[vox-tech] Apache2 problems

Ryan cjg5ehir02 at sneakemail.com
Thu Aug 12 02:56:54 PDT 2010 

On Tuesday August 10 2010 12:50:00 Peter Salzman wrote:
> From the lack of entries in the log file, it looks like Apache isn't seeing
> the incoming request.  However, tcpdump seems to be showing otherwise. 
> Port 80 is forwarded to the Linux box by the router.
>
> In sites.enabled:
>
> <VirtualHost 24.189.162.69:80>
>    ServerAdmin p at dirac.org
>    ServerName  www.dirac.org
>    ServerAlias dirac.org
>
>    # Indexes + Directory Root.
>    DirectoryIndex index.html
>    DocumentRoot /var/www/
>
>    # Logfiles
>    ErrorLog  /var/log/apache2/dirac.org.error
>    CustomLog //var/log/apache2/dirac.org.access combined
> </VirtualHost>

--snip--

> Any ideas what could be preventing this from working?

I'm going assume that your router is doing some form of NAT given that you 
appear to be connected with a dynamic IP cable internet service.

Unless you are port forwarding to an internal box that actually has an 
interface configured with the IP address 24.189.162.69, this is not going to 
work. The connection will hit your router on port 80, get rewritten to 
whatever internal address your web server has, and then hit Apache.  Apache 
will look at the ip address on the local side of the socket and fail to match 
those vhosts since it doesn't see the 24.189.162.69 address anywhere.

Another thing to note - cable internet providers often block inbound port 80 - 
and it looks like yours is doing so.

http://www.google.com/search?q=optonline+block+port+80

However, they seem to be doing it by blocking the return SYN+ACK packet which 
is a completely asinine way to accomplish the block which manages to make 
troubleshooting extra annoying (as you've discovered).  You can check this by 
running tcpdump on both the client and server.

Fun fact - these port blocks are usually done on the subscriber's modem by a 
policy pushed down in the config file from the CMTS.

Finally, a general Apache note - unless you actually do need to serve 
different sites based on what IP address is hit, you probably should use 
<VirtualHost *:80>.  It'll save headaches if your ip addresses change.

-Ryan

More information about the vox-tech mailing list