[vox-tech] Apache: 2, Me: 0.

Peter Salzman p at dirac.org
Mon Feb 21 16:05:14 PST 2011 

On Mon, Feb 21, 2011 at 3:50 PM, Peter Salzman <p at dirac.org> wrote:
> On Tue, Feb 15, 2011 at 7:15 PM, Troy Arnold <troy-vox at zenux.net> wrote:
>>
>> On Tue, Feb 15, 2011 at 03:27:01PM -0500, Peter Salzman wrote:
>> >
>> > But as to why the 3-way handshake isn't being fully established ...
>> > that would suck because I have *no* idea how to diagnose that sort of
>> > thing...
>>
>> Hey, Pete-
>>
>> netcat is the perfect tool for determining if the 3 way handshake is
>> successful.
>>
>> On satan:
>> stop apache
>> # nc -l -p 80
>>
>> from elsewhere:
>> nc dirac.org 80
>>
>>
>> if it works you'll be able to type stuff on either side and see it echoed
>> on the other (after hitting return)
>>
>> At least at the end of this you'll know if your apache config is to blame.
>>
>> -t
>
>
> Hey Troy and Shwaine,
>
> That is a *really* snazzy tool.  I'm surprised I haven't run across it
> yet.  Thanks for mentioning it to me!
>
> OK, I think for the first time I've made a little progress.  I tried
> nc on a port that I'm 100% confident with, port 22 (ssh).  It worked
> as advertised.
>
> Next I tried it on the questionable port, port 80.  On the server
> side, it bound to 80 no problem.  On the client, I typed "nc -v
> dirac.org 80" (-v gives verbose output).  After about 30 seconds, it
> replied with:
>
> nc: connect to dirac.org port 80 (tcp) failed: Connection timed out
>
> Progress by a mile.  I think this limits the problem to either my
> router or the ISP.   I think the next step is to connect satan
> directly to the modem, bypassing the router.  If nc still doesn't work
> on port 80, then it's time to grill my ISP and ask them why they're
> breaking the TOS.
>
> *Thank you*
>
> Pete
>
> ps- iptables are completely empty.


OK, I think the problem is close to being solved.   I connected satan
directly to the modem, and nc STILL showed that nc couldn't make the
connection on port 80 (but it could on ssh).  So my router was not to
blame.  That left the ISP.  I called, and found it was indeed the ISP.

When I first got Internet service from Optimum, I had the normal cheap
service (which filters 80, 25, and 21).  Then when I saw the Boost
service with its 100 down / 15 up (and no filtering) I switched.
Apparently, the ISP didn't unfilter my ports.  Hopefully, this time
tomorrow will find my webserver functional unless I screwed up the
Apache configuration with all my testing and prodding.  :)

That nc tool is truly a great find!  Thank you for mentioning it!  I
was really able to see that 23 worked flawlessly and 80 couldn't
establish the connection; it eliminated almost all doubt.

Thanks!!!!
Pete

More information about the vox-tech mailing list