I'm not quite sure, but I think that this could be the problem: Code: DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.0.255 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID Can you stop the firewall and test again?
here is the output of iptables -L without firewall: root@polo:/home/admin# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Here os the output with the firwall enabled: root@polo:/home/admin# iptables -L Chain INBOUND (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 149-135-12-8.dsl.dodo.com.au anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:81 ACCEPT udp -- anywhere anywhere udp dpt:81 ACCEPT tcp -- anywhere anywhere tcp dpt:shell ACCEPT udp -- anywhere anywhere udp dpt:syslog ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT udp -- anywhere anywhere udp dpt:fsp ACCEPT tcp -- anywhere anywhere tcp dptop3 ACCEPT udp -- anywhere anywhere udp dptop3 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:25 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT udp -- anywhere anywhere udp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:82 ACCEPT udp -- anywhere anywhere udp dpt:82 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain LSI all -- anywhere anywhere Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- lon-resolver.telstra.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- lon-resolver.telstra.net anywhere ACCEPT tcp -- uneeda.telstra.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- uneeda.telstra.net anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.0.255 DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID LSI all -f anywhere anywhere limit: avg 10/min burst 5 INBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' DROP all -- anywhere anywhere Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTBOUND (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.2 lon-resolver.telstra.net tcp dpt:domain ACCEPT udp -- 192.168.0.2 lon-resolver.telstra.net udp dpt:domain ACCEPT tcp -- 192.168.0.2 uneeda.telstra.net tcp dpt:domain ACCEPT udp -- 192.168.0.2 uneeda.telstra.net udp dpt:domain ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID OUTBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
just another thought... I changed apache to work of port 82 and opened the firewall and enabled port forwarding for port 82 and it worked fine... This makes me think that even though the ISP claims they are not blocking ports, that somehow they are blocking port 80 for me... ...is there anyway to prove the ISP is blocking port 80... they were pretty sure they wern't... but I will be more persistant if I really feel they are... my uni lecturer said he had a similar problem with an ISP who said they wern't blocking ports but it turned out they had one blocked... it took him 2 hours + to convince them they were blocking the port ...
.... Yes.. I did try and connect with the same result... "cannot connect to port 80" ... this makes me think its the ISP or something... but I need to be sure before I call them up again and make them go look for a problem...
I dont think that you can do more tests. If you change back to port 80, verify with "netstat -tap" that your apache server is listening on port 80 again and you where not able to connect to it from outside your local network, it is very likely that the port is closed by your provider.
I've changed back to port 80 and here is the output of netstat - tap ... it looks to me like apache is listening on port 80 and I still can't access port 80 externally... i guess it must be my provider... i will call them tomorrow and see what happens... I post the results here also... admin@polo:~$ netstat -tap (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdom:1026 *:* LISTEN - tcp 0 0 localhost.localdom:1027 *:* LISTEN - tcp 0 0 localhost.localdo:mysql *:* LISTEN - tcp 0 0 *:netbios-ssn *:* LISTEN - tcp 0 0 *:5900 *:* LISTEN 1 2656/vino-server tcp 0 0 *:81 *:* LISTEN - tcp 0 0 192.168.0.2:domain *:* LISTEN - tcp 0 0 localhost.locald:domain *:* LISTEN - tcp 0 0 *:ftp *:* LISTEN - tcp 0 0 localhost.localdoma:ipp *:* LISTEN - tcp 0 0 localhost.localdoma:953 *:* LISTEN - tcp 0 0 *:smtp *:* LISTEN - tcp 0 0 *:microsoft-ds *:* LISTEN - tcp 0 0 192.168.0.2:3577 216.239.57.104:www ESTABLISHED1 1213/firefox-bin tcp 0 0 192.168.0.2:3576 216.239.57.104:www ESTABLISHED1 1213/firefox-bin tcp 0 0 localhost.localdoma:ipp localhost.localdom:2270 ESTABLISHED- tcp 0 0 localhost.localdom:3307 localhost.localdom:1026 ESTABLISHED- tcp 0 0 localhost.localdom:2270 localhost.localdoma:ipp ESTABLISHED1 2707/gnome-cups-ic tcp 0 0 localhost.localdom:1026 localhost.localdom:3307 ESTABLISHED- tcp6 0 0 *:www *:* LISTEN - tcp6 0 0 *:ssh *:* LISTEN - tcp6 0 0 ip6-localhost:953 *:* LISTEN - tcp6 0 0 ::ffff:192.168.0.2%:www 149-135-12-8.dsl.d:4377 TIME_WAIT -
can someone please review the above netstat output and let me know if apache is on port 80 and listening... also does the tcp6 mean anything ... since port 81 say tcp? thanks
It looks like your apache webserver is only listening on an IPv6 socket (tcp6 0 0 *:www *:* LISTEN -). Normally there should be a line like: tcp 0 0 *:www *:* LISTEN -
Well... thanks to everyone for you help... I have really appreciated it... my problem is now solved... go to www.whitfurrows.com to see... It turns out all my server configuration was correct, I went out and replaced both my dsl modem and my router with an all-in-one a DSL-604T which does everything... I pluged it in... changed a few settings... and it all worked! so I really am not sure what the problem was, but it's now fixed. I'm guessing there must have been some custom configuration from my previous ISP who supplied my dsl modem, they wouldn't allow port 80 that's why I changed ISP, but they had custom config pages on the dsl modem... who knows.. but thanks everyone!
