Hi, all, I have posted it once, but I guess I did not recive any reply yet, so I posted once again. My problem is people cannot reach my server. I have opened the ssh port and ftp ports. They are Ok in term of connectivity. However when it comes to apache i do not know if it is a firewall issue or apache issue. At least in apache log I did not see any error message. Event the https can get through. attached is a partial output of the iptables. Any suggestion are welcomed! regards, Anthony __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -------------- next part -------------- Chain net2fw (1 references) pkts bytes target prot opt in out source destination 1814K 1938M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 868 71930 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT esp -- * * 203.98.141.83 0.0.0.0/0 0 0 ACCEPT ah -- * * 203.98.141.83 0.0.0.0/0 18 2952 ACCEPT udp -- * * 203.98.141.83 0.0.0.0/0 udp spt:500 dpt:500 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20 12 636 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21 30 1736 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 56 2672 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 32 1612 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 10442 693K net2all all -- * * 0.0.0.0/0 0.0.0.0/0
On Mon, 2003-06-23 at 18:15, Anthony Kong wrote:> Hi, all, > > I have posted it once, but I guess I did not recive > any reply yet, so I posted once again. > > My problem is people cannot reach my server. I have > opened the ssh port and ftp ports. They are Ok in term > of connectivity. However when it comes to apache i do > not know if it is a firewall issue or apache issue. At > least in apache log I did not see any error message. > Event the https can get through. > > attached is a partial output of the iptables. Any > suggestion are welcomed!It is quite simple. Your rules seem OK. You say people can use https and you''ve set that up the same way as http. Right? So, did you look in your log files to see if you have any DROPS to the destination port 80? If you don''t want to make the effort of greping your log file you could always "tail -f /var/log/messages" and then "http://www.yourhost.com" from out on the internet. If you don''t see anything in the tail and you don''t see anything in your Apache logs then your ISP is blocking port 80. This is not an uncommon practice. Many ISPs will charge you more money to allow you to host a web server. Ed -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030623/4668dd16/attachment.bin
On Mon, 23 Jun 2003 03:15:16 -0700 (PDT), Anthony Kong <ahwkong2000@yahoo.com> wrote:> Hi, all, > > I have posted it once, but I guess I did not recive > any reply yet, so I posted once again. > > My problem is people cannot reach my server. I have > opened the ssh port and ftp ports. They are Ok in term > of connectivity. However when it comes to apache i do > not know if it is a firewall issue or apache issue. At > least in apache log I did not see any error message. > Event the https can get through. > > attached is a partial output of the iptables. Any > suggestion are welcomed! > > regards, > > > > Anthony > > > > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com-- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 23 Jun 2003 03:15:16 -0700 (PDT), Anthony Kong <ahwkong2000@yahoo.com> wrote:> Hi, all, > > I have posted it once, but I guess I did not recive > any reply yet, so I posted once again. > > My problem is people cannot reach my server. I have > opened the ssh port and ftp ports. They are Ok in term > of connectivity. However when it comes to apache i do > not know if it is a firewall issue or apache issue. At > least in apache log I did not see any error message. > Event the https can get through. > > attached is a partial output of the iptables. Any > suggestion are welcomed! >See FAQ #1a and #1b for information about troubleshooting port forwarding problems. Since your other ports work, it may be the case that your ISP is blocking incoming TCP port 80. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Hi, Tom, Thanks for the reply. Actually Ed has replied to me with the same suggestion earlier, and I have verified that it is the ISP who block the access. But I have forgotten to include the list when I replied to Ed. Sorry for that. Never occur to me that an ISP may block the http port. I thought smtp is the candidate due to spam... Thanks for all assistance form the list. Regards, Anthony --- Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 23 Jun 2003 03:15:16 -0700 (PDT), Anthony > Kong > <ahwkong2000@yahoo.com> wrote: > > > Hi, all, > > > > I have posted it once, but I guess I did not > recive > > any reply yet, so I posted once again. > > > > My problem is people cannot reach my server. I > have > > opened the ssh port and ftp ports. They are Ok in > term > > of connectivity. However when it comes to apache i > do > > not know if it is a firewall issue or apache > issue. At > > least in apache log I did not see any error > message. > > Event the https can get through. > > > > attached is a partial output of the iptables. Any > > suggestion are welcomed! > > > > regards, > > > > > > > > Anthony > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > SBC Yahoo! DSL - Now only $29.95 per month! > > http://sbc.yahoo.com > > > > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net__________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
On Mon, 2003-06-23 at 21:02, Anthony Kong wrote:> You are right! My ISP is actually blocking access to > port 80! I change the port to 8008 and then I can see > my web server! Oh, gee, they did not tell me that when > I opened an account with them... sob.Here is one case where subscribing to a service like "easydns" comes in handy. With easydns you can define a host pointing to a url. That allows you, for example, to define a host of www.mydomain.com and point it to http://www.mydomain.com:8080/ Ed> > Thanks a lot ! Fortunately it proves that shorewall is > solid and my understanding is proper :-) > > Regards, > > Anthony > > > > > --- Ed Greshko <Ed.Greshko@greshko.com> wrote: > > On Mon, 2003-06-23 at 18:15, Anthony Kong wrote: > > > Hi, all, > > > > > > I have posted it once, but I guess I did not > > recive > > > any reply yet, so I posted once again. > > > > > > My problem is people cannot reach my server. I > > have > > > opened the ssh port and ftp ports. They are Ok in > > term > > > of connectivity. However when it comes to apache i > > do > > > not know if it is a firewall issue or apache > > issue. At > > > least in apache log I did not see any error > > message. > > > Event the https can get through. > > > > > > attached is a partial output of the iptables. Any > > > suggestion are welcomed! > > > > It is quite simple. Your rules seem OK. You say > > people can use https > > and you''ve set that up the same way as http. Right? > > > > So, did you look in your log files to see if you > > have any DROPS to the > > destination port 80? > > > > If you don''t want to make the effort of greping your > > log file you could > > always "tail -f /var/log/messages" and then > > "http://www.yourhost.com" from > > out on the internet. If you don''t see anything in > > the tail and you don''t > > see anything in your Apache logs then your ISP is > > blocking port 80. > > > > This is not an uncommon practice. Many ISPs will > > charge you more money > > to allow you to host a web server. > > > > Ed > > > > > ATTACHMENT part 2 application/pgp-signature > name=signature.asc > > > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com-- http://www.shorewall.net Shorewall, for all your firewall needs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030623/7ad09ee2/attachment.bin