Hi, I'm a little stumped as to why port 80 isn't available to the outside world. I've installed ISP Config and it works great. everything works fine locally ie ports 80 81 etc Port 81 is even available to the outside world, but when I try port 80 i'm told theres a connection timout error... my router is setup ok, any ideas?
just in case... heres a screen dump of iptables -L Chain INBOUND (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT udp -- anywhere anywhere udp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp ACCEPT udp -- anywhere anywhere udp dpts:20:fsp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dptop3 ACCEPT udp -- anywhere anywhere udp dptop3 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:25 ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:81 ACCEPT udp -- anywhere anywhere udp dpt:81 LSI all -- anywhere anywhere Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.2 anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- 192.168.0.2 anywhere ACCEPT tcp -- dns.syd.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- dns.syd.optusnet.com.au anywhere ACCEPT tcp -- dns.meb.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- dns.meb.optusnet.com.au anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.0.255 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID LSI all -f anywhere anywhere limit: avg 10/min burst 5 INBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' DROP all -- anywhere anywhere Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTBOUND (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.2 192.168.0.2 tcp dpt:domain ACCEPT udp -- 192.168.0.2 192.168.0.2 udp dpt:domain ACCEPT tcp -- 192.168.0.2 dns.syd.optusnet.com.au tcp dpt:domain ACCEPT udp -- 192.168.0.2 dns.syd.optusnet.com.au udp dpt:domain ACCEPT tcp -- 192.168.0.2 dns.meb.optusnet.com.au tcp dpt:domain ACCEPT udp -- 192.168.0.2 dns.meb.optusnet.com.au udp dpt:domain ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID OUTBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
also netstat -tap also... here is the output of netstat -tap command admin@polo:~$ netstat -tap (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdom:1025 *:* LISTEN - tcp 0 0 localhost.localdom:1026 *:* LISTEN - tcp 0 0 localhost.localdo:mysql *:* LISTEN - tcp 0 0 *:netbios-ssn *:* LISTEN - tcp 0 0 *:5900 *:* LISTEN 1 4636/vino-server tcp 0 0 *:81 *:* LISTEN - tcp 0 0 *:ftp *:* LISTEN - tcp 0 0 192.168.0.2:domain *:* LISTEN - tcp 0 0 localhost.locald:domain *:* LISTEN - tcp 0 0 localhost.localdoma:ipp *:* LISTEN - tcp 0 0 localhost.localdoma:953 *:* LISTEN - tcp 0 0 *:smtp *:* LISTEN - tcp 0 0 *:microsoft-ds *:* LISTEN - tcp 0 0 192.168.0.2:3215 a-61-9-129-144.depl:www ESTABLISHED1 5745/firefox-bin tcp 0 0 localhost.localdoma:ipp localhost.localdom:4336 ESTABLISHED- tcp 0 0 localhost.localdom:1025 localhost.localdom:2866 ESTABLISHED- tcp 0 0 localhost.localdom:4336 localhost.localdoma:ipp ESTABLISHED1 4695/gnome-cups-ic tcp 1 0 192.168.0.2:4452 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin tcp 1 0 192.168.0.2:4443 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin tcp 0 0 localhost.localdom:2866 localhost.localdom:1025 ESTABLISHED- tcp6 0 0 *:www *:* LISTEN - tcp6 0 0 *:ssh *:* LISTEN - tcp6 0 0 ip6-localhost:953 *:* LISTEN - Any ideas please anyone!
Do you have any firewall on your router that blocks port 80? Have you restarted your roter correctly after forwarding port 80. I've just seen your new post. Please dont post the same issue twice within a day
port forwarding on router thanks for the reply... sorry bout posting twice... i was a little desperate... I have port forwarding for port 80 enabled on my router... setup same as port 81 and port 81 works fine... all forwarded to 192.168.0.2 (my server) I have a firewall on linux as well (firestarter) and it has port 80 enabled also. if i do a portscan on ispconfig everything looks fine. It seems as though it must be the router, but i can't seem to work out how... if I watch the log in firestarter and i do a test on port 81 i can see an event entry come through, if i do it for port 80, not entry at all...
And you are really sure your provider dos not block port 80? If you can reach port 80 from another PC in your local network, these issues can be only related to your router or your ISP. I assume you used IP 192.168.0.2 in ISPConfig for the webhost?
