httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Erkens" <...@xs4all.nl>
Subject Re: [users@httpd] Totally new
Date Wed, 01 Jan 2003 22:00:23 GMT
Hi William,

First of all: welcome to this group. I hope you will enjoy apache as much as
we all do here.

I understand your frustration. I've had that same beginner experience
myself. Linux people are very technically developed in mind and because it
is impossible for you to interrupt someone while he is explaining something
to you, the answers still sound rather technical. During the answer there
are mostly 3 or 4 terms which are new to you, but daily business for the one
who is teaching you. But we'll all try our best to get you going. Below is a
simple explanation for your question to the best of my knowledge. I've
written several manuals that float elsewhere on the internet for beginners
like you and me and as soon as I get the hang of the most common features of
apache, I'll make a simple document that explains windows users how things
have been put together.

To answer your question, a bit of background is required. Not as much as
I'll give you here, but it will put the rest in context for a better
understanding.

If I'm not mistaken, your win2k machine is attached to a cable modem which,
in turn, is connected to a router that, in turn has been connected to the
internet. You can surf out to the net, but what you want is to accept
incoming requests to your http server.

Normally, the task of your cable modem is to listen to your machine's
network card, and transmit everything from your machine out to the internet.
Data that comes from the internet however, will not always end up in your
machine. More on this below.

Like both you and me must write in English to understand eachother, your
win2k machine's network card uses a "language" to talk to your cable modem.
What we call a language, is called a protocol for our computers. Just as
there are many natural languages, there are many protocols out there. What
we call English, is called tcp/ip for our computers.

A natural language consists of single words. The tcp/ip counterpart of a
written word is called a tcp packet. So just as words make up a language,
tcp packets make up the data traffic that goes from your computer to your
modem and the internet, and vice versa. Virtually all internet traffic is
done using the tcp/ip language (protocol). Wether you ask a website to send
a page of information to you or you send and receive email, all that data is
devided into short tcp/ip packets. The idea behind it resembles a normal
letter that you can post to someone else. Each tcp/ip packet (a bit of your
email or part of your request to a server to open an internet page) has e
digital envelope around it. The envelope contains several important things
of which I'll mention a few:

1: the digital address of the sender (your machine). This is necessary for
the computer that receives your packets, in order to be able to return you
the answering packets. If you send it your request to open an internet page,
then the recipient returns a stream of packets to you containing the
information you requested.

2: The digital destination address (the machine that you want to receive
your packets).

3: The source port (data port on your machine from which you sent out your
packet).

4: The destination port (the data port on the receiving computer for which
you have intended your packet.

IP addresses

Just like your house is made unique in the phone book using your street
name, house number and zip or postal code, a computer's address is something
equal. Its format is "aaa.bbb.ccc.ddd". On the internet, no two machines
have the same digital address.

As you can see, there are four fields in the address, separated by dots (.).
Each field must contain a normal, whole decimal number, ranging from 0 to
255 inclusive. Numbers outside this range are invalid.

For example: the address 123.456.789.000 is absolutely invalid, because only
the first field contains a value within range. 456 Is greater than 255,
which is the highest number that such a field may contain. The real computer
term for a digital computer address for to be used on the internet, is "IP
address". IP stands for Internet Protocol.

Then what are data ports used for? You may have heard people talk about
using port 80 for http, and port 21 for ftp. It's not very difficult to
understand what this is all about.

Imagine that there is a great neat computer on the internet that you can
connect to. It has a website that you can view and it has an ftp site from
which you can download files. Now let's say that you ask your browser to
open the internet site on that neat computer. Your net work card sends out a
tcp packet with the source ip address being that of your machine, and with
the destination ip address set to that of the neat computer. When that
packet arrives at neat computer, neat has to open your data packet, read its
entire contents and then determine if you requested to view the ftp site or
the website. If you were the only one to access neat computer, there would
be time enough for this procedure. If neat computer only has an ftp site and
a website, the decision-making process would be short.

But internet servers are heavily used and must spend the minimum time
possible for each process, because you can run many many different network
services on a single computer.

So, to speed up things, data ports were invented. Your computer has 65536
data ports that allow data, both in and out. Think of it as over 65 thousand
doors next to each oter in your computer's network card bus. Now the tcp
protocol states, that every service on the internet, be it normal web
surfing (called http) or file transfers over ftp, will have their own
distinct data port associated. This means that the tcp packets you send not
only have two ip addresses (the sender's and that of your recipient), but
also two data port numbers: your source port from which you happened to send
your packet, and a destination port on which your packet is to be received.
If you ask your browser to open the internet page on neat computer, then all
you have to do is send your packet into port 80 of the receiving computer.
Neat will know that all packets sent to its own port 80, are requests for
its website. This eliminates the need for neat computer to look into your
packets contents to find out for what service you intended it, as each
service listens on its own port.

So the destination port to which packets are sent do matter, but the port
that you send your packet from is relatively unimportant at the time you
send your packet.

