What is blocking port 80?

yellowdog-general@lists.terrasoftsolutions.com yellowdog-general@lists.terrasoftsolutions.com
Tue, 21 Sep 2004 11:01:36 -0600 

Hi all,

So I'm trying to run an Apache web server on my YDL.
I'm running Apache 2.0.50 on YellowDog Linux (YDL) Release 3.0, Kernel 
version 2.4.22-2f. I am running it behind a D-Link DSL firewall/router 
DI-601. My YDL machine is assigned a local IP 192.168.1.5. 
I was screwing around with the port forwarding but wasn't having any luck so
I put the YDL in a DMZ (i.e. WAN has ALL access to this machine) I can FTP
and Telnet to it using the dynamically assigned ISP IP address of the router
(199.21.148.227 ... and no that's not the real address :)  )

The problem is that when I  browse to the address (199.21.148.227) I expect
to get the Apache test page, but I get 'The connection was refused when
attempting to contact 199.21.148.227'. I can brows to the 192.168.1.105 from
another machine on my local home network, but I can't get to it from an
external machine - i.e. at the office. I've tried both netscape and IE, as
well as tried to telnet to port 80 (tenet 199.21.148.227 80), but still get
connection refused. I've checked the Apache logs and there are no access_log
entries or error_log entries. That there are no entries confirms my belief
that Apache never gets the request and that port 80 is being blocked from
external access. 
Thinking about what could be blocking port 80 (http) but not port 23(telnet)
-  I know just enough about IP chains to get into trouble, so I simply tried
switching them off with 'service iptables stop'.

So  when I do an iptables -L   I get the following:

Chain INPUT (policy ACCEPT)
target prot opt source  		destination

Chain FORWARD (policy ACCEPT)
target prot opt source  		destination

Chain OUTPUT (policy ACCEPT)
target prot opt source  		destination

To me this says that the machine is WIDE open. 

I also checked with my ISP provider to make sure that they weren't blocking
port 80 but they confirmed that they do not do anything special to block
anything. 

Just to confirm that http was indeed running I did an nmap with the
following result.

nmap -p 1-1024 localhost

Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on
localhost.localdomain (127.0.0.1):
(The 1017 ports scanned but not shown below are in state: closed)
Port       State       Service
21/ftp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
80/tcp     open        http
111/tcp    open        sunrpc
443/tcp    open        https
631/tcp    open        ipp

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds


So to review:
1. I've opened up the machine by putting it in a DMZ (all access open from
the router)
2. I've turned off any ipchain rules
3. I can access the machine through telnet(port23) but can't access port 80.

That's all I can think of to check! My question is  - what else could be
blocking port 80? Any idea's on what to check? 

Thanks for your help!!!


Cam