What is blocking port 80?
Cameron Roe[home]
camroe at telusplanet.net
Fri Sep 24 10:22:50 MDT 2004
Hi All,
I am so PO'd. It turns out that Telus (my ISP) is 'upgrading security' and
as part of that process has decided to block port 80. Last week when I
called, they said they weren't blocking, now they are, ergo, nothing
happening on port 80 from external sources. AAAARRRGGGGGG!
Thanks Bill and Dave for all the advise - I learned tons so was not a total
waste but now I owe beer. :)
Cheers
Cam
PS. Next - iptables!
-----Original Message-----
From: yellowdog-general-admin at lists.terrasoftsolutions.com
[mailto:yellowdog-general-admin at lists.terrasoftsolutions.com] On Behalf Of
Daniel Gimpelevich
Sent: September 22, 2004 4:10 PM
To: yellowdog-general at lists.terrasoftsolutions.com
Subject: Re: What is blocking port 80?
Filtered means that the port is not responding in any way, as opposed to
closed, which means that the port specifically responds that it is closed.
Unfortunately, running nmap from a remote machine outside your network won't
tell you whether it's the router filtering the packets or YDL. You would
need to run nmap within your network to the private IP of the machine in
question. But in your case, nmap pretty much won't tell you anything you
don't already know because you can already successfully point a browser
within your network to the YDL machine's private IP. This means that the
Apache configuration is definitely at fault. Perhaps you have virtual hosts
turned on? On your machine, Apache apparently is set up to recognize the
machine referred to only as 192.168.1.105 and not recognize the same machine
as 199.21.148.227.
On Wed, 22 Sep 2004 16:01:41 -0600, Cam Roe wrote:
> Hi Dave
>
> This was a really good tip!!! but before I get to that let me say I
> agree that the proper configuration of iptables is important but for
> now I'm just working on getting the web server working and am using
> sort of a brute force method to eliminate iptables as a factor for now.
>
> Let me tell you what I did. I set apache to listen on port 81 and
> forwarded port 81 from the router. It all worked fine!!! I set the
> router to forward port 80 and set apache to listen on port 80 and it
> all failed. damn. Ok so apparently it only fails if i try to forward
> port 80 from the router.
> So back on my YDL, I did a 'tcpdump dst port 80' and set the router
> to forward port 80 to port 80 on my YDL box. i set apache to listen on
> port 80 and restarted. I checked the nmap and http is on port 80. The
> output I got from the tcpdump is below. It seems as though the YDL box
> is getting the packets, but Apache is not. (there are not errors in
> the either the error log or access log to indicate that anything
> happened from the apache side.)
>
> [root at localhost conf]# tcpdump dst port 80
> tcpdump: listening on eth0
> 14:37:32.001913 s142-179-148-227.ab.hsia.telus.net.61652 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424418336 0,nop,wscale 0> (DF)
> 14:37:34.998295 s142-179-148-227.ab.hsia.telus.net.61653 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424418636 0,nop,wscale 0> (DF)
> 14:37:40.998462 s142-179-148-227.ab.hsia.telus.net.61654 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424419236 0,nop,wscale 0> (DF)
> 14:37:52.998550 s142-179-148-227.ab.hsia.telus.net.61657 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424420436 0,nop,wscale 0> (DF)
> 14:38:16.998456 s142-179-148-227.ab.hsia.telus.net.61658 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424422836 0,nop,wscale 0> (DF)
> 14:39:04.999757 s142-179-148-227.ab.hsia.telus.net.61659 >
> 192.168.1.105.http: S 4026405647:4026405647(0) win 5840 <mss
> 1460,sackOK,timestamp
> 424427636 0,nop,wscale 0> (DF)
>
> So what I am seeing (I think) is that if I set everything up to
> forward and listen on port 81 (or any other port) I can make it
> function. If I set it up on port 80, The router SEEMS to forward the
> packets correctly but YDL SEEMS to be blocking it somehow.
>
> iptables is off - is there anything else I should be checking? i.e.
> port protection? (is there such a thing) any other firewall stuff
> besides iptables? (I checked for old copies of ipchains on a long shot
> but didn't find anything - which is good! )
>
> Another thing that I've noticed is that if I do an nmap -p 23,80
> xxx.xxx.xxx.xxx (where xxx stuff is the ip address of the router) and
> I do this from an external PC (Redhat Linux) I USUALLY get
>
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on
> dxxx-xxx-xxx-xxx.abhsia.telus.net
> (xxx.xxx.xxx.xxx):
> (The 1 port scanned but not shown below is in state: closed)
>
> Port State Service
> 23/tcp open telnet
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
>
> BUT if I repeat it I can sometimes get
>
> Port State Service
> 23/tcp open telnet
> 80/tcp filtered http
>
> Anyone know what 'filtered' means?