Port 80 thanks again... I use dodo as my ISP and i called them and they assured me that they don't block port 80, infact they said they don't block any ports... i will look further at the router... I use a d-link DI-524 router... it's pretty easy to setup... i just don't understand how the following ports 81,22,53,110,25 all work except port 80... i used 192.168.0.2 as the webhost in ispconfig and also in all dns entries created... oi used to use 192.168.0.2 as the webhost and 149.135.12.8 for all dns entries but i kept getting the "shared IP" webpage for both domains... it works fine under 192.168.0.2... any more ideas
I doubt this is your problem... but my router sucks and tends to randomly not forward ports that it should be at times. When that happens, I can fix it by forwarding the port in 2-3 different slots... although I think my router's issues are kind of unique, and I doubt that would work for you Thought i'd share just in case though, because that problem caused me a big headache !!
In the DNS records for your domains you use 192.168.0.2? Then you can't reach the web sites from the outside because 192.168.0.2 is a private IP address. You must use your public IP address!
still troubles... i've changed my dns entries to use ip 149.135.12.8 instead of the 192.168.0.2... i get the "shared IP" page now... I got so desperate with this port 80 issue, I disconected my router and pluged my dsl modem into a 2nd network card on my linux server.... eth0 using 149.135.12.8 and eth1 192.168.0.2... i turned off all firewalls that I know off... and i ran a port scan from http://scan.sygatetech.com/tcpscan.html and all ports show up fine except port 80... so if it's not my isp dodo, then I'm wondering if apache is setup correctly.... but i guess it would be since it all works fine on my local network.... i'm really stumped! Also... I'm happy if someone want's to ssh with putty into my system to have a look at config and stuff... i could really use the help... just let me know.
If you get the "Shared-IP" page now, then port 80 is working, and it's forwarded to your ISPConfig server. Have a look at post #15 and #16 here to find out why you see the "Shared-IP" page: http://www.howtoforge.com/forums/showthread.php?t=2352&page=2
thanks thanks for the shared IP stuff... I know port 80 is working locally... but I still can't seem to get it from external to my network... if you go to www.whitfurrows.com:81 it works fine... but not www.whitfurrows.com I double checked with my IPS today and they absolutly assured me they arn't blocking the port... my dsl modem is set to bridging and my router forwards all ports to 192.168.0.2... i just can't figure it out... it must be something simple i'm overlooking... i have disabled all firewalls on my linux server... but still no luck... i'm stumped!
Code: dig www.whitfurrows.com ; <<>> DiG 9.2.1 <<>> www.whitfurrows.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16122 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.whitfurrows.com. IN A ;; ANSWER SECTION: [B][COLOR="Red"]www.whitfurrows.com. 172800 IN A 149.135.12.8[/COLOR][/B] ;; Query time: 195 msec ;; SERVER: 81.169.163.104#53(81.169.163.104) ;; WHEN: Mon Feb 27 09:20:00 2006 ;; MSG SIZE rcvd: 53 Is 149.135.12.8 your router's public IP address?
Is 149.135.12.8 your router's public IP address? Yes -- correct 149.135.12.8 is my router's public IP address...
Port 80 is still not showing up.... Can someone check my thinking... if i can browse the websites www.whitfurrows.com and www.encorestudios.com from within my local network and when I do a local portscan port 80 shows as open then my local settings should be correct? then... i have enabled port forwarding from my D-Link DI-524 router so that port 80 is forwarded to 192.168.0.2 (server) then all should be ok on the router side... also my router show ip of 149.135.12.8 which is my isp assigned static ip address which it gets from the dsl modem via dhcp... so to test things, I connected my linux server directly into my dsl modem which is a d-Link DSL-302G on a second network card which was assigned the IP of 149.135.12.9 by dchp from the dsl modem... this should be ok? ok... so now port 80 still does not work... so... i checked again with my ISP to see if they are blocking port 80 and they say no. my dsl modem is set to bridging mode... this is ok? when I do an external online port scan all ok exept port 80... and I have no firewall enabled on the linux server... All I can boil it down to is that it must be the dsl modem if port 80 still dosn't work when disconnected from the router.... is this making sense? externally www.whitfurrows.com dosn't work but www.whitfurrows.com:81 does.... another thought... under root/ispconfig....... in the httpd.conf file... it show listening to port 81 under /etc/apache2/conf/port.conf is shows listening to port 80 and port 443 this should all be ok right?? so any ideas what the problem is?? has anyone has any trouble with the DSL-302G??
