[vox-tech] Webserver Woes: Lost Packets

Peter Salzman p at dirac.org
Sun Oct 17 19:18:49 PDT 2010 

On Sun, Oct 17, 2010 at 9:59 PM, Chanoch (Ken) Bloom <kbloom at gmail.com> wrote:
> On Sun, Oct 17, 2010 at 06:04:58PM -0400, Peter Salzman wrote:
>> I'm having trouble with Apache running on satan (192.162.0.2).  At
>> some point I must have changed something, and it stopped working.
>>
>> There are two virtual hosts:
>>
>> 1. /etc/apache2/sites-enabled/000-default
>>
>> <VirtualHost *:80>
>>    ServerAdmin p at dirac.org
>>    DocumentRoot /var/www
>>    <Directory />
>>       Options FollowSymLinks
>>       AllowOverride None
>>    </Directory>
>>
>>    <Directory /var/www/>
>>       Options Indexes FollowSymLinks MultiViews
>>       AllowOverride None
>>       Order allow,deny
>>       allow from all
>>    </Directory>
>>
>>    ErrorLog /var/log/apache2/error.log
>>    LogLevel debug
>>
>>    CustomLog /var/log/apache2/access.log combined
>>
>> </VirtualHost>
>>
>>
>> 2. /etc/apache2/sites-enabled/001-dirac.org  (the one I want to work)
>>
>> <VirtualHost *:80>
>>    ServerAdmin p at dirac.org
>>    ServerName  www.dirac.org
>>    ServerAlias dirac.org
>>
>>    DirectoryIndex index.html
>>    DocumentRoot /var/www/
>>
>>    LogLevel debug
>>    ErrorLog  /var/log/apache2/dirac.org.error
>>    CustomLog //var/log/apache2/dirac.org.access combined
>> </VirtualHost>
>>
>> The /etc/hostname file contains "satan".   The /etc/hosts file contains:
>>
>> 192.168.0.2  satan
>> 192.168.0.2  dirac.org
>> 192.168.0.2  www.dirac.org
>>
>>
>>
>>
>> I'm seeing different behaviors depending on whether I'm on the home
>> network or outside the home network.
>>
>> From the home network I can access the webserver from any computer by
>> pointing a browser to http://dirac.org, http://www.dirac.org,
>> http://192.168.0.2, http://24.189.162.69/, or http://satan.   When I
>> access www.dirac.org or dirac.org, /var/log/apache/dirac.org.access
>> gets larger.   When I access satan, 192.168.0.2, or 24.189.162.69 (my
>> external IP),  /var/log/apache2/access.log gets larger.  No surprises
>> here.
>>
>> From outside the home network, I can't access the webserver at all,
>> and as expected, none of the logs get larger.  It's clear that Apache
>> simply isn't seeing anything, otherwise, the logs would increase in
>> size.
>>
>> I don't think it's a firewall issue because tcpdump sees external www
>> requests coming from.  From external IP 10.37.247.64 (an iPhone on the
>> 3G network), I point Safari to "http://www.dirac.org" and this is what
>> tcpdump reports:
>>
>> root at satan:/var/log/apache2# tcpdump -vv -i eth0 tcp port 80 | grep cingular
>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>>     satan.www > mobile-166-137-137-082.mycingular.net.4445: Flags
>> [S.], cksum 0x4d17 (correct), seq 305106526, ack 4022190454, win 5792,
>> options [mss 1460,sackOK,TS val 1210510762 ecr 842475580,nop,wscale
>> 6], length 0
>>     mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S],
>> cksum 0x3dc6 (correct), seq 1346585780, win 65535, options [mss
>> 1410,nop,wscale 2,nop,nop,TS val 842476145 ecr 0,sackOK,eol], length 0
>>     satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags
>> [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win
>> 5792, options [mss 1460,sackOK,TS val 1210513399 ecr
>> 842476145,nop,wscale 6], length 0
>>     mobile-166-137-137-082.mycingular.net.5878 > satan.www: Flags [S],
>> cksum 0x3dbc (correct), seq 1346585780, win 65535, options [mss
>> 1410,nop,wscale 2,nop,nop,TS val 842476155 ecr 0,sackOK,eol], length 0
>>     satan.www > mobile-166-137-137-082.mycingular.net.5878: Flags
>> [S.], cksum 0xcafe (correct), seq 1206576348, ack 1346585781, win
>> 5792, options [mss 1460,sackOK,TS val 1210513399 ecr
>> 842476145,nop,wscale 6], length 0
>>
>> Packets from the iPhone are seen coming in.  And packets are being
>> sent back out to the iPhone.  However, Safari errors out with a
>> "Cannot open Page" error.  Furthermore, neither
>> /var/log/apache2/access.log no /var/log/apache2/dirac.org.access get
>> larger.
>>
>> On one hand it's "obvious" that Apache isn't seeing these packets from
>> the iPhone because the logs aren't increasing in size.  On the other
>> hand, it's not "obvious" because .. why are packets being sent from
>> satan.www to mycingular.net?
>>
>> I'm really stumped.  Any ideas?
>
> The packets you see going from satan.www to mycingular.net are SYN-ACK
> packets, which are the second part of the three-way handshake used to
> open a TCP connection. That is, satan is responding to the iPhone and
> agreeing to open a connection. For some reason, the iPhone doesn't see
> this response (or just doesn't respond with the ACK that is the third
> part of the three-way handshake).
>
> Your apache configuration has nothing to do with a problem at this
> level.
>
> --Ken


If it's not an Apache or firewall problem, then you should be able to
connect to dirac.org.   Can you reach it?

Thanks!
Pete

More information about the vox-tech mailing list