httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel E" <emmanue...@gmx.net>
Subject Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, but LAN works fine
Date Sun, 02 Apr 2006 19:19:41 GMT
hmm... i really dont understand why it should be failing... i wonder if ur 
missing some directives in the conf file.
Try removing all virtual hosts and only a normal default apache.

----- Original Message ----- 
From: "Vincent Lextrait" <lextrait@tele2.fr>
To: <users@httpd.apache.org>
Sent: Monday, April 03, 2006 12:06 AM
Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, 
but LAN works fine


> Error shows nothing, and access shows only the LAN connections. Nothing 
> about the WAN. The TCP connection is not even established, the SYN message 
> to establish it arrives on the machine, and never gets ack'ed at TCP 
> level.
> ----- Original Message ----- 
> From: "Emmanuel E" <emmanuel.e@gmx.net>
> To: <users@httpd.apache.org>
> Sent: Sunday, April 02, 2006 8:00 PM
> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, 
> but LAN works fine
>
>
>> what do the default access and error logs say?
>>
>> ----- Original Message ----- 
>> From: "Vincent Lextrait" <lextrait@tele2.fr>
>> To: <users@httpd.apache.org>
>> Sent: Sunday, April 02, 2006 11:09 PM
>> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from WAN, 
>> but LAN works fine
>>
>>
>>> Yes, I do.
>>> Actually I noticed that my dummy web server works, but the reverse DNS 
>>> query happens in that case too. But the external connection gets the 
>>> proper TCP ack (right before the reverse DNS query). It never gets it 
>>> from Apache. The SYN remains unanswered.
>>> ----- Original Message ----- 
>>> From: "Emmanuel E" <emmanuel.e@gmx.net>
>>> To: <users@httpd.apache.org>
>>> Sent: Sunday, April 02, 2006 6:52 PM
>>> Subject: Re: [users@httpd] Reverse DNS lookup issue - No access from 
>>> WAN, but LAN works fine
>>>
>>>
>>>> Do you have a "Listen 80" directive somewhere in the conf file?
>>>> ----- Original Message ----- 
>>>> From: "Vincent Lextrait" <lextrait@tele2.fr>
>>>> To: <users@httpd.apache.org>
>>>> Sent: Sunday, April 02, 2006 7:13 PM
>>>> Subject: [users@httpd] Reverse DNS lookup issue - No access from WAN, 
>>>> but LAN works fine
>>>>
>>>>
>>>>> Hi all,
>>>>> I am running Apache 2.0.55 for win32, without add-ons, on Windows XP

>>>>> Professional SP2, with firewall and anti spyware all deactivated. The

>>>>> conf file is very plain.
>>>>> The problem is that Apache, listening on port 80, does not accept 
>>>>> connections from the WAN, only from the LAN. I have replaced Apache 
>>>>> with a dumb little web server, also listening on port 80. It answers

>>>>> beautifully. This rules out (I think) any obvious router or ISP 
>>>>> problem. Anyway, a sniffer (see further) shows traffic coming to the

>>>>> server.
>>>>> Apache does not show any booting error, and does not log any error. It

>>>>> does not log any traffic either, when it comes from the WAN.
>>>>> I have tried to deactivate mod_access in the conf file, and also tried

>>>>> to insert:
>>>>>
>>>>> EnableSendfile Off
>>>>> EnableMMAP Off
>>>>> Win32DisableAcceptEx
>>>>>
>>>>> to avoid any weird problem. The behavior is exactly the same.
>>>>> In order to see if connections attempts were reaching my server (Joe),

>>>>> I've used WinDump (trace below). The trace shows that the server 
>>>>> receives a SYN request from the external machine I am using to test 
>>>>> the setup (I tried also several other ones, same thing).
>>>>> The second trace is a reverse DNS lookup, which is coming from Apache

>>>>> (although mod_access is deactivated). Apache tries to gather 
>>>>> information on the external machine I assume. I do not understand why

>>>>> it does that.
>>>>> The third trace is the answer from the DNS (I am not aware of any DNS

>>>>> issue I would have, everything seems to work just fine). I do not know

>>>>> how to interpret the answer trace.
>>>>> After, no traffic is coming from Apache, and the external machine is

>>>>> retrying a few times, without any success and any further reverse DNS

>>>>> lookup from my machine. The connection is not finalized, Apache keeps

>>>>> ignoring the SYN requests.
>>>>> I've tried Ethereal to gather further information, but, for some 
>>>>> mysterious reason, it does not display the reverse DNS lookups, only

>>>>> the SYNs.
>>>>> There is most likely something huge I am missing, or I made some wrong

>>>>> interpretation. The fact is that I am stuck at this stage.
>>>>> I include an extract of my conf file at the end of this post.
>>>>> Any help is highly welcome!
>>>>> Thanks in advance,
>>>>> Vincent
>>>>>
>>>>> 10:09:22.968821 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:

