[vox-tech] Apache2 problems
Peter Salzman
p at dirac.org
Thu Aug 12 06:42:51 PDT 2010
On Thu, Aug 12, 2010 at 5:56 AM, Ryan <cjg5ehir02 at sneakemail.com> wrote:
> On Tuesday August 10 2010 12:50:00 Peter Salzman wrote:
> > From the lack of entries in the log file, it looks like Apache isn't
> seeing
> > the incoming request. However, tcpdump seems to be showing otherwise.
> > Port 80 is forwarded to the Linux box by the router.
> >
> > In sites.enabled:
> >
> > <VirtualHost 24.189.162.69:80>
> > ServerAdmin p at dirac.org
> > ServerName www.dirac.org
> > ServerAlias dirac.org
> >
> > # Indexes + Directory Root.
> > DirectoryIndex index.html
> > DocumentRoot /var/www/
> >
> > # Logfiles
> > ErrorLog /var/log/apache2/dirac.org.error
> > CustomLog //var/log/apache2/dirac.org.access combined
> > </VirtualHost>
>
> --snip--
>
> > Any ideas what could be preventing this from working?
>
> I'm going assume that your router is doing some form of NAT given that you
> appear to be connected with a dynamic IP cable internet service.
>
> Unless you are port forwarding to an internal box that actually has an
> interface configured with the IP address 24.189.162.69, this is not going
> to
> work. The connection will hit your router on port 80, get rewritten to
> whatever internal address your web server has, and then hit Apache. Apache
> will look at the ip address on the local side of the socket and fail to
> match
> those vhosts since it doesn't see the 24.189.162.69 address anywhere.
>
> Another thing to note - cable internet providers often block inbound port
> 80 -
> and it looks like yours is doing so.
>
> http://www.google.com/search?q=optonline+block+port+80
>
> However, they seem to be doing it by blocking the return SYN+ACK packet
> which
> is a completely asinine way to accomplish the block which manages to make
> troubleshooting extra annoying (as you've discovered). You can check this
> by
> running tcpdump on both the client and server.
>
> Fun fact - these port blocks are usually done on the subscriber's modem by
> a
> policy pushed down in the config file from the CMTS.
>
> Finally, a general Apache note - unless you actually do need to serve
> different sites based on what IP address is hit, you probably should use
> <VirtualHost *:80>. It'll save headaches if your ip addresses change.
>
> -Ryan
>
Hi Ryan!
I actually got it working. It turned out to be a router issue. I
forwarded the port using the "port forward" page, whereas apparently I
should have forwarded the port using the "application forward" page. I'm
not too sure what the difference is, but there you go. I works!
Optonline has different classes of service. I have the super-duper
deeeeluxe service with static ip and no blocked ports (as you'll see if you
point a browser to dirac.org).
Thanks for the tip on virtual name host. I definitely will keep that in
mind. It's a real headache tracking down "named host has no virtual
servers" warnings...
Thanks!
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20100812/2aeb7e15/attachment.htm
More information about the vox-tech
mailing list