And you're absolutely sure you forwarded port 80 from your router to your ISPConfig server? Is there maybe a firewall (on the router or on the ISPConfig system) that blocks requests on port 80?
I can even post a screenshot that shows something similar to this from my router... Virtual Server http forward to 192.168.0.2 private port 80 public port 80 always i have disabled the built in firewall on ISPconfig i have no other firewalls on the server... and a local port scan says port 80 is open which i figure is true since i can browse the websites locally... it all seems to set up ok... that's why I don't understand something so simple should be working
I have already resarted my router and my dsl modem... I even restored the factory settings and set it up again... still not luck... I really appreciate all this help by the way I've never come accross a problem so frustrating..
Hi, Could someone please look through my configuration below and see if I might be blocking port 80 for external IPs... since I can browse port 80 locally that should be right, but I just wonder if I'm blocking external IPs.... thanks.... heres a screen dump of iptables -L Chain INBOUND (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT udp -- anywhere anywhere udp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp ACCEPT udp -- anywhere anywhere udp dpts:20:fsp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dptop3 ACCEPT udp -- anywhere anywhere udp dptop3 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:25 ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:81 ACCEPT udp -- anywhere anywhere udp dpt:81 LSI all -- anywhere anywhere Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.2 anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- 192.168.0.2 anywhere ACCEPT tcp -- dns.syd.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- dns.syd.optusnet.com.au anywhere ACCEPT tcp -- dns.meb.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- dns.meb.optusnet.com.au anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.0.255 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID LSI all -f anywhere anywhere limit: avg 10/min burst 5 INBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' DROP all -- anywhere anywhere Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTBOUND (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.2 192.168.0.2 tcp dpt:domain ACCEPT udp -- 192.168.0.2 192.168.0.2 udp dpt:domain ACCEPT tcp -- 192.168.0.2 dns.syd.optusnet.com.au tcp dpt:domain ACCEPT udp -- 192.168.0.2 dns.syd.optusnet.com.au udp dpt:domain ACCEPT tcp -- 192.168.0.2 dns.meb.optusnet.com.au tcp dpt:domain ACCEPT udp -- 192.168.0.2 dns.meb.optusnet.com.au udp dpt:domain ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID OUTBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Output' admin@polo:~$ netstat -tap (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdom:1025 *:* LISTEN - tcp 0 0 localhost.localdom:1026 *:* LISTEN - tcp 0 0 localhost.localdo:mysql *:* LISTEN - tcp 0 0 *:netbios-ssn *:* LISTEN - tcp 0 0 *:5900 *:* LISTEN 1 4636/vino-server tcp 0 0 *:81 *:* LISTEN - tcp 0 0 *:ftp *:* LISTEN - tcp 0 0 192.168.0.2:domain *:* LISTEN - tcp 0 0 localhost.locald:domain *:* LISTEN - tcp 0 0 localhost.localdoma:ipp *:* LISTEN - tcp 0 0 localhost.localdoma:953 *:* LISTEN - tcp 0 0 *:smtp *:* LISTEN - tcp 0 0 *:microsoft-ds *:* LISTEN - tcp 0 0 192.168.0.2:3215 a-61-9-129-144.depl:www ESTABLISHED1 5745/firefox-bin tcp 0 0 localhost.localdoma:ipp localhost.localdom:4336 ESTABLISHED- tcp 0 0 localhost.localdom:1025 localhost.localdom:2866 ESTABLISHED- tcp 0 0 localhost.localdom:4336 localhost.localdoma:ipp ESTABLISHED1 4695/gnome-cups-ic tcp 1 0 192.168.0.2:4452 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin tcp 1 0 192.168.0.2:4443 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin tcp 0 0 localhost.localdom:2866 localhost.localdom:1025 ESTABLISHED- tcp6 0 0 *:www *:* LISTEN - tcp6 0 0 *:ssh *:* LISTEN - tcp6 0 0 ip6-localhost:953 *:* LISTEN -
