Port 80 error

I'm not quite sure, but I think that this could be the problem:

Code:

DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.0.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID

Can you stop the firewall and test again?

 

here is the output of iptables -L without firewall:

root@polo:/home/admin# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Here os the output with the firwall enabled:

root@polo:/home/admin# iptables -L
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 149-135-12-8.dsl.dodo.com.au anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT udp -- anywhere anywhere udp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:shell
ACCEPT udp -- anywhere anywhere udp dpt:syslog
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:fsp
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT udp -- anywhere anywhere udp dptop3
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:82
ACCEPT udp -- anywhere anywhere udp dpt:82
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
LSI all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- lon-resolver.telstra.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- lon-resolver.telstra.net anywhere
ACCEPT tcp -- uneeda.telstra.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- uneeda.telstra.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.0.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.0.2 lon-resolver.telstra.net tcp dpt:domain
ACCEPT udp -- 192.168.0.2 lon-resolver.telstra.net udp dpt:domain
ACCEPT tcp -- 192.168.0.2 uneeda.telstra.net tcp dpt:domain
ACCEPT udp -- 192.168.0.2 uneeda.telstra.net udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'

 

just another thought...

I changed apache to work of port 82 and opened the firewall and enabled port forwarding for port 82 and it worked fine...

This makes me think that even though the ISP claims they are not blocking ports, that somehow they are blocking port 80 for me...

...is there anyway to prove the ISP is blocking port 80... they were pretty sure they wern't... but I will be more persistant if I really feel they are... my uni lecturer said he had a similar problem with an ISP who said they wern't blocking ports but it turned out they had one blocked... it took him 2 hours + to convince them they were blocking the port ...

 

Did you try to connect to port 80 with the firewall being disabled?

 

.... Yes.. I did try and connect with the same result... "cannot connect to port 80"

... this makes me think its the ISP or something... but I need to be sure before I call them up again and make them go look for a problem...

 

I've changed back to port 80 and here is the output of netstat - tap ... it looks to me like apache is listening on port 80 and I still can't access port 80 externally... i guess it must be my provider... i will call them tomorrow and see what happens... I post the results here also...

admin@polo:~$ netstat -tap
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdom:1026 *:* LISTEN -
tcp 0 0 localhost.localdom:1027 *:* LISTEN -
tcp 0 0 localhost.localdo:mysql *:* LISTEN -
tcp 0 0 *:netbios-ssn *:* LISTEN -
tcp 0 0 *:5900 *:* LISTEN 1 2656/vino-server
tcp 0 0 *:81 *:* LISTEN -
tcp 0 0 192.168.0.2:domain *:* LISTEN -
tcp 0 0 localhost.locald:domain *:* LISTEN -
tcp 0 0 *:ftp *:* LISTEN -
tcp 0 0 localhost.localdoma:ipp *:* LISTEN -
tcp 0 0 localhost.localdoma:953 *:* LISTEN -
tcp 0 0 *:smtp *:* LISTEN -
tcp 0 0 *:microsoft-ds *:* LISTEN -
tcp 0 0 192.168.0.2:3577 216.239.57.104:www ESTABLISHED1 1213/firefox-bin
tcp 0 0 192.168.0.2:3576 216.239.57.104:www ESTABLISHED1 1213/firefox-bin
tcp 0 0 localhost.localdoma:ipp localhost.localdom:2270 ESTABLISHED-
tcp 0 0 localhost.localdom:3307 localhost.localdom:1026 ESTABLISHED-
tcp 0 0 localhost.localdom:2270 localhost.localdoma:ipp ESTABLISHED1 2707/gnome-cups-ic
tcp 0 0 localhost.localdom:1026 localhost.localdom:3307 ESTABLISHED-
tcp6 0 0 *:www *:* LISTEN -
tcp6 0 0 *:ssh *:* LISTEN -
tcp6 0 0 ip6-localhost:953 *:* LISTEN -
tcp6 0 0 ::ffff:192.168.0.2%:www 149-135-12-8.dsl.d:4377 TIME_WAIT -

 

can someone please review the above netstat output and let me know if apache is on port 80 and listening... also does the tcp6 mean anything ... since port 81 say tcp?

thanks

 

Well... thanks to everyone for you help... I have really appreciated it...

my problem is now solved... go to www.whitfurrows.com to see...

It turns out all my server configuration was correct, I went out and replaced both my dsl modem and my router with an all-in-one a DSL-604T which does everything... I pluged it in... changed a few settings... and it all worked!

so I really am not sure what the problem was, but it's now fixed. I'm guessing there must have been some custom configuration from my previous ISP who supplied my dsl modem, they wouldn't allow port 80 that's why I changed ISP, but they had custom config pages on the dsl modem... who knows..

but thanks everyone!