What is blocking port 80?

Derick Centeno yellowdog-general@lists.terrasoftsolutions.com
Wed Sep 22 12:13:44 MDT 2004 

Hi:
I'll come out and tell you the bad news first.  Your system, because
your brought down the iptables is WAY TOO open.  Your own printout of
nmap's report tells you port 80 IS open! You really should shutdown
telnet.

You DO know that ssh is a much safer conduit than telnet and the intent
in developing ssh was to replace telnet entirely.  Consider reviewing
some reference texts such as Using Linux Sys. Admin, and others like
them.  There are nice and clear discussions regarding security, ports,
iptable controls etc.; you might also review Maximum Linux occasionally.

Obviously there is no way to be specific without revealing to you and
everyone else the paths you've allowed which are now as wide as the
tunnel connecting France and England!  You should get my drift before
someone gets a whiff literally of your net.  Of course if you don't know
what is going on with what is surrounding your system right now that may
be the only thing protecting you, but that is REAL BAD system
administration.  IGNORANCE IS the KOD (KISS OF DEATH); you just don't
know it yet.

You don't have much time and unfortunately, I can only point to
references.  For quick references access, www.fatbrain.com and learn
fast.  If I point things out explicitly you ahere then others who intend
to make things very bad for you will be able to make it worse SOONER. 
And unfortunately human nature is such that there is no way to know who
is Sinner or Saint.

Of course, if you are independently wealthy and this is what you do for
entertainment then Why Worry?  If however there is responsibility of
running the server and various databases integrated with Apache then you
are in heap of boiling soup!  Sorry...but you have some research and
implementations to do in a hurry!  There are packages like SATAN, SAINT
Bastile, Tripwire, to name a few which can help you nail things down and
identify what is going on.  They are also mentioned in the references I
provided.

As 80 is not blocked on the machine nmap ran the test on; if a blockage
still exists it must be from what systems surround it; that's as much a
hint you'll get from me.

Try to get this resolved before users start yelling and those in
authority start to hear it.  These are harsh times to be standing in the
midst of a highway with a placard on one's person "I will code for
food."

On Tue, 2004-09-21 at 13:01, camroe@telusplanet.net wrote: 
> Hi all,
> 
> So I'm trying to run an Apache web server on my YDL.
> I'm running Apache 2.0.50 on YellowDog Linux (YDL) Release 3.0, Kernel 
> version 2.4.22-2f. I am running it behind a D-Link DSL firewall/router 
> DI-601. My YDL machine is assigned a local IP 192.168.1.5. 
> I was screwing around with the port forwarding but wasn't having any luck so
> I put the YDL in a DMZ (i.e. WAN has ALL access to this machine) I can FTP
> and Telnet to it using the dynamically assigned ISP IP address of the router
> (199.21.148.227 ... and no that's not the real address :)  )
> 
> The problem is that when I  browse to the address (199.21.148.227) I expect
> to get the Apache test page, but I get 'The connection was refused when
> attempting to contact 199.21.148.227'. I can brows to the 192.168.1.105 from
> another machine on my local home network, but I can't get to it from an
> external machine - i.e. at the office. I've tried both netscape and IE, as
> well as tried to telnet to port 80 (tenet 199.21.148.227 80), but still get
> connection refused. I've checked the Apache logs and there are no access_log
> entries or error_log entries. That there are no entries confirms my belief
> that Apache never gets the request and that port 80 is being blocked from
> external access. 
> Thinking about what could be blocking port 80 (http) but not port 23(telnet)
> -  I know just enough about IP chains to get into trouble, so I simply tried
> switching them off with 'service iptables stop'.
> 
> So  when I do an iptables -L   I get the following:
> 
> Chain INPUT (policy ACCEPT)
> target prot opt source  		destination
> 
> Chain FORWARD (policy ACCEPT)
> target prot opt source  		destination
> 
> Chain OUTPUT (policy ACCEPT)
> target prot opt source  		destination
> 
> To me this says that the machine is WIDE open. 
> 
> I also checked with my ISP provider to make sure that they weren't blocking
> port 80 but they confirmed that they do not do anything special to block
> anything. 
> 
> Just to confirm that http was indeed running I did an nmap with the
> following result.
> 
> nmap -p 1-1024 localhost
> 
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on
> localhost.localdomain (127.0.0.1):
> (The 1017 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/ftp     open        ftp
> 22/tcp     open        ssh
> 23/tcp     open        telnet
> 25/tcp     open        smtp
> 80/tcp     open        http
> 111/tcp    open        sunrpc
> 443/tcp    open        https
> 631/tcp    open        ipp
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
> 
> 
> So to review:
> 1. I've opened up the machine by putting it in a DMZ (all access open from
> the router)
> 2. I've turned off any ipchain rules
> 3. I can access the machine through telnet(port23) but can't access port 80.
> 
> That's all I can think of to check! My question is  - what else could be
> blocking port 80? Any idea's on what to check? 
> 
> Thanks for your help!!!
> 
> 
> Cam
> 
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'

More information about the yellowdog-general mailing list