely. While talking to the admins, you might show them your traceroute too. It's a bit strange that bbrb-isp.Stanford.EDU responds to traceroutes from the outside, but not from your internal machine. Of course it may be that the port 80 blocking (and/or traceroute blocking) is occurring on another router between you and bbrb-isp .. we can see at least two. When I filter out non-tcp traffic nothing shows up at all. Obviously mail works both ways. tcptraceroute was also a good clue. I have not tried another port yet, but will do that now. Annelise Happy hunting, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]