>
> This is driving me crazy!!! .... and not in a good way. :)
>
> Cheers
>
> Cam
>
>
>
>
>
>
> On Tue, 2004-09-21 at 22:51, David Wadson wrote:
>> Have you tried running tcpdump on the web server to see whether any
>> of the packets are getting through to it? If you don't have a
>> firewall running on the webserver, I would suspect either the
>> firewall on the router is blocking something, or the port forwarding
>> isn't properly configured for WWW. Try
>> http://support.dlink.com/faq/view.asp?prod_id=1005 for info on how to
>> set up the ports.
>>
>> Getting iptables properly configured on your web server is good idea
>> as you'll want to keep someone from hacking into it.
>>
>> Dave
>>
>> On Tuesday, September 21, 2004, at 01:01 PM, camroe at telusplanet.net
>> wrote:
>>
>> > Hi all,
>> >
>> > So I'm trying to run an Apache web server on my YDL.
>> > I'm running Apache 2.0.50 on YellowDog Linux (YDL) Release 3.0,
>> > Kernel version 2.4.22-2f. I am running it behind a D-Link DSL
>> > firewall/router DI-601. My YDL machine is assigned a local IP
192.168.1.5.
>> > I was screwing around with the port forwarding but wasn't having
>> > any luck so I put the YDL in a DMZ (i.e. WAN has ALL access to this
>> > machine) I can FTP and Telnet to it using the dynamically assigned
>> > ISP IP address of the router
>> > (199.21.148.227 ... and no that's not the real address :) )
>> >
>> > The problem is that when I browse to the address (199.21.148.227)
>> > I expect to get the Apache test page, but I get 'The connection was
>> > refused when attempting to contact 199.21.148.227'. I can brows to
>> > the
>> > 192.168.1.105 from
>> > another machine on my local home network, but I can't get to it
>> > from an external machine - i.e. at the office. I've tried both
>> > netscape and IE, as well as tried to telnet to port 80 (tenet
>> > 199.21.148.227 80), but still get connection refused. I've checked
>> > the Apache logs and there are no access_log entries or error_log
>> > entries. That there are no entries confirms my belief that Apache
>> > never gets the request and that port 80 is being blocked from
>> > external access.
>> > Thinking about what could be blocking port 80 (http) but not port
>> > 23(telnet)
>> > - I know just enough about IP chains to get into trouble, so I
>> > simply tried switching them off with 'service iptables stop'.
>> >
>> > So when I do an iptables -L I get the following:
>> >
>> > Chain INPUT (policy ACCEPT)
>> > target prot opt source destination
>> >
>> > Chain FORWARD (policy ACCEPT)
>> > target prot opt source destination
>> >
>> > Chain OUTPUT (policy ACCEPT)
>> > target prot opt source destination
>> >
>> > To me this says that the machine is WIDE open.
>> >
>> > I also checked with my ISP provider to make sure that they weren't
>> > blocking port 80 but they confirmed that they do not do anything
>> > special to block anything.
>> >
>> > Just to confirm that http was indeed running I did an nmap with the
>> > following result.
>> >
>> > nmap -p 1-1024 localhost
>> >
>> > Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports
>> > on localhost.localdomain (127.0.0.1):
>> > (The 1017 ports scanned but not shown below are in state: closed)
>> > Port State Service
>> > 21/ftp open ftp
>> > 22/tcp open ssh
>> > 23/tcp open telnet
>> > 25/tcp open smtp
>> > 80/tcp open http
>> > 111/tcp open sunrpc
>> > 443/tcp open https
>> > 631/tcp open ipp
>> >
>> > Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>> >
>> >
>> > So to review:
>> > 1. I've opened up the machine by putting it in a DMZ (all access
>> > open from the router) 2. I've turned off any ipchain rules 3. I can
>> > access the machine through telnet(port23) but can't access port 80.
>> >
>> > That's all I can think of to check! My question is - what else
>> > could be blocking port 80? Any idea's on what to check?
>> >
>> > Thanks for your help!!!
>>
>> _______________________________________________
>> yellowdog-general mailing list
>> yellowdog-general at lists.terrasoftsolutions.com
>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-genera
>> l
>> HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
>
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
_______________________________________________
yellowdog-general mailing list
yellowdog-general at lists.terrasoftsolutions.com
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
More information about the yellowdog-general
mailing list