<div class="gmail_quote">On Thu, Aug 12, 2010 at 5:56 AM, Ryan <span dir="ltr"><<a href="mailto:cjg5ehir02@sneakemail.com">cjg5ehir02@sneakemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Tuesday August 10 2010 12:50:00 Peter Salzman wrote:<br>
> From the lack of entries in the log file, it looks like Apache isn't seeing<br>
> the incoming request. However, tcpdump seems to be showing otherwise.<br>
> Port 80 is forwarded to the Linux box by the router.<br>
><br>
> In sites.enabled:<br>
><br>
> <VirtualHost <a href="http://24.189.162.69:80" target="_blank">24.189.162.69:80</a>><br>
> ServerAdmin <a href="mailto:p@dirac.org">p@dirac.org</a><br>
> ServerName <a href="http://www.dirac.org" target="_blank">www.dirac.org</a><br>
> ServerAlias <a href="http://dirac.org" target="_blank">dirac.org</a><br>
><br>
> # Indexes + Directory Root.<br>
> DirectoryIndex index.html<br>
> DocumentRoot /var/www/<br>
><br>
> # Logfiles<br>
> ErrorLog /var/log/apache2/dirac.org.error<br>
> CustomLog //var/log/apache2/dirac.org.access combined<br>
> </VirtualHost><br>
<br>
--snip--<br>
<br>
> Any ideas what could be preventing this from working?<br>
<br>
I'm going assume that your router is doing some form of NAT given that you<br>
appear to be connected with a dynamic IP cable internet service.<br>
<br>
Unless you are port forwarding to an internal box that actually has an<br>
interface configured with the IP address 24.189.162.69, this is not going to<br>
work. The connection will hit your router on port 80, get rewritten to<br>
whatever internal address your web server has, and then hit Apache. Apache<br>
will look at the ip address on the local side of the socket and fail to match<br>
those vhosts since it doesn't see the 24.189.162.69 address anywhere.<br>
<br>
Another thing to note - cable internet providers often block inbound port 80 -<br>
and it looks like yours is doing so.<br>
<br>
<a href="http://www.google.com/search?q=optonline+block+port+80" target="_blank">http://www.google.com/search?q=optonline+block+port+80</a><br>
<br>
However, they seem to be doing it by blocking the return SYN+ACK packet which<br>
is a completely asinine way to accomplish the block which manages to make<br>
troubleshooting extra annoying (as you've discovered). You can check this by<br>
running tcpdump on both the client and server.<br>
<br>
Fun fact - these port blocks are usually done on the subscriber's modem by a<br>
policy pushed down in the config file from the CMTS.<br>
<br>
Finally, a general Apache note - unless you actually do need to serve<br>
different sites based on what IP address is hit, you probably should use<br>
<VirtualHost *:80>. It'll save headaches if your ip addresses change.<br>
<font color="#888888"><br>
-Ryan</font><br></blockquote><div><font color="#888888"><br><br>Hi Ryan!<br><br>I actually got it working. It turned out to be a router issue. I forwarded the port using the "port forward" page, whereas apparently I should have forwarded the port using the "application forward" page. I'm not too sure what the difference is, but there you go. I works!<br>
<br>Optonline has different classes of service. I have the super-duper deeeeluxe service with static ip and no blocked ports (as you'll see if you point a browser to <a href="http://dirac.org">dirac.org</a>).<br><br>
Thanks for the tip on virtual name host. I definitely will keep that in mind. It's a real headache tracking down "named host has no virtual servers" warnings...<br><br>Thanks!<br>Pete</font> </div></div>