When neat computer starts answering your requests, it will create packets
that have neat computer's ip address as the source ip, your computer's ip
address as the destination ip, they will have port 80 set as the source port
so that your computer knows that this packet should go to your browser and
they will have your original source port set as the destination port. In
other words, the source and destination ip addresses are exchanged, and the
source and destination port numbers are too. What was source becomes
destination, and vice versa. Giving each service a unique port number to use
in their communication, makes it easy for computers to split incoming data
streams to go into different programs.

Just remember that each and every service on the internet has its own data
port assigned. If you intend to use such a service, it is always handy to
know on which port that service wants to receive its requests. In most cases
you won't need to know it however, because a browser is programmed to send
out requests to another machine's port 80 automatically. Your ftp program
defaults to port 21 for you to request a file over ftp.

Apache is the software that listens for requests from other browsing users
on the internet and, in response, it will send the pages from your computer
that the users of your website request. Your apache machine will, by
default, listen for incoming tcp connections on port 80. Again, the sender's
data port is not very important, but in this case you (runing apache) are
the internet server (the recipient of other user's packets). Therefore,
because others expect you to server your website over port 80, you must make
sure your webserver software uses that very port.

But your computer is not directly attached to the internet. Instead, a cable
modem and another router are in between. Most likely, either your router or
your cable modem is equipped with some sort of firewall. In current models,
this mechanism means that they allow all your traffic to pass out to the
internet, but traffic that attempts to come in from the net to your
computer, is only allowed inward if the data is an answer to your own
request for information.

For instance, if you send out a packet to neat computer's website, in which
you ask it to send you a page of information, then the firewall will
remember the outgoing request. Only if the information attempting to come in
is addressed to your computer in particular and if it is from neat computer
indeed, only then the information may pass into your machine.

This leads to the following conclusion. If you don't specially instruct your
firewall to do so, then it will not let other people get inside your
computer. Even if they nicely address their packets to port 80, which is
where apache is listening for connections, your firewall will reject them.
The reason is that these packets are not an answer to activity in your
browser. Instead, they are unsolicited packets (things your computer didn't
ask for). In your case however, your firewall must be told to let these in
as well.

What you need to do is:
figure out where (if any) your firewall is located. If it is a piece of
software in your computer, it is easy to alter its configuration. If your
router or your cable modem acts as firewall, read their manuals to see how
you can enter their system configurations. In most cases, you can reach them
using your browser because they have a so-called web interface built-in,
over which you can configure them.

What you need to do is: instruct the firewall, where-ever you found it, to
allow unsolicited connections to come in, only if they were addressed to
port 80. Usually, your modem or router will allow you to configure a second
item as well: the destination port. This may seem confusing but it really is
not.

If your router acts as your firewall, then
in one plug you connect the internet, and to another plug you connect your
machine. If you have more than one machine that are all connected to that
router, then your machines together form your internal network. Now if a
packet comes into your router from the internet, the outside world, the
router receives that packet on its own port 80. The router has an equal
number of ports as your computer. That's why they communicate so nicely
together. They both have an ip address and both have numerous data ports.
The packet received on router port 80, should be sent to your computer in
turn. The "destination port" item that most firewalls let you configure,
lets you choose into which port on your computer the router should send the
packet it received. Normally, packets received by the router on port 80
should be forwarded by your router to your computer, to your machine's port
80. So for the firewall configuration, incoming and outgoing port numbers
are the same. Both 80.

However: if you configure apache on your machine to listen for conections on
port 3072, then all packets that your router receives on its port 80, should
be forwarded from there into your machine to your port 3072. If in the
firewall configuration the source and destination port numbers are
different, you are creating what is called a port mapping. You mapped port
80 requests to go to port 3072 on your machine. This means that your users
can just connect to your router's port 80, while your router forwards these
requests into your machine's port 3072, or whatever you set it to. In this
case, Apache must be listening there of course.

To go short: look at which device carries your firewall and find out how to
make it send all packets received on its port 80, right to your wink2
machine's port 80. If apache is running on your win2k machine and you
instructed its setup wizard to load apache for all users as a service
running on port 80, everything will work fine.

Paul.
 -----
From: "William Martin" <martin82@adelphia.net>
To: <users@httpd.apache.org>
Sent: Tuesday, December 31, 2002 7:56 PM
Subject: [users@httpd] Totally new


> Hi folks,
>
> I am new to the world of http server. I have played with it some in the
past
> but have always ended up being frustrated. I have a question that I really
> need some help on. My home computer with Windows 2000 Pro is connected to
a
> cable modem as well as two other computers.  The cable is route to a
Terayon
> modem and then from there,  it's routed to the Ethernet Cable/DSL router
on
> to these three computers. Is there any way that I can set it up to allow
> users from Internet to view the website on my home computer?  Any help
would
> be greatly appreciated. Thanks!
>
> William
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message