[vox-tech] Apache: 2, Me: 0.

Peter Salzman p at dirac.org
Tue Feb 15 10:49:29 PST 2011


On Tue, Feb 15, 2011 at 12:40 PM, Orson Jones <orson.lugod at afriskito.net> wrote:
> A couple more things worth checking:
>
> Use netstat to check to see what IP(s) it is actually listening on.
> netstat -tapn | grep LISTEN | grep :80
> If the output of that doesn't match what is in the configuration, there may
> be something wrong with the config and you should spend more time looking
> there. Otherwise:
>
> Check your firewall to see if it is blocking the port
> Some distros now include a firewall by default and you have to manually
> allow outside access to apache.
>
> run: "iptables -L" or "iptables-save" to see what rules are active in the
> firewall. If you are using a firewall tool, it is probably easier to use
> it's interface instead of the above commands, but these commands will at
> least let you know if the firewall is active or not.
>
> Orson


Hi Orson,

Unfortunately, Apache is listening to 80 -- I think I know that
because the webserver is accessible from inside the LAN.  But just to
make 100% sure,

root at satan:/etc/network# netstat -tapn | grep -i listen | grep -i :80
tcp     0     0 0.0.0.0:80   0.0.0.0:*            LISTEN      14090/apache2


I think the same argument applies to the firewall idea.  Using
tcpdump, I can definitely see external packets arrive at the right
computer at the right port.  I also checked tcpwrappers, and put ALL:
ALL in hosts.allow, but that didn't work.  It seems like everything
points to Apache not knowing to look at incoming packets that
originated outside the LAN.

iptables has no rules in it, unfortunately.

Great suggestions!  Thank you!

Pete


More information about the vox-tech mailing list