Apache 1.3 Problems
Annelise Anderson
andrsn at andrsn.stanford.edu
Tue Sep 16 21:40:16 UTC 2008
On Wed, 17 Sep 2008, Ian Smith wrote:
> On Tue, 16 Sep 2008 17:48:48 +1000 (EST) mark at legios.org wrote:
> > > On Tue, 16 Sep 2008 mark at legios.org wrote:
>
>> From a digest post, trimming a bit ..
>
> > >>> After 3 years, by apache 1.3 server quite working. It shows a
> > >>> PID, it's running, it can be stopped and restarted, and from FreeBSD
> > >>> the home page comes up using lynx http://andrsn.stanford.edu
> > >>>
> > >>> But from outside, it times out.
> > >>>
> > >>> I have run the texts for valid configuration (I haven't changed
> > >>> anything) and I actually rebooted the machine. The texts are okay and
> > >>> rebooting doesn't help.
> > >>>
> > >>> The machine is pingable. It's running FreeBSD 5.5 or so.
> > >>>
> > >>> What to do next?
> > >>>
> > >>> Annelise
> > >>> _______________________________________________
> > >>
> > >> Hmm..
> > >> Can it connect to the outside world at all itself? Has the network
> > >> changed
> > >> at all recently? Did the server restart at all and if so are the
> > >> firewall
> > >> rules (if any) permitting external traffic?
> > >>
> > >> You could check the apache logs to see if any external connections are
> > >> getting through to the box at all, too.
> > >>
> > >> Is the lynx test connecting from the same box to itself? or from another
> > >> FreeBSD box..?
> > >
> > >>From the same box to itself.
>
> What about from other boxes 'inside' your domain?
>
> > >> --
> > >> Also, what Chris said would cover most of these. :)
> > >>
> > >> Cheers,
> > >> Mark
> > >
> > > Chris wrote:
> > >
> > >>Sounds like a (probebly external) firewall issue. Just because pings get
> > >>through, doesn't mean the http requests are.
> > >
> > > No firewall on my machine.
>
> No, but there are (hopefully :) Stanford firewall/s between you and the
> outside world. Might they have upgraded policy about allowing inbound
> port 80 connections to boxes not known/expected to be running servers?
>
> > >>I'd run ngrep or tcpdump on the console and double-check that the packets
> > >>are actually making it to the server.
> > >
> > >>Also, do a "sockstat -4" and make sure it's listening on the approprate
> > >>IP.
> > >
> > > Thank you both--
> > >
> > > sockstat -4 show that it's listening on *:80, which is right.
> > > Neither tcpdump (assuming I'm reading it correcting) nor httpd-access.log
> > > shows any tcp packets at all getting through except when lynx is run
> > > from the machine on which apache is running after Sept 12 at 2:12 a.m.
> > > Thus, I assume packets are not getting to the server, except when
> > > requested from the local machine.
>
> Sounds like your machine is setup ok, but inbound tcp setup packets are
> apparently getting blocked upstream.
>
> > > email and ftp are working--and I can log into the machine remotely--
> > > so stuff is getting out and in. tcpdump shows a lot of other activity,
>
> Specific like 'tcpdump -pn -i $iface tcp port 80' quells other noise.
>
> > > So, I'm stumped.
> > >
> > > Annelise
>
> Ok, ping and DNS look fine. I (also) can traceroute your box this far:
>
> 14 bbrb-isp.Stanford.EDU (171.64.1.155) 193.489 ms 193.562 ms 195.603 ms
> 15 * * *
> 16 * * *
> 17 * * *
> 18 * *^C
>
> I don't know whether you allow inbound traceroutes? but the question
> now is, how many routers between you and and bbrb-isp.Stanford.EDU ?
>
> Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine?
>
> > This might sound like an odd test, but try configuring it to sit on a port
> > other than 80 (8080, for example) and seeing if you get the same problem
> > there.
> >
> > Cheers,
> > Mark
>
> If you're thinking what I'm thinking, 8080's just as unlikely to work :)
>
> cheers, Ian
I think port 80 is being filtered. I have started talking to the admins.
The traceroute looks like this--
andrsn 2:23PM ~ % traceroute bbrb-isp.Stanford.EDU
traceroute to bbrb-isp.Stanford.EDU (171.64.1.155), 64 hops max, 40 byte
packets
1 goz-srtr-vlan910.Stanford.EDU (171.66.112.1) 0.610 ms 0.571 ms
0.711 ms
2 * bbra-rtr.Stanford.EDU (172.20.4.1) 1.093 ms *
3 * * *
4 * * *
....and so forth indefinitely.
When I filter out non-tcp traffic nothing shows up at all.
I have not tried another port yet, but will do that now.
Annelise
More information about the freebsd-questions
mailing list