What is blocking port 80?

Daniel Gimpelevich yellowdog-general@lists.terrasoftsolutions.com
Wed Sep 22 23:09:37 MDT 2004 

Filtered means that the port is not responding in any way, as opposed to
closed, which means that the port specifically responds that it is closed.
Unfortunately, running nmap from a remote machine outside your network
won't tell you whether it's the router filtering the packets or YDL. You
would need to run nmap within your network to the private IP of the
machine in question. But in your case, nmap pretty much won't tell you
anything you don't already know because you can already successfully point
a browser within your network to the YDL machine's private IP. This means
that the Apache configuration is definitely at fault. Perhaps you have
virtual hosts turned on? On your machine, Apache apparently is set up to
recognize the machine referred to only as 192.168.1.105 and not recognize
the same machine as 199.21.148.227.

On Wed, 22 Sep 2004 16:01:41 -0600, Cam Roe wrote:

> Hi Dave
> 
> This was a really good tip!!! but before I get to that let me say I
> agree that the proper configuration of iptables is important but for now
> I'm just working on getting the web server working and am using sort of
> a brute force method to eliminate iptables as a factor for now. 
> 
> Let me tell you what I did. I set apache to listen on port 81 and
> forwarded port 81 from the router. It all worked fine!!! I set the
> router to forward port 80 and set apache to listen on port 80 and it all
> failed. damn.  Ok so apparently it only fails if i try to forward port
> 80 from the router. 
> So back on my YDL, I did a 'tcpdump dst port 80'  and set the router to
> forward port 80 to port 80 on my YDL box. i set apache to listen on port
> 80 and restarted. I checked the nmap and http is on port 80. The output
> I got from the tcpdump is below. It seems as though the YDL box is
> getting the packets, but Apache is not. (there are not errors in the
> either the error log or access log to indicate that anything happened
> from the apache side.) 
> 
> [root@localhost conf]# tcpdump dst port 80
> tcpdump: listening on eth0
> 14:37:32.001913 s142-179-148-227.ab.hsia.telus.net.61652 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424418336 0,nop,wscale 0> (DF)
> 14:37:34.998295 s142-179-148-227.ab.hsia.telus.net.61653 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424418636 0,nop,wscale 0> (DF)
> 14:37:40.998462 s142-179-148-227.ab.hsia.telus.net.61654 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424419236 0,nop,wscale 0> (DF)
> 14:37:52.998550 s142-179-148-227.ab.hsia.telus.net.61657 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424420436 0,nop,wscale 0> (DF)
> 14:38:16.998456 s142-179-148-227.ab.hsia.telus.net.61658 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424422836 0,nop,wscale 0> (DF)
> 14:39:04.999757 s142-179-148-227.ab.hsia.telus.net.61659 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424427636 0,nop,wscale 0> (DF)
> 
> So what I am seeing (I think) is that if I set everything up to forward
> and listen on port 81 (or any other port) I can make it function. If I
> set it up on port 80, The router SEEMS to forward the packets correctly
> but YDL SEEMS to be blocking it somehow. 
> 
> iptables is off - is there anything else I should be checking? i.e. port
> protection? (is there such a thing) any other firewall stuff besides
> iptables? (I checked for old copies of ipchains on a long shot but
> didn't find anything - which is good! ) 
> 
> Another thing that I've noticed is that if I do an nmap -p 23,80
> xxx.xxx.xxx.xxx (where xxx stuff is the ip address of the router) and I
> do this from an external PC (Redhat Linux) I USUALLY get
> 
> 
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> Interesting ports on dxxx-xxx-xxx-xxx.abhsia.telus.net
> (xxx.xxx.xxx.xxx):
> (The 1 port scanned but not shown below is in state: closed)
> 
> Port       State       Service
> 23/tcp     open        telnet
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
> 
> BUT if I repeat it I can sometimes get 
> 
> Port       State       Service
> 23/tcp     open        telnet
> 80/tcp     filtered    http
> 
> Anyone know what 'filtered' means? 
> 
> This is driving me crazy!!! .... and not in a good way. :) 
