On Wed, 17 Sep 2008, Ian Smith wrote:
On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote:
> > On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote:
From a digest post, trimming a bit ..
> >>> After 3 years, by apache 1.3 server quite working. It shows a
> >>> PID, it's running, it can be stopped and restarted, and from FreeBSD
> >>> the home page comes up using lynx http://andrsn.stanford.edu
> >>>
> >>> But from outside, it times out.
> >>>
> >>> I have run the texts for valid configuration (I haven't changed
> >>> anything) and I actually rebooted the machine. The texts are okay and
> >>> rebooting doesn't help.
> >>>
> >>> The machine is pingable. It's running FreeBSD 5.5 or so.
> >>>
> >>> What to do next?
> >>>
> >>> Annelise
> >>> _______________________________________________
> >>
> >> Hmm..
> >> Can it connect to the outside world at all itself? Has the network
> >> changed
> >> at all recently? Did the server restart at all and if so are the
> >> firewall
> >> rules (if any) permitting external traffic?
> >>
> >> You could check the apache logs to see if any external connections are
> >> getting through to the box at all, too.
> >>
> >> Is the lynx test connecting from the same box to itself? or from another
> >> FreeBSD box..?
> >
> >>From the same box to itself.
What about from other boxes 'inside' your domain?
> >> --
> >> Also, what Chris said would cover most of these. :)
> >>
> >> Cheers,
> >> Mark
> >
> > Chris wrote:
> >
> >>Sounds like a (probebly external) firewall issue. Just because pings get
> >>through, doesn't mean the http requests are.
> >
> > No firewall on my machine.
No, but there are (hopefully :) Stanford firewall/s between you and the
outside world. Might they have upgraded policy about allowing inbound
port 80 connections to boxes not known/expected to be running servers?
> >>I'd run ngrep or tcpdump on the console and double-check that the packets
> >>are actually making it to the server.
> >
> >>Also, do a "sockstat -4" and make sure it's listening on the approprate
> >>IP.
> >
> > Thank you both--
> >
> > sockstat -4 show that it's listening on *:80, which is right.
> > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log
> > shows any tcp packets at all getting through except when lynx is run
> > from the machine on which apache is running after Sept 12 at 2:12 a.m.
> > Thus, I assume packets are not getting to the server, except when
> > requested from the local machine.
Sounds like your machine is setup ok, but inbound tcp setup packets are
apparently getting blocked upstream.
> > email and ftp are working--and I can log into the machine remotely--
> > so stuff is getting out and in. tcpdump shows a lot of other activity,
Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise.
> > So, I'm stumped.
> >
> > Annelise
Ok, ping and DNS look fine. I (also) can traceroute your box this far:
14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms
15 * * *
16 * * *
17 * * *
18 * *^C
I don't know whether you allow inbound traceroutes? but the question
now is, how many routers between you and and bbrb-isp.Stanford.EDU ?
Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine?
> This might sound like an odd test, but try configuring it to sit on a port
> other than 80 (8080, for example) and seeing if you get the same problem
> there.
>
> Cheers,
> Mark
If you're thinking what I'm thinking, 8080's just as unlikely to work :)
cheers, Ian
I think port 80 is being filtered. I have started talking to the admins.
The traceroute looks like this--
andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU
traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte
packets
1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms
0.711 ms
2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms *
3 * * *
4 * * *
....and so forth indefinitely.
When I filter out non-tcp traffic nothing shows up at all.
I have not tried another port yet, but will do that now.
Annelise
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
