Re: Apache 1.3 Problems
On Tue, 16 Sep 2008, Annelise Anderson wrote: > On Wed, 17 Sep 2008, Ian Smith wrote: > > On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: > > > > On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: > > > > From a digest post, trimming a bit .. Trimming lots this time .. > > Ok, ping and DNS look fine. I (also) can traceroute your box this far: > > > > 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 > > ms > > 15 * * * > > 16 * * * > > 17 * * * > > 18 * *^C > > > > I don't know whether you allow inbound traceroutes? but the question > > now is, how many routers between you and and bbrb-isp.Stanford.EDU ? > > > > Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? [..] > I think port 80 is being filtered. I have started talking to the admins. > The traceroute looks like this-- > > andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU > traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte > packets > 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms > 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * > 3 * * * > 4 * * * > and so forth indefinitely. While talking to the admins, you might show them your traceroute too. It's a bit strange that bbrb-isp.Stanford.EDU responds to traceroutes from the outside, but not from your internal machine. Of course it may be that the port 80 blocking (and/or traceroute blocking) is occurring on another router between you and bbrb-isp .. we can see at least two. > When I filter out non-tcp traffic nothing shows up at all. Obviously mail works both ways. tcptraceroute was also a good clue. > I have not tried another port yet, but will do that now. > > Annelise Happy hunting, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache 1.3 Problems
On Wed, 17 Sep 2008, Ian Smith wrote: On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: > > On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: From a digest post, trimming a bit .. > >>> After 3 years, by apache 1.3 server quite working. It shows a > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD > >>> the home page comes up using lynx http://andrsn.stanford.edu > >>> > >>> But from outside, it times out. > >>> > >>> I have run the texts for valid configuration (I haven't changed > >>> anything) and I actually rebooted the machine. The texts are okay and > >>> rebooting doesn't help. > >>> > >>> The machine is pingable. It's running FreeBSD 5.5 or so. > >>> > >>> What to do next? > >>> > >>> Annelise > >>> ___ > >> > >> Hmm.. > >> Can it connect to the outside world at all itself? Has the network > >> changed > >> at all recently? Did the server restart at all and if so are the > >> firewall > >> rules (if any) permitting external traffic? > >> > >> You could check the apache logs to see if any external connections are > >> getting through to the box at all, too. > >> > >> Is the lynx test connecting from the same box to itself? or from another > >> FreeBSD box..? > > > >>From the same box to itself. What about from other boxes 'inside' your domain? > >> -- > >> Also, what Chris said would cover most of these. :) > >> > >> Cheers, > >> Mark > > > > Chris wrote: > > > >>Sounds like a (probebly external) firewall issue. Just because pings get > >>through, doesn't mean the http requests are. > > > > No firewall on my machine. No, but there are (hopefully :) Stanford firewall/s between you and the outside world. Might they have upgraded policy about allowing inbound port 80 connections to boxes not known/expected to be running servers? > >>I'd run ngrep or tcpdump on the console and double-check that the packets > >>are actually making it to the server. > > > >>Also, do a "sockstat -4" and make sure it's listening on the approprate > >>IP. > > > > Thank you both-- > > > > sockstat -4 show that it's listening on *:80, which is right. > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log > > shows any tcp packets at all getting through except when lynx is run > > from the machine on which apache is running after Sept 12 at 2:12 a.m. > > Thus, I assume packets are not getting to the server, except when > > requested from the local machine. Sounds like your machine is setup ok, but inbound tcp setup packets are apparently getting blocked upstream. > > email and ftp are working--and I can log into the machine remotely-- > > so stuff is getting out and in. tcpdump shows a lot of other activity, Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. > > So, I'm stumped. > > > > Annelise Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? > This might sound like an odd test, but try configuring it to sit on a port > other than 80 (8080, for example) and seeing if you get the same problem > there. > > Cheers, > Mark If you're thinking what I'm thinking, 8080's just as unlikely to work :) cheers, Ian I think port 80 is being filtered. I have started talking to the admins. The traceroute looks like this-- andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte packets 1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms 0.711 ms 2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms * 3 * * * 4 * * * and so forth indefinitely. When I filter out non-tcp traffic nothing shows up at all. I have not tried another port yet, but will do that now. Annelise ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache 1.3 Problems
On Tue, 16 Sep 2008 17:48:48 +1000 (EST) [EMAIL PROTECTED] wrote: > > On Tue, 16 Sep 2008 [EMAIL PROTECTED] wrote: >From a digest post, trimming a bit .. > >>> After 3 years, by apache 1.3 server quite working. It shows a > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD > >>> the home page comes up using lynx http://andrsn.stanford.edu > >>> > >>> But from outside, it times out. > >>> > >>> I have run the texts for valid configuration (I haven't changed > >>> anything) and I actually rebooted the machine. The texts are okay and > >>> rebooting doesn't help. > >>> > >>> The machine is pingable. It's running FreeBSD 5.5 or so. > >>> > >>> What to do next? > >>> > >>> Annelise > >>> ___ > >> > >> Hmm.. > >> Can it connect to the outside world at all itself? Has the network > >> changed > >> at all recently? Did the server restart at all and if so are the > >> firewall > >> rules (if any) permitting external traffic? > >> > >> You could check the apache logs to see if any external connections are > >> getting through to the box at all, too. > >> > >> Is the lynx test connecting from the same box to itself? or from another > >> FreeBSD box..? > > > >>From the same box to itself. What about from other boxes 'inside' your domain? > >> -- > >> Also, what Chris said would cover most of these. :) > >> > >> Cheers, > >> Mark > > > > Chris wrote: > > > >>Sounds like a (probebly external) firewall issue. Just because pings get > >>through, doesn't mean the http requests are. > > > > No firewall on my machine. No, but there are (hopefully :) Stanford firewall/s between you and the outside world. Might they have upgraded policy about allowing inbound port 80 connections to boxes not known/expected to be running servers? > >>I'd run ngrep or tcpdump on the console and double-check that the packets > >>are actually making it to the server. > > > >>Also, do a "sockstat -4" and make sure it's listening on the approprate > >>IP. > > > > Thank you both-- > > > > sockstat -4 show that it's listening on *:80, which is right. > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log > > shows any tcp packets at all getting through except when lynx is run > > from the machine on which apache is running after Sept 12 at 2:12 a.m. > > Thus, I assume packets are not getting to the server, except when > > requested from the local machine. Sounds like your machine is setup ok, but inbound tcp setup packets are apparently getting blocked upstream. > > email and ftp are working--and I can log into the machine remotely-- > > so stuff is getting out and in. tcpdump shows a lot of other activity, Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise. > > So, I'm stumped. > > > >Annelise Ok, ping and DNS look fine. I (also) can traceroute your box this far: 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms 15 * * * 16 * * * 17 * * * 18 * *^C I don't know whether you allow inbound traceroutes? but the question now is, how many routers between you and and bbrb-isp.Stanford.EDU ? Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? > This might sound like an odd test, but try configuring it to sit on a port > other than 80 (8080, for example) and seeing if you get the same problem > there. > > Cheers, > Mark If you're thinking what I'm thinking, 8080's just as unlikely to work :) cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
