httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Michelizzi <mich0...@d.umn.edu>
Subject Re: cannot access pages except from my box
Date Fri, 21 Dec 2001 14:42:51 GMT
Owen Boyle wrote:
> 
> Jason Michelizzi wrote:
> 
> > One more curious thing:  I tried telling the ssh daemon to listen to
> > port 80 on my Linux box.  When I tried logging into my machine from a
> > different machine, it hung up forever (or at least for several minutes
> > until I hit Ctrl-c).  When I did the same thing to port 79 (as well as
> > the usual 22) everything worked fine.  Interesting.
> 
> Hanging forever is usually a FW configuration effect - the FW is set to
> "drop" the packets. This is the best defence against hackers who try
> scanning ports etc. because they don't know how long to wait between
> tries. If it were set to "reject" the packets you would get an immediate
> "connection refused" and the hacker-prog could try a new port.
> 
> So, double-check your FW config. Try changing any "drop" rules to
> "reject" and see if the behaviour changes, or add "log" to any drop
> rules and then look in the FW log to see if the attempts are logged.
> 
> If not that, snoop on the webserver to see if the requests are arriving:
> 
> # snoop port 80
> 
> should see something...
> 

Does Linux have a snoop utility?  I couldn't find one.  Solaris does
right?

I don't think the problem is the firewall.  There are no "DENY" rules,
only "ACCEPT" and "REJECT" rules (see below).  Again, when I had the ssh
daemon listen to port 80, it didn't work, but when I had it listen to
other well-known ports, I could ssh to my box just fine.  I've tried
having Apache listen to port 79 on my box.  When I did this, I could
retrieve files just fine by telneting to port 79 and typing "GET
http://131.212.89.168 HTTP/1.0"  I did this both from my machine and
from other machines... and it worked!  But not if Apache is on port 80. 
I'm beginning to think my network administrator doesn't want me running
a web server....

Here is the input chain of my firewall, if it is helpful:

[root@umd89-168 /root]# ipchains -L input
Chain input (policy ACCEPT):
target     prot opt     source                destination          
ports
ACCEPT     udp  ------  ns.nts.umn.edu       anywhere             
domain ->   any
ACCEPT     udp  ------  netadm.d.umn.edu     anywhere             
domain ->   any
ACCEPT     udp  ------  anywhere             anywhere             
bootps:bootpc ->   bootps:bootpc
ACCEPT     udp  ------  anywhere             anywhere             
bootps:bootpc ->   bootps:bootpc
ACCEPT     all  ------  anywhere             anywhere              n/a
ACCEPT     tcp  ------  anywhere             anywhere              any
->   http
ACCEPT     tcp  ------  anywhere             umd89-168.d.umn.edu   any
->   ssh
REJECT     tcp  -y----  anywhere             anywhere              any
->   nfs
REJECT     udp  ------  anywhere             anywhere              any
->   0:1023
REJECT     udp  ------  anywhere             anywhere              any
->   nfs
REJECT     tcp  -y----  anywhere             anywhere              any
->   x11:6009
REJECT     tcp  -y----  anywhere             anywhere              any
->   xfs

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message