httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Lee <joe_sun_...@yahoo.com>
Subject RE: [users@httpd] Networking problem?
Date Thu, 30 Jun 2005 17:57:53 GMT
I downloaded iptables-1.2.8-13.src.rpm from fedora,
then
> rpmbuild --rebuild iptables-1.2.8-13.src.rpm
> vi /etc/sysctl.conf
  net/ipv4/ip_forward =1 (was 0 origianlly)
> sysctl -p
> service iptables start

But when I entered http://(hostname)/example.html from
another computer, it just kept processing. The
access_log did not show any log info. So it was
blocked by the firewall on the Linux server.

The link you mentioned has a section for "Allowing WWW
and SSH access to your firewall", but I am not sure
how to do that. If I just want to let host1 access the
apache web server on host2, what should I do on the
firewall?

Thanks,
Joe

--- Boyle Owen <Owen.Boyle@swx.com> wrote:

> > -----Original Message-----
> > From: Joseph Lee [mailto:joe_sun_lee@yahoo.com]
> > Sent: Mittwoch, 29. Juni 2005 22:26
> > To: users@httpd.apache.org
> > Subject: RE: [users@httpd] Networking problem?
> > 
> > 
> > 
> > Do I need a SSL server certificate for the Linux
> > machine, in order to run Apache web server?
> 
> You don't need a SSL cert unless you want to run an
> SSL virtual Host (ie, HTTPS). Don't even dream about
> doing this until you have fully mastered plain old
> HTTP first...
> 
> > Is there any way to know there is a firewall
> blocking
> > between Linux runing Apache web server, and a
> Windows
> > PC?
> 
> Just to be clear where the FW is; It's running on
> the webserver machine and is sitting in front of
> apache. All requests to apache (or anything else,
> like mail, telnet etc.) have to go through it first.
> It's like the doorman at a nightclub.
> 
> From the outside (ie, the browser PC) there is no
> way to identify a FW. This is a security feature -
> FW's act silently and don't give reasons for their
> refusals. The only way you can guess you have a FW
> is if requests go into a black hole and don't give
> any response. If you only have two machines
> connected via a LAN then it's pretty obvious it must
> be a FW (especially if ping works), but imagine if
> you were attacking a machine over the internet - you
> wouldn't know if the lack of response was due to a
> FW at the target or just a network problem en route.
> 
> To identify the FW, you need to check the linux
> machine - I think it's called ipchains or iptables
> (see
>
http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm)
> but maybe Linux gurus could help you more...
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message
> may be ignored. 
> 
> 
> > Thanks,
> > Joe
> > 
> > --- Joseph Lee <joe_sun_lee@yahoo.com> wrote:
> > 
> > > 
> > > 
> > > --- Boyle Owen <Owen.Boyle@swx.com> wrote:
> > > 
> > > > > -----Original Message-----
> > > > > From: Joseph Lee
> [mailto:joe_sun_lee@yahoo.com]
> > > > > Sent: Mittwoch, 29. Juni 2005 17:12
> > > > > To: users@httpd.apache.org;
> > > info@hostinthebox.net
> > > > > Subject: Re: [users@httpd] Networking
> problem?
> > > > > 
> > > > > 
> > > > > Thank you, all, for trying to help me.
> > > > > 
> > > > > I tried http://(ipaddress)/example.html on
> my
> > > > Windows
> > > > > PC, but still could not get example.html
> from my
> > > > Linux
> > > > > machine running Apache web server.
> > > > > 
> > > > > I also did:
> > > > > 
> > > > > - modified /etc/hosts on the Linux machine
> to
> > > have
> > > > the
> > > > > entry for my Windows PC
> > > > 
> > > > The problem is the other way around - the
> windows
> > > PC
> > > > needs to be able to resolve the machine name
> of
> > > the
> > > > Linux machine (see Hosts file).
> > > 
> > > I modified /WINDOWS/system32/drivers/etc/hosts,
> and
> > > added an entry for my Linux machine.
> > > 
> > > > 
> > > > > 
> > > > > - ping from Linux to Windows using hostname
> > > > without a
> > > > > problem
> > > > 
> > > > Ping from Windows to Linux? If this don't
> work,
> > > > http://(ipaddress)/example.html never will
> from
> > > PC.
> > > 
> > > I can ping from Windows to Linux by using
> hostname
> > > and
> > > IP address. Both of them worked.
> > > 
> > > > 
> > > > > 
> > > > > - checked /etc/resolv.conf on Linux, it has
> a
> > > > valid
> > > > > DNS nameserver
> > > > > 
> > > > > - deleted "service http" entry in
> > > /etc/xinetd.conf
> > > > in
> > > > > Linux
> > > > > 
> > > > > but still not working.
> > > > > 
> > > > > On the Linux machine, I could do
> > > > > file://hostname/example.html
> > > > > 
> > > > > but I could not do
> > > > > http://hostname/example.html
> > > > > it says "Not Found.  The requested URL
> > > > /example.html
> > > > > was not found on this server. Apache/2.0.54
> > > (Unix)
> > > > > Server at (hostname) Port 80"
> > > > 
> > > > Excellent! The webserver is working and you
> can
> > > > access it!
> > > > 
> > > > It's just that it can't find the file. Try
> plain
> > > > old:  http://hostname/ (which will deliver
> your
> > > > DirectoryIndex file (you do have one, don't
> you?)
> > > Do
> > > > you understand the relationship between URL
> and
> > > > DocumentRoot? If you do, then request a file
> that
> > > > you are sure exists in the docroot.
> > > 
> > > Ahh! I copied ~/example.html to
> > > /usr/local/apache2/htdocs, and now I can run
> > > http://(hostname)/example.html on Linux! That's
> > > great.
> > > One problem solved.
> > > 
> > > However, when I tried to do the same thing from
> > > Windows , it just kept processing....
> > > 
> > > I also tried from my Windows to do
> > > telnet (linux hostanme)
> > > and
> > > telnet (linux hostanme) 80
> > > But it just kept processing....
> > > 
> > > I think it may be the firewall that blocked port
> 80
> > > between PC and Linux, but let ping go thru.
> > > 
> > > Thanks,
> > > Joe
> > > 
> > > > 
> > > > Rgds,
> > > > Owen Boyle
> > > > Disclaimer: Any disclaimer attached to this
> > > message
> > > > may be ignored. 
> > > > 
> > > > 
> > > > > 
> > > > > Thank you again.
> > > > > Joe
> > > > > 
> > > > > --- Dan Trainor <info@hostinthebox.net>
> wrote:
> > > > > 
> > > > > > Joseph Lee wrote:
> > > > > > > Hi,
> > > > > > > 
> > > > > > > I am trying to run Apache web server on
> my
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message