[vox-tech] Apache2 problems

Peter Salzman p at dirac.org
Thu Aug 12 06:42:51 PDT 2010


On Thu, Aug 12, 2010 at 5:56 AM, Ryan <cjg5ehir02 at sneakemail.com> wrote:

> On Tuesday August 10 2010 12:50:00 Peter Salzman wrote:
> > From the lack of entries in the log file, it looks like Apache isn't
> seeing
> > the incoming request.  However, tcpdump seems to be showing otherwise.
> > Port 80 is forwarded to the Linux box by the router.
> >
> > In sites.enabled:
> >
> > <VirtualHost 24.189.162.69:80>
> >    ServerAdmin p at dirac.org
> >    ServerName  www.dirac.org
> >    ServerAlias dirac.org
> >
> >    # Indexes + Directory Root.
> >    DirectoryIndex index.html
> >    DocumentRoot /var/www/
> >
> >    # Logfiles
> >    ErrorLog  /var/log/apache2/dirac.org.error
> >    CustomLog //var/log/apache2/dirac.org.access combined
> > </VirtualHost>
>
> --snip--
>
> > Any ideas what could be preventing this from working?
>
> I'm going assume that your router is doing some form of NAT given that you
> appear to be connected with a dynamic IP cable internet service.
>
> Unless you are port forwarding to an internal box that actually has an
> interface configured with the IP address 24.189.162.69, this is not going
> to
> work. The connection will hit your router on port 80, get rewritten to
> whatever internal address your web server has, and then hit Apache.  Apache
> will look at the ip address on the local side of the socket and fail to
> match
> those vhosts since it doesn't see the 24.189.162.69 address anywhere.
>
> Another thing to note - cable internet providers often block inbound port
> 80 -
> and it looks like yours is doing so.
>
> http://www.google.com/search?q=optonline+block+port+80
>
> However, they seem to be doing it by blocking the return SYN+ACK packet
> which
> is a completely asinine way to accomplish the block which manages to make
> troubleshooting extra annoying (as you've discovered).  You can check this
> by
> running tcpdump on both the client and server.
>
> Fun fact - these port blocks are usually done on the subscriber's modem by
> a
> policy pushed down in the config file from the CMTS.
>
> Finally, a general Apache note - unless you actually do need to serve
> different sites based on what IP address is hit, you probably should use
> <VirtualHost *:80>.  It'll save headaches if your ip addresses change.
>
> -Ryan
>


Hi Ryan!

I actually got it working.  It turned out to be a router issue.   I
forwarded the port using the "port forward" page, whereas apparently I
should have forwarded the port using the "application forward" page.   I'm
not too sure what the difference is, but there you go.   I works!

Optonline has different classes of service.  I have the super-duper
deeeeluxe service with static ip and no blocked ports (as you'll see if you
point a browser to dirac.org).

Thanks for the tip on virtual name host.   I definitely will keep that in
mind.  It's a real headache tracking down "named host has no virtual
servers" warnings...

Thanks!
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20100812/2aeb7e15/attachment.htm 


More information about the vox-tech mailing list