What is blocking port 80?

Geert Janssens yellowdog-general@lists.terrasoftsolutions.com
Wed Sep 22 12:32:04 MDT 2004 

> On Tue, 2004-09-21 at 13:01, camroe@telusplanet.net wrote: 
> 
>>Hi all,
>>
>>So I'm trying to run an Apache web server on my YDL.
>>I'm running Apache 2.0.50 on YellowDog Linux (YDL) Release 3.0, Kernel 
>>version 2.4.22-2f. I am running it behind a D-Link DSL firewall/router 
>>DI-601. My YDL machine is assigned a local IP 192.168.1.5. 
>>I was screwing around with the port forwarding but wasn't having any luck so
>>I put the YDL in a DMZ (i.e. WAN has ALL access to this machine) I can FTP
>>and Telnet to it using the dynamically assigned ISP IP address of the router
>>(199.21.148.227 ... and no that's not the real address :)  )
>>
>>The problem is that when I  browse to the address (199.21.148.227) I expect
>>to get the Apache test page, but I get 'The connection was refused when
>>attempting to contact 199.21.148.227'. I can brows to the 192.168.1.105 from
>>another machine on my local home network, but I can't get to it from an
>>external machine - i.e. at the office. I've tried both netscape and IE, as
>>well as tried to telnet to port 80 (tenet 199.21.148.227 80), but still get
>>connection refused. I've checked the Apache logs and there are no access_log
>>entries or error_log entries. That there are no entries confirms my belief
>>that Apache never gets the request and that port 80 is being blocked from
>>external access. 
>>Thinking about what could be blocking port 80 (http) but not port 23(telnet)
>>-  I know just enough about IP chains to get into trouble, so I simply tried
>>switching them off with 'service iptables stop'.
>>
>>So  when I do an iptables -L   I get the following:
>>
>>Chain INPUT (policy ACCEPT)
>>target prot opt source  		destination
>>
>>Chain FORWARD (policy ACCEPT)
>>target prot opt source  		destination
>>
>>Chain OUTPUT (policy ACCEPT)
>>target prot opt source  		destination
>>
>>To me this says that the machine is WIDE open. 
>>
>>I also checked with my ISP provider to make sure that they weren't blocking
>>port 80 but they confirmed that they do not do anything special to block
>>anything. 
>>
>>Just to confirm that http was indeed running I did an nmap with the
>>following result.
>>
>>nmap -p 1-1024 localhost
>>
>>Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on
>>localhost.localdomain (127.0.0.1):
>>(The 1017 ports scanned but not shown below are in state: closed)
>>Port       State       Service
>>21/ftp     open        ftp
>>22/tcp     open        ssh
>>23/tcp     open        telnet
>>25/tcp     open        smtp
>>80/tcp     open        http
>>111/tcp    open        sunrpc
>>443/tcp    open        https
>>631/tcp    open        ipp
>>
>>Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>>
>>
nmap on localhost will not show you wether your DMZ configuration on the 
firewall is actually ok. It only shows the server itself is listening.

Try nmap to your machine from your office, and see if port 80 is still open.

Also, I would agree with mr. Centeno that it is preferable to use ssh 
instead of telnet. I would advice to shut down the telnet service on 
your server, and use ssh instead.

It works similarly.

Hope that helps.

Cheers,

Geert

>>So to review:
>>1. I've opened up the machine by putting it in a DMZ (all access open from
>>the router)
>>2. I've turned off any ipchain rules
>>3. I can access the machine through telnet(port23) but can't access port 80.
>>
>>That's all I can think of to check! My question is  - what else could be
>>blocking port 80? Any idea's on what to check? 
>>
>>Thanks for your help!!!
>>
>>
>>Cam
>>
>>
>>_______________________________________________
>>yellowdog-general mailing list
>>yellowdog-general@lists.terrasoftsolutions.com
>>http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>>HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 
>

More information about the yellowdog-general mailing list