Date: Tue, 16 Sep 2008 14:40:10 -0700 (PDT) From: Annelise Anderson <andrsn@andrsn.stanford.edu> To: Ian Smith <smithi@nimnet.asn.au> Cc: chris@smartt.com, mark@legios.org, freebsd-questions@freebsd.org Subject: Re: Apache 1.3 Problems Message-ID: <20080916143408.X16422@andrsn.stanford.edu> In-Reply-To: <20080917002608.H439@sola.nimnet.asn.au> References: <20080916120019.4F06F10657DF@hub.freebsd.org> <20080917002608.H439@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 2008, Ian Smith wrote: > On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark@legios.org wrote: > > > On Tue, 16 Sep 2008 mark@legios.org wrote: > >> From a digest post, trimming a bit .. > > > >>> After 3 years, by apache 1.3 server quite working. It shows a > > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD > > >>> the home page comes up using lynx http://andrsn.stanford.edu > > >>> > > >>> But from outside, it times out. > > >>> > > >>> I have run the texts for valid configuration (I haven't changed > > >>> anything) and I actually rebooted the machine. The texts are okay and > > >>> rebooting doesn't help. > > >>> > > >>> The machine is pingable. It's running FreeBSD 5.5 or so. > > >>> > > >>> What to do next? > > >>> > > >>> Annelise > > >>> _______________________________________________ > > >> > > >> Hmm.. > > >> Can it connect to the outside world at all itself? Has the network > > >> changed > > >> at all recently? Did the server restart at all and if so are the > > >> firewall > > >> rules (if any) permitting external traffic? > > >> > > >> You could check the apache logs to see if any external connections are > > >> getting through to the box at all, too. > > >> > > >> Is the lynx test connecting from the same box to itself? or from another > > >> FreeBSD box..? > > > > > >>From the same box to itself. > > What about from other boxes 'inside' your domain? > > > >> -- > > >> Also, what Chris said would cover most of these. :) > > >> > > >> Cheers, > > >> Mark > > > > > > Chris wrote: > > > > > >>Sounds like a (probebly external) firewall issue. Just because pings get > > >>through, doesn't mean the http requests are. > > > > > > No firewall on my machine. > > No, but there are (hopefully :) Stanford firewall/s between you and the > outside world. Might they have upgraded policy about allowing inbound > port 80 connections to boxes not known/expected to be running servers? > > > >>I'd run ngrep or tcpdump on the console and double-check that the packets > > >>are actually making it to the server. > > > > > >>Also, do a "sockstat -4" and make sure it's listening on the approprate > > >>IP. > > > > > > Thank you both-- > > > > > > sockstat -4 show that it's listening on *:80, which is right. > > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log > > > shows any tcp packets at all getting through except when lynx is run > > > from the machine on which apache is running after Sept 12 at 2:12 a.m. > > > Thus, I assume packets are not getting to the server, except when > > > requested from the local machine. > > Sounds like your machine is setup ok, but inbound tcp setup packets are > apparently getting blocked upstream. > > > > email and ftp are working--and I can log into the machine remotely-- > > > so stuff is getting out and in. tcpdump shows a lot of other activity, > > Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. > > > > So, I'm stumped. > > > > > > Annelise > > Ok, ping and DNS look fine. I (also) can traceroute your box this far: > > 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms > 15 * * * > 16 * * * > 17 * * * > 18 * *^C > > I don't know whether you allow inbound traceroutes? but the question > now is, how many routers between you and and bbrb-isp.Stanford.EDU ? > > Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? > > > This might sound like an odd test, but try configuring it to sit on a port > > other than 80 (8080, for example) and seeing if you get the same problem > > there. > > > > Cheers, > > Mark > > If you're thinking what I'm thinking, 8080's just as unlikely to work :) > > cheers, Ian I think port 80 is being filtered. I have started talking to the admins. The traceroute looks like this-- andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte packets 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * 3 * * * 4 * * * ....and so forth indefinitely. When I filter out non-tcp traffic nothing shows up at all. I have not tried another port yet, but will do that now. Annelise
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080916143408.X16422>