From owner-freebsd-questions@FreeBSD.ORG Tue Sep 16 15:10:52 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7463106564A for ; Tue, 16 Sep 2008 15:10:51 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 45F908FC18 for ; Tue, 16 Sep 2008 15:10:51 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id m8GFAibC020634; Wed, 17 Sep 2008 01:10:45 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 17 Sep 2008 01:10:44 +1000 (EST) From: Ian Smith To: mark@legios.org In-Reply-To: <20080916120019.4F06F10657DF@hub.freebsd.org> Message-ID: <20080917002608.H439@sola.nimnet.asn.au> References: <20080916120019.4F06F10657DF@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: chris@smartt.com, freebsd-questions@freebsd.org Subject: Re: Apache 1.3 Problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 15:10:52 -0000 On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark@legios.org wrote: > > On Tue, 16 Sep 2008 mark@legios.org wrote: >From a digest post, trimming a bit .. > >>> After 3 years, by apache 1.3 server quite working. It shows a > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD > >>> the home page comes up using lynx http://andrsn.stanford.edu > >>> > >>> But from outside, it times out. > >>> > >>> I have run the texts for valid configuration (I haven't changed > >>> anything) and I actually rebooted the machine. The texts are okay and > >>> rebooting doesn't help. > >>> > >>> The machine is pingable. It's running FreeBSD 5.5 or so. > >>> > >>> What to do next? > >>> > >>> Annelise > >>> _______________________________________________ > >> > >> Hmm.. > >> Can it connect to the outside world at all itself? Has the network > >> changed > >> at all recently? Did the server restart at all and if so are the > >> firewall > >> rules (if any) permitting external traffic? > >> > >> You could check the apache logs to see if any external connections are > >> getting through to the box at all, too. > >> > >> Is the lynx test connecting from the same box to itself? or from another > >> FreeBSD box..? > > > >>From the same box to itself. What about from other boxes 'inside' your domain? > >> -- > >> Also, what Chris said would cover most of these. :) > >> > >> Cheers, > >> Mark > > > > Chris wrote: > > > >>Sounds like a (probebly external) firewall issue. Just because pings get > >>through, doesn't mean the http requests are. > > > > No firewall on my machine. No, but there are (hopefully :) Stanford firewall/s between you and the outside world. Might they have upgraded policy about allowing inbound port 80 connections to boxes not known/expected to be running servers? > >>I'd run ngrep or tcpdump on the console and double-check that the packets > >>are actually making it to the server. > > > >>Also, do a "sockstat -4" and make sure it's listening on the approprate > >>IP. > > > > Thank you both-- > > > > sockstat -4 show that it's listening on *:80, which is right. > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log > > shows any tcp packets at all getting through except when lynx is run > > from the machine on which apache is running after Sept 12 at 2:12 a.m. > > Thus, I assume packets are not getting to the server, except when > > requested from the local machine. Sounds like your machine is setup ok, but inbound tcp setup packets are apparently getting blocked upstream. > > email and ftp are working--and I can log into the machine remotely-- > > so stuff is getting out and in. tcpdump shows a lot of other activity, Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. > > So, I'm stumped. > > > > Annelise Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? > This might sound like an odd test, but try configuring it to sit on a port > other than 80 (8080, for example) and seeing if you get the same problem > there. > > Cheers, > Mark If you're thinking what I'm thinking, 8080's just as unlikely to work :) cheers, Ian