From owner-freebsd-questions@FreeBSD.ORG Tue Sep 16 21:40:16 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 282EA106564A for ; Tue, 16 Sep 2008 21:40:16 +0000 (UTC) (envelope-from andrsn@andrsn.stanford.edu) Received: from smtp3.stanford.edu (smtp3.Stanford.EDU [171.67.20.26]) by mx1.freebsd.org (Postfix) with ESMTP id 0F6648FC1C for ; Tue, 16 Sep 2008 21:40:15 +0000 (UTC) (envelope-from andrsn@andrsn.stanford.edu) Received: from smtp3.stanford.edu (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 76BE560DF13; Tue, 16 Sep 2008 14:40:15 -0700 (PDT) Received: from andrsn.stanford.edu (andrsn.Stanford.EDU [171.66.112.163]) by smtp3.stanford.edu (Postfix) with ESMTP id 2298E60E76F; Tue, 16 Sep 2008 14:40:11 -0700 (PDT) Received: from localhost (nobody@localhost.stanford.edu [127.0.0.1]) by andrsn.stanford.edu (8.13.8/8.13.4) with ESMTP id m8GLeA8K016461; Tue, 16 Sep 2008 14:40:11 -0700 (PDT) (envelope-from andrsn@andrsn.stanford.edu) Date: Tue, 16 Sep 2008 14:40:10 -0700 (PDT) From: Annelise Anderson To: Ian Smith In-Reply-To: <20080917002608.H439@sola.nimnet.asn.au> Message-ID: <20080916143408.X16422@andrsn.stanford.edu> References: <20080916120019.4F06F10657DF@hub.freebsd.org> <20080917002608.H439@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: chris@smartt.com, mark@legios.org, freebsd-questions@freebsd.org Subject: Re: Apache 1.3 Problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 21:40:16 -0000 On Wed, 17 Sep 2008, Ian Smith wrote: > On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark@legios.org wrote: > > > On Tue, 16 Sep 2008 mark@legios.org wrote: > >> From a digest post, trimming a bit .. > > > >>> After 3 years, by apache 1.3 server quite working. It shows a > > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD > > >>> the home page comes up using lynx http://andrsn.stanford.edu > > >>> > > >>> But from outside, it times out. > > >>> > > >>> I have run the texts for valid configuration (I haven't changed > > >>> anything) and I actually rebooted the machine. The texts are okay and > > >>> rebooting doesn't help. > > >>> > > >>> The machine is pingable. It's running FreeBSD 5.5 or so. > > >>> > > >>> What to do next? > > >>> > > >>> Annelise > > >>> _______________________________________________ > > >> > > >> Hmm.. > > >> Can it connect to the outside world at all itself? Has the network > > >> changed > > >> at all recently? Did the server restart at all and if so are the > > >> firewall > > >> rules (if any) permitting external traffic? > > >> > > >> You could check the apache logs to see if any external connections are > > >> getting through to the box at all, too. > > >> > > >> Is the lynx test connecting from the same box to itself? or from another > > >> FreeBSD box..? > > > > > >>From the same box to itself. > > What about from other boxes 'inside' your domain? > > > >> -- > > >> Also, what Chris said would cover most of these. :) > > >> > > >> Cheers, > > >> Mark > > > > > > Chris wrote: > > > > > >>Sounds like a (probebly external) firewall issue. Just because pings get > > >>through, doesn't mean the http requests are. > > > > > > No firewall on my machine. > > No, but there are (hopefully :) Stanford firewall/s between you and the > outside world. Might they have upgraded policy about allowing inbound > port 80 connections to boxes not known/expected to be running servers? > > > >>I'd run ngrep or tcpdump on the console and double-check that the packets > > >>are actually making it to the server. > > > > > >>Also, do a "sockstat -4" and make sure it's listening on the approprate > > >>IP. > > > > > > Thank you both-- > > > > > > sockstat -4 show that it's listening on *:80, which is right. > > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log > > > shows any tcp packets at all getting through except when lynx is run > > > from the machine on which apache is running after Sept 12 at 2:12 a.m. > > > Thus, I assume packets are not getting to the server, except when > > > requested from the local machine. > > Sounds like your machine is setup ok, but inbound tcp setup packets are > apparently getting blocked upstream. > > > > email and ftp are working--and I can log into the machine remotely-- > > > so stuff is getting out and in. tcpdump shows a lot of other activity, > > Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. > > > > So, I'm stumped. > > > > > > Annelise > > Ok, ping and DNS look fine. I (also) can traceroute your box this far: > > 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms > 15 * * * > 16 * * * > 17 * * * > 18 * *^C > > I don't know whether you allow inbound traceroutes? but the question > now is, how many routers between you and and bbrb-isp.Stanford.EDU ? > > Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? > > > This might sound like an odd test, but try configuring it to sit on a port > > other than 80 (8080, for example) and seeing if you get the same problem > > there. > > > > Cheers, > > Mark > > If you're thinking what I'm thinking, 8080's just as unlikely to work :) > > cheers, Ian I think port 80 is being filtered. I have started talking to the admins. The traceroute looks like this-- andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte packets 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * 3 * * * 4 * * * ....and so forth indefinitely. When I filter out non-tcp traffic nothing shows up at all. I have not tried another port yet, but will do that now. Annelise