You must be right, the problem lies somewhere else apparently. Apache does not play with low level raw sockets, so the absence of TCP syn ack indicates that Apache has not been involved at all. ----- Original Message ----- From: "Jon Snow" <[EMAIL PROTECTED]>
To: <users@httpd.apache.org>
Sent: Monday, April 03, 2006 11:23 AM
Subject: Re: [EMAIL PROTECTED] Reverse DNS lookup issue - No access from WAN, but LAN works fine



Vincent,

Believe your packet dump. Apache is not receiving the connection as a syn/ack has not been sent by the server in response to the syn. Something is either dropping the connection on your server at the tcp level or is routing reply
packets somewhere other than the inbound interface. The application is
therefore not even receiving it and apache is not at fault.

You will need to double check your firewall configurations, ensure there is
nothing else interferring at the tcp level such as an add on product.

Why it works with the other server I do not know but check how you tested it.
Were you inadvertently coming from a local or different address than that
used when testing apache from the WAN? Do you have a route for the WAN server
so the packets can return?

If you are able to dump successful connections with the network tool and have
confidence it is working properly then you should believe it.

Regards,
Jon


On Sunday 02 April 2006 23:43, Vincent Lextrait wrote:
Hi all,
I am running Apache 2.0.55 for win32, without add-ons, on Windows XP
Professional SP2, with firewall and anti spyware all deactivated. The conf
file is very plain.
The problem is that Apache, listening on port 80, does not accept
connections from the WAN, only from the LAN. I have replaced Apache with a dumb little web server, also listening on port 80. It answers beautifully.
This rules out (I think) any obvious router or ISP problem. Anyway, a
sniffer (see further) shows traffic coming to the server.
Apache does not show any booting error, and does not log any error. It does
not log any traffic either, when it comes from the WAN.
I have tried to deactivate mod_access in the conf file, and also tried to
insert:

EnableSendfile Off
EnableMMAP Off
Win32DisableAcceptEx

to avoid any weird problem. The behavior is exactly the same.
In order to see if connections attempts were reaching my server (Joe), I've used WinDump (trace below). The trace shows that the server receives a SYN
request from the external machine I am using to test the setup (I tried
also several other ones, same thing).
The second trace is a reverse DNS lookup, which is coming from Apache
(although mod_access is deactivated). Apache tries to gather information on
the external machine I assume. I do not understand why it does that.
The third trace is the answer from the DNS (I am not aware of any DNS issue
I would have, everything seems to work just fine). I do not know how to
interpret the answer trace.
After, no traffic is coming from Apache, and the external machine is
retrying a few times, without any success and any further reverse DNS
lookup from my machine. The connection is not finalized, Apache keeps
ignoring the SYN requests.
I've tried Ethereal to gather further information, but, for some mysterious
reason, it does not display the reverse DNS lookups, only the SYNs.
There is most likely something huge I am missing, or I made some wrong
interpretation. The fact is that I am stuck at this stage.
I include an extract of my conf file at the end of this post.
Any help is highly welcome!
Thanks in advance,
Vincent

