l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2010 Aug 18 02:48

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Apache2 problems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Apache2 problems

On Thu, Aug 12, 2010 at 5:56 AM, Ryan <cjg5ehir02@sneakemail.com> wrote:
On Tuesday August 10 2010 12:50:00 Peter Salzman wrote:
> From the lack of entries in the log file, it looks like Apache isn't seeing
> the incoming request.  However, tcpdump seems to be showing otherwise.
> Port 80 is forwarded to the Linux box by the router.
> In sites.enabled:
> <VirtualHost>
>    ServerAdmin p@dirac.org
>    ServerName  www.dirac.org
>    ServerAlias dirac.org
>    # Indexes + Directory Root.
>    DirectoryIndex index.html
>    DocumentRoot /var/www/
>    # Logfiles
>    ErrorLog  /var/log/apache2/dirac.org.error
>    CustomLog //var/log/apache2/dirac.org.access combined
> </VirtualHost>


> Any ideas what could be preventing this from working?

I'm going assume that your router is doing some form of NAT given that you
appear to be connected with a dynamic IP cable internet service.

Unless you are port forwarding to an internal box that actually has an
interface configured with the IP address, this is not going to
work. The connection will hit your router on port 80, get rewritten to
whatever internal address your web server has, and then hit Apache.  Apache
will look at the ip address on the local side of the socket and fail to match
those vhosts since it doesn't see the address anywhere.

Another thing to note - cable internet providers often block inbound port 80 -
and it looks like yours is doing so.


However, they seem to be doing it by blocking the return SYN+ACK packet which
is a completely asinine way to accomplish the block which manages to make
troubleshooting extra annoying (as you've discovered).  You can check this by
running tcpdump on both the client and server.

Fun fact - these port blocks are usually done on the subscriber's modem by a
policy pushed down in the config file from the CMTS.

Finally, a general Apache note - unless you actually do need to serve
different sites based on what IP address is hit, you probably should use
<VirtualHost *:80>.  It'll save headaches if your ip addresses change.


Hi Ryan!

I actually got it working.  It turned out to be a router issue.   I forwarded the port using the "port forward" page, whereas apparently I should have forwarded the port using the "application forward" page.   I'm not too sure what the difference is, but there you go.   I works!

Optonline has different classes of service.  I have the super-duper deeeeluxe service with static ip and no blocked ports (as you'll see if you point a browser to dirac.org).

Thanks for the tip on virtual name host.   I definitely will keep that in mind.  It's a real headache tracking down "named host has no virtual servers" warnings...

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!