Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th August 2006, 20:14
ubuntu server newbie ubuntu server newbie is offline
Junior Member
 
Join Date: Aug 2006
Location: Phuket
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default ports open?

This is my first attempt at getting either linux or a server running, I'm using ubutnu server 6.06 but I had to get gnome as I wasn't getting very far with only a shell.

I'm having trouble getting Apache2 working.

I get the apache default page when I point firefox to the lan ip using another computer on my lan so I assume it's running ok. I get a connection refused message when I use my wan ip with port 80 (ISP block maybe?) and a firefox couldn't establish a connection error with port 280 (I chose post 280 at random), firefox seems to come up with the error message far too quickly to actually be checking it.

I'm not running a firewall on my PC or router. I'm pretty sure that I've forwarded the ports at my router as I'm running emule sucessfully on another computer with ports forwarded ok. Apache2 is listening on 80 and 280 and it's been restarted since I've updated ports.conf.

whatsmyip.org tells me that my port 280 is open but port scan in the network tool applet says it's closed.

I don't get it, can anyone help?

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 11th August 2006, 09:07
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

what you could do is to check if your machine retrieves packets e.g. on port 80 / 280 run the following on the shell while trying to reach your machine from outside:

tcpdump dst port 80

if you do not see any packets check
iptales -L to verify no iptables is running.

Can you find sth. in the router log?
Reply With Quote
  #3  
Old 11th August 2006, 11:35
ubuntu server newbie ubuntu server newbie is offline
Junior Member
 
Join Date: Aug 2006
Location: Phuket
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

tcpdump dst port 280 output

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:07:29.494367 IP 192.168.1.3.37736 > myip.myip.myip.myip.280: S 227089780:227089780(0) win 5840 <mss 1460,sackOK,timestamp 5943429 0,nop,wscale 2>
16:07:29.668747 IP 192.168.1.3.37737 > myip.myip.myip.myip.280: S 229892125:229892125(0) win 5840 <mss 1460,sackOK,timestamp 5943446 0,nop,wscale 2>

I thought the problem might have been something to do with my router so I got an old one out but had the same problem. Obviously the request is getting through so the obvious question is why's it being refused?

Here's the some of the output for netstat -lp

tcp6 0 0 *:www *:* LISTEN 30433/apache2
tcp6 0 0 *:60213 *:* LISTEN 30433/apache2
tcp6 0 0 *:280 *:* LISTEN 30433/apache2
tcp6 0 0 *:281 *:* LISTEN 30433/apache2
tcp6 0 0 *:https *:* LISTEN 30433/apache2
tcp6 0 0 *:1180 *:* LISTEN 30433/apache2

Why is the protocol tcp6? The other entries are just tcp?

I saw on another forum that someone who had a similar problem had a DNS issue with their router (their router didn't know where to forward the request to in the LAN) but the tcpdump show that the request is getting through right?

Thanks for your help
Reply With Quote
  #4  
Old 11th August 2006, 11:47
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Sorry my fault, pls try tcpdump without "dst", that we can see if the traffic gets back to the router.

The router does not care about DNS in case of forwarding.
Reply With Quote
  #5  
Old 11th August 2006, 12:27
ubuntu server newbie ubuntu server newbie is offline
Junior Member
 
Join Date: Aug 2006
Location: Phuket
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

tcpdump port 80 output

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:22:07.668256 IP 192.168.1.3.44711 > palo5.pacific.net.th.www: S 668177623:668177623(0) win 5840 <mss 1460,sackOK,timestamp 6391246 0,nop,wscale 2>
17:22:07.697672 IP palo5.pacific.net.th.www > 192.168.1.3.44711: S 220399697:220399697(0) ack 668177624 win 5792 <mss 1360,sackOK,timestamp 439737840 6391246,nop,wscale 0>
17:22:07.697815 IP 192.168.1.3.44711 > palo5.pacific.net.th.www: . ack 1 win 1460 <nop,nop,timestamp 6391249 439737840>
17:22:07.701892 IP 192.168.1.3.44711 > palo5.pacific.net.th.www: P 1:423(422) ack 1 win 1460 <nop,nop,timestamp 6391249 439737840>
17:22:07.738700 IP palo5.pacific.net.th.www > 192.168.1.3.44711: . ack 423 win 6432 <nop,nop,timestamp 439737844 6391249>
17:22:09.550681 IP palo5.pacific.net.th.www > 192.168.1.3.44711: . 1:1349(1348) ack 423 win 6432 <nop,nop,timestamp 439738024 6391249>
17:22:09.550771 IP 192.168.1.3.44711 > palo5.pacific.net.th.www: . ack 1349 win 2184 <nop,nop,timestamp 6391434 439738024>
17:22:09.552264 IP palo5.pacific.net.th.www > 192.168.1.3.44711: P 1349:1424(75) ack 423 win 6432 <nop,nop,timestamp 439738024 6391249>
17:22:09.552335 IP 192.168.1.3.44711 > palo5.pacific.net.th.www: . ack 1424 win 2184 <nop,nop,timestamp 6391434 439738024>

and 280

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:24:06.914667 IP 192.168.1.3.36862 > palo5.pacific.net.th.280: S 787567821:787567821(0) win 5840 <mss 1460,sackOK,timestamp 6403171 0,nop,wscale 2>
17:24:06.943900 IP palo5.pacific.net.th.280 > 192.168.1.3.36862: R 0:0(0) ack 787567822 win 0
17:24:07.015253 IP 192.168.1.3.36863 > palo5.pacific.net.th.280: S 785698767:785698767(0) win 5840 <mss 1460,sackOK,timestamp 6403181 0,nop,wscale 2>
17:24:07.043171 IP palo5.pacific.net.th.280 > 192.168.1.3.36863: R 0:0(0) ack 785698768 win 0

Thanks
Reply With Quote
