Port 80 error

[jcowdrey]

Hi,

I'm a little stumped as to why port 80 isn't available to the outside world. I've installed ISP Config and it works great. everything works fine locally ie ports 80 81 etc Port 81 is even available to the outside world, but when I try port 80 i'm told theres a connection timout error... my router is setup ok, any ideas?

[jcowdrey]

heres a screen dump of iptables -L


Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT udp -- anywhere anywhere udp dpts:20:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT udp -- anywhere anywhere udp dptop3
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT udp -- anywhere anywhere udp dpt:81
LSI all -- anywhere anywhere

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.0.2 anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- 192.168.0.2 anywhere
ACCEPT tcp -- dns.syd.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns.syd.optusnet.com.au anywhere
ACCEPT tcp -- dns.meb.optusnet.com.au anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns.meb.optusnet.com.au anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.0.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.0.2 192.168.0.2 tcp dpt:domain
ACCEPT udp -- 192.168.0.2 192.168.0.2 udp dpt:domain
ACCEPT tcp -- 192.168.0.2 dns.syd.optusnet.com.au tcp dpt:domain
ACCEPT udp -- 192.168.0.2 dns.syd.optusnet.com.au udp dpt:domain
ACCEPT tcp -- 192.168.0.2 dns.meb.optusnet.com.au tcp dpt:domain
ACCEPT udp -- 192.168.0.2 dns.meb.optusnet.com.au udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'

[jcowdrey]

also... here is the output of netstat -tap command

admin@polo:~$ netstat -tap
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdom:1025 *:* LISTEN -
tcp 0 0 localhost.localdom:1026 *:* LISTEN -
tcp 0 0 localhost.localdo:mysql *:* LISTEN -
tcp 0 0 *:netbios-ssn *:* LISTEN -
tcp 0 0 *:5900 *:* LISTEN 1 4636/vino-server
tcp 0 0 *:81 *:* LISTEN -
tcp 0 0 *:ftp *:* LISTEN -
tcp 0 0 192.168.0.2:domain *:* LISTEN -
tcp 0 0 localhost.locald:domain *:* LISTEN -
tcp 0 0 localhost.localdoma:ipp *:* LISTEN -
tcp 0 0 localhost.localdoma:953 *:* LISTEN -
tcp 0 0 *:smtp *:* LISTEN -
tcp 0 0 *:microsoft-ds *:* LISTEN -
tcp 0 0 192.168.0.2:3215 a-61-9-129-144.depl:www ESTABLISHED1 5745/firefox-bin
tcp 0 0 localhost.localdoma:ipp localhost.localdom:4336 ESTABLISHED-
tcp 0 0 localhost.localdom:1025 localhost.localdom:2866 ESTABLISHED-
tcp 0 0 localhost.localdom:4336 localhost.localdoma:ipp ESTABLISHED1 4695/gnome-cups-ic
tcp 1 0 192.168.0.2:4452 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin
tcp 1 0 192.168.0.2:4443 66.249.89.99:www CLOSE_WAIT 1 5745/firefox-bin
tcp 0 0 localhost.localdom:2866 localhost.localdom:1025 ESTABLISHED-
tcp6 0 0 *:www *:* LISTEN -
tcp6 0 0 *:ssh *:* LISTEN -
tcp6 0 0 ip6-localhost:953 *:* LISTEN -


Any ideas please anyone!

[till]

Do you have any firewall on your router that blocks port 80? Have you restarted your roter correctly after forwarding port 80.

I've just seen your new post. Please dont post the same issue twice within a day

[jcowdrey]

thanks for the reply...

sorry bout posting twice... i was a little desperate...

I have port forwarding for port 80 enabled on my router... setup same as port 81 and port 81 works fine... all forwarded to 192.168.0.2 (my server)

I have a firewall on linux as well (firestarter) and it has port 80 enabled also. if i do a portscan on ispconfig everything looks fine.

It seems as though it must be the router, but i can't seem to work out how... if I watch the log in firestarter and i do a test on port 81 i can see an event entry come through, if i do it for port 80, not entry at all...

[till]

And you are really sure your provider dos not block port 80?

If you can reach port 80 from another PC in your local network, these issues can be only related to your router or your ISP.

I assume you used IP 192.168.0.2 in ISPConfig for the webhost?

[jcowdrey]

thanks again...

I use dodo as my ISP and i called them and they assured me that they don't block port 80, infact they said they don't block any ports...

i will look further at the router... I use a d-link DI-524 router... it's pretty easy to setup... i just don't understand how the following ports 81,22,53,110,25 all work except port 80...

i used 192.168.0.2 as the webhost in ispconfig and also in all dns entries created... oi used to use 192.168.0.2 as the webhost and 149.135.12.8 for all dns entries but i kept getting the "shared IP" webpage for both domains... it works fine under 192.168.0.2...

any more ideas

[Glorfindel]

I doubt this is your problem... but my router sucks and tends to randomly not forward ports that it should be at times. When that happens, I can fix it by forwarding the port in 2-3 different slots... although I think my router's issues are kind of unique, and I doubt that would work for you Thought i'd share just in case though, because that problem caused me a big headache !!

[falko]

Quote:

Originally Posted by jcowdrey

d 192.168.0.2 as the webhost in ispconfig and also in all dns entries created...

In the DNS records for your domains you use 192.168.0.2? Then you can't reach the web sites from the outside because 192.168.0.2 is a private IP address. You must use your public IP address!

[jcowdrey]

i've changed my dns entries to use ip 149.135.12.8 instead of the 192.168.0.2... i get the "shared IP" page now...

I got so desperate with this port 80 issue, I disconected my router and pluged my dsl modem into a 2nd network card on my linux server.... eth0 using 149.135.12.8 and eth1 192.168.0.2...

i turned off all firewalls that I know off... and i ran a port scan from http://scan.sygatetech.com/tcpscan.html and all ports show up fine except port 80... so if it's not my isp dodo, then I'm wondering if apache is setup correctly.... but i guess it would be since it all works fine on my local network.... i'm really stumped!

Also... I'm happy if someone want's to ssh with putty into my system to have a look at config and stuff... i could really use the help... just let me know.