> 
> Cheers
> 
> Cam
> 
> 
> 
> 
> 
> 
> On Tue, 2004-09-21 at 22:51, David Wadson wrote:
>> Have you tried running tcpdump on the web server to see whether any of 
>> the packets are getting through to it? If you don't have a firewall 
>> running on the webserver, I would suspect either the firewall on the 
>> router is blocking something, or the port forwarding isn't properly 
>> configured for WWW. Try 
>> http://support.dlink.com/faq/view.asp?prod_id=1005 for info on how to 
>> set up the ports.
>> 
>> Getting iptables properly configured on your web server is good idea as 
>> you'll want to keep someone from hacking into it.
>> 
>> Dave
>> 
>> On Tuesday, September 21, 2004, at 01:01  PM, camroe@telusplanet.net 
>> wrote:
>> 
>> > Hi all,
>> >
>> > So I'm trying to run an Apache web server on my YDL.
>> > I'm running Apache 2.0.50 on YellowDog Linux (YDL) Release 3.0, Kernel
>> > version 2.4.22-2f. I am running it behind a D-Link DSL firewall/router
>> > DI-601. My YDL machine is assigned a local IP 192.168.1.5.
>> > I was screwing around with the port forwarding but wasn't having any 
>> > luck so
>> > I put the YDL in a DMZ (i.e. WAN has ALL access to this machine) I can 
>> > FTP
>> > and Telnet to it using the dynamically assigned ISP IP address of the 
>> > router
>> > (199.21.148.227 ... and no that's not the real address :)  )
>> >
>> > The problem is that when I  browse to the address (199.21.148.227) I 
>> > expect
>> > to get the Apache test page, but I get 'The connection was refused when
>> > attempting to contact 199.21.148.227'. I can brows to the 
>> > 192.168.1.105 from
>> > another machine on my local home network, but I can't get to it from an
>> > external machine - i.e. at the office. I've tried both netscape and 
>> > IE, as
>> > well as tried to telnet to port 80 (tenet 199.21.148.227 80), but 
>> > still get
>> > connection refused. I've checked the Apache logs and there are no 
>> > access_log
>> > entries or error_log entries. That there are no entries confirms my 
>> > belief
>> > that Apache never gets the request and that port 80 is being blocked 
>> > from
>> > external access.
>> > Thinking about what could be blocking port 80 (http) but not port 
>> > 23(telnet)
>> > -  I know just enough about IP chains to get into trouble, so I simply 
>> > tried
>> > switching them off with 'service iptables stop'.
>> >
>> > So  when I do an iptables -L   I get the following:
>> >
>> > Chain INPUT (policy ACCEPT)
>> > target prot opt source  		destination
>> >
>> > Chain FORWARD (policy ACCEPT)
>> > target prot opt source  		destination
>> >
>> > Chain OUTPUT (policy ACCEPT)
>> > target prot opt source  		destination
>> >
>> > To me this says that the machine is WIDE open.
>> >
>> > I also checked with my ISP provider to make sure that they weren't 
>> > blocking
>> > port 80 but they confirmed that they do not do anything special to 
>> > block
>> > anything.
>> >
>> > Just to confirm that http was indeed running I did an nmap with the
>> > following result.
>> >
>> > nmap -p 1-1024 localhost
>> >
>> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on
>> > localhost.localdomain (127.0.0.1):
>> > (The 1017 ports scanned but not shown below are in state: closed)
>> > Port       State       Service
>> > 21/ftp     open        ftp
>> > 22/tcp     open        ssh
>> > 23/tcp     open        telnet
>> > 25/tcp     open        smtp
>> > 80/tcp     open        http
>> > 111/tcp    open        sunrpc
>> > 443/tcp    open        https
>> > 631/tcp    open        ipp
>> >
>> > Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>> >
>> >
>> > So to review:
>> > 1. I've opened up the machine by putting it in a DMZ (all access open 
>> > from
>> > the router)
>> > 2. I've turned off any ipchain rules
>> > 3. I can access the machine through telnet(port23) but can't access 
>> > port 80.
>> >
>> > That's all I can think of to check! My question is  - what else could 
>> > be
>> > blocking port 80? Any idea's on what to check?
>> >
>> > Thanks for your help!!!
>> 
>> _______________________________________________
>> yellowdog-general mailing list
>> yellowdog-general@lists.terrasoftsolutions.com
>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'

More information about the yellowdog-general mailing list