10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56209604
0,nop,wscale 2>
 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
 0x0010:  003c a0ee 4000 2906 6f92 4815 375a c0a8  .<[EMAIL PROTECTED]).o.H.7Z..
 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
 0x0030:  16d0 a4a7 0000 0204 0578 0402 080a 0359  .........x.....Y
 0x0040:  b0c4 0000 0000 0103 0302                 ..........
10:09:23.444588 IP Joe.3044 > dns1.swip.net.53:  14727+ PTR?
90.55.21.72.in-addr.arpa. (42)
 0x0000:  00a0 c522 2821 0080 ad05 3e1a 0800 4500  ..."(!....>...E.
 0x0010:  0046 5c4f 0000 8011 19f6 c0a8 0124 82f4  .F\O.........$..
 0x0020:  7fa1 0be4 0035 0032 0f64 3987 0100 0001  .....5.2.d9.....
 0x0030:  0000 0000 0000 0239 3002 3535 0232 3102  .......90.55.21.
 0x0040:  3732 0769 6e2d 6164 6472 0461 7270 6100  72.in-addr.arpa.
 0x0050:  000c 0001                                ....
10:09:23.773839 IP dns1.swip.net.53 > Joe.3044:  14727 1/7/8 PTR[|domain]
 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
 0x0010:  019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8  [EMAIL PROTECTED]
 0x0020:  0124 0035 0be4 0186 f081 3987 8180 0001  .$.5......9.....
 0x0030:  0001 0007 0008 0239 3002 3535 0232 3102  .......90.55.21.
 0x0040:  3732 0769 6e2d 6164 6472 0461 7270 6100  72.in-addr.arpa.
 0x0050:  000c 0001 c00c 000c 0001 0001 27dd 0025  ............'..%
10:09:24.787670 IP Joe.3045 > dns1.swip.net.53:  20356+ PTR?
161.127.244.130.in-addr.arpa. (46)
 0x0000:  00a0 c522 2821 0080 ad05 3e1a 0800 4500  ..."(!....>...E.
 0x0010:  004a 5c50 0000 8011 19f1 c0a8 0124 82f4  .J\P.........$..
 0x0020:  7fa1 0be5 0035 0036 eea2 4f84 0100 0001  .....5.6..O.....
 0x0030:  0000 0000 0000 0331 3631 0331 3237 0332  .......161.127.2
 0x0040:  3434 0331 3330 0769 6e2d 6164 6472 0461  44.130.in-addr.a
 0x0050:  7270 6100 000c 0001                      rpa.....
10:09:24.987985 IP dns1.swip.net.53 > Joe.3045:  20356 1/5/8 (359)
 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
 0x0010:  0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8  [EMAIL PROTECTED]
 0x0020:  0124 0035 0be5 016f 9fc7 4f84 8180 0001  .$.5...o..O.....
 0x0030:  0001 0005 0008 0331 3631 0331 3237 0332  .......161.127.2
 0x0040:  3434 0331 3330 0769 6e2d 6164 6472 0461  44.130.in-addr.a
 0x0050:  7270 6100 000c 0001 c00c 000c 0001 0000  rpa.............
10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56212604
0,nop,wscale 2>
 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
 0x0010:  003c a0f0 4000 2906 6f90 4815 375a c0a8  .<[EMAIL PROTECTED]).o.H.7Z..
 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
 0x0030:  16d0 98ef 0000 0204 0578 0402 080a 0359  .........x.....Y
 0x0040:  bc7c 0000 0000 0103 0302                 .|........
10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80: S
3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 56218604
0,nop,wscale 2>
 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
 0x0010:  003c a0f2 4000 2906 6f8e 4815 375a c0a8  .<[EMAIL PROTECTED]).o.H.7Z..
 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
 0x0030:  16d0 817f 0000 0204 0578 0402 080a 0359  .........x.....Y
 0x0040:  d3ec 0000 0000 0103 0302                 ..........

Here is an the virtual host definitions extract from my conf file:

<VirtualHost 192.168.1.36:80>
    ServerAdmin [EMAIL PROTECTED]
    DocumentRoot C:/www/Aurinko
    ServerName www.aurinko.com
    ErrorLog logs/www.aurinko.com-error_log
    CustomLog logs/www.aurinko.com-access_log common
</VirtualHost>

<VirtualHost 192.168.1.36:80>
    ServerAdmin [EMAIL PROTECTED]
    DocumentRoot C:/www/Thomas
    ServerName thomas.lextrait.com
    ErrorLog logs/thomas.lextrait.com-error_log
    CustomLog logs/thomas.lextrait.com-access_log common
</VirtualHost>

<VirtualHost 192.168.1.36:80>
    ServerAdmin [EMAIL PROTECTED]
    DocumentRoot C:/www/Lextrait
    ServerName www.lextrait.com
    ErrorLog logs/www.lextrait.com-error_log
    CustomLog logs/www.lextrait.com-access_log common
</VirtualHost>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to