>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 
>>>>> 56209604 0,nop,wscale 2>
>>>>> 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
>>>>> 0x0010:  003c a0ee 4000 2906 6f92 4815 375a c0a8  .<..@.).o.H.7Z..
>>>>> 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
>>>>> 0x0030:  16d0 a4a7 0000 0204 0578 0402 080a 0359  .........x.....Y
>>>>> 0x0040:  b0c4 0000 0000 0103 0302                 ..........
>>>>> 10:09:23.444588 IP Joe.3044 > dns1.swip.net.53:  14727+ PTR? 
>>>>> 90.55.21.72.in-addr.arpa. (42)
>>>>> 0x0000:  00a0 c522 2821 0080 ad05 3e1a 0800 4500  ..."(!....>...E.
>>>>> 0x0010:  0046 5c4f 0000 8011 19f6 c0a8 0124 82f4  .F\O.........$..
>>>>> 0x0020:  7fa1 0be4 0035 0032 0f64 3987 0100 0001  .....5.2.d9.....
>>>>> 0x0030:  0000 0000 0000 0239 3002 3535 0232 3102  .......90.55.21.
>>>>> 0x0040:  3732 0769 6e2d 6164 6472 0461 7270 6100  72.in-addr.arpa.
>>>>> 0x0050:  000c 0001                                ....
>>>>> 10:09:23.773839 IP dns1.swip.net.53 > Joe.3044:  14727 1/7/8 
>>>>> PTR[|domain]
>>>>> 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
>>>>> 0x0010:  019a 0fd9 4000 f311 b217 82f4 7fa1 c0a8  ....@...........
>>>>> 0x0020:  0124 0035 0be4 0186 f081 3987 8180 0001  .$.5......9.....
>>>>> 0x0030:  0001 0007 0008 0239 3002 3535 0232 3102  .......90.55.21.
>>>>> 0x0040:  3732 0769 6e2d 6164 6472 0461 7270 6100  72.in-addr.arpa.
>>>>> 0x0050:  000c 0001 c00c 000c 0001 0001 27dd 0025  ............'..%
>>>>> 10:09:24.787670 IP Joe.3045 > dns1.swip.net.53:  20356+ PTR? 
>>>>> 161.127.244.130.in-addr.arpa. (46)
>>>>> 0x0000:  00a0 c522 2821 0080 ad05 3e1a 0800 4500  ..."(!....>...E.
>>>>> 0x0010:  004a 5c50 0000 8011 19f1 c0a8 0124 82f4  .J\P.........$..
>>>>> 0x0020:  7fa1 0be5 0035 0036 eea2 4f84 0100 0001  .....5.6..O.....
>>>>> 0x0030:  0000 0000 0000 0331 3631 0331 3237 0332  .......161.127.2
>>>>> 0x0040:  3434 0331 3330 0769 6e2d 6164 6472 0461  44.130.in-addr.a
>>>>> 0x0050:  7270 6100 000c 0001                      rpa.....
>>>>> 10:09:24.987985 IP dns1.swip.net.53 > Joe.3045:  20356 1/5/8 (359)
>>>>> 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
>>>>> 0x0010:  0183 0fda 4000 f311 b22d 82f4 7fa1 c0a8  ....@....-......
>>>>> 0x0020:  0124 0035 0be5 016f 9fc7 4f84 8180 0001  .$.5...o..O.....
>>>>> 0x0030:  0001 0005 0008 0331 3631 0331 3237 0332  .......161.127.2
>>>>> 0x0040:  3434 0331 3330 0769 6e2d 6164 6472 0461  44.130.in-addr.a
>>>>> 0x0050:  7270 6100 000c 0001 c00c 000c 0001 0000  rpa.............
>>>>> 10:09:25.967812 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:

>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 
>>>>> 56212604 0,nop,wscale 2>
>>>>> 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
>>>>> 0x0010:  003c a0f0 4000 2906 6f90 4815 375a c0a8  .<..@.).o.H.7Z..
>>>>> 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
>>>>> 0x0030:  16d0 98ef 0000 0204 0578 0402 080a 0359  .........x.....Y
>>>>> 0x0040:  bc7c 0000 0000 0103 0302                 .|........
>>>>> 10:09:31.968696 IP 90.55.21.72.reverse.layeredtech.com.39142 > Joe.80:

>>>>> S 3993964586:3993964586(0) win 5840 <mss 1400,sackOK,timestamp 
>>>>> 56218604 0,nop,wscale 2>
>>>>> 0x0000:  0080 ad05 3e1a 00a0 c522 2821 0800 4500  ....>...."(!..E.
>>>>> 0x0010:  003c a0f2 4000 2906 6f8e 4815 375a c0a8  .<..@.).o.H.7Z..
>>>>> 0x0020:  0124 98e6 0050 ee0f 102a 0000 0000 a002  .$...P...*......
>>>>> 0x0030:  16d0 817f 0000 0204 0578 0402 080a 0359  .........x.....Y
>>>>> 0x0040:  d3ec 0000 0000 0103 0302                 ..........
>>>>>
>>>>> Here is an the virtual host definitions extract from my conf file:
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>>    ServerAdmin lextrait@tele2.fr
>>>>>    DocumentRoot C:/www/Aurinko
>>>>>    ServerName www.aurinko.com
>>>>>    ErrorLog logs/www.aurinko.com-error_log
>>>>>    CustomLog logs/www.aurinko.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>>    ServerAdmin lextrait@tele2.fr
>>>>>    DocumentRoot C:/www/Thomas
>>>>>    ServerName thomas.lextrait.com
>>>>>    ErrorLog logs/thomas.lextrait.com-error_log
>>>>>    CustomLog logs/thomas.lextrait.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>> <VirtualHost 192.168.1.36:80>
>>>>>    ServerAdmin lextrait@tele2.fr
>>>>>    DocumentRoot C:/www/Lextrait
>>>>>    ServerName www.lextrait.com
>>>>>    ErrorLog logs/www.lextrait.com-error_log
>>>>>    CustomLog logs/www.lextrait.com-access_log common
>>>>> </VirtualHost>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> The official User-To-User support forum of the Apache HTTP Server 
>>>>> Project.
>>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server 
>>>> Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message