On Tue, 2010-08-10 at 16:49 -0400, Peter Salzman wrote: > Interesting -- I didn't know that the sites were read in alpha order. > Also, I guess the wildcard for the NameVirtualHost is a better idea. > > Unfortunately, didn't fix the problem, but more weirdness came up. I > can't telnet to dirac.org port 80, which would explain why the logs > aren't being touched. But then I'm at a loss as to how tcpdump > apparently sees the connection: > > tcpdump -i eth0 tcp port 80 > > 16:40:32.104293 IP ny-131.foo.com.10096 > satan.www: Flags [S], seq > 1653467397, win 64512, options [mss 1460,nop,nop,sackOK], length 0 > > 16:40:32.104314 IP satan.www > ny-131.foo.com.10096: Flags [S.], seq > 329481650, ack 1653467398, win 5840, options [mss > 1460,nop,nop,sackOK], length 0
You're running tcpdump on your server. The first packet is the SYN that ny-131.foo.com sends to request the connection. The second packet is satan.www's response. I'm not familiar with tcpdump output, but this looks like satan.www's is a valid SYN -ACK packet agreeing to open the connection, and acknowledging ny-131.foo.com's request. The next packet is missing: that's supposed to be a packet from ny-131.foo.com ACKing satan.www's response and starting to send data. If you have those three packets, then a connection was never started, and telnet would quite reasonably think it can't reach the port. > It looks like the packets are getting forwarded correctly, but nobody > is listening. The port is set correctly in /etc/apache2/ports.conf > and I verified that apache2 is indeed running. It's such a > mystery! :-( Why not take a look at it with Wireshark and see if that sheds any light on the matter -- the Wireshark GUI can show much more information abut these packets including their data, and it can dissect individual packets for you, or show you the text content of a TCP connection. --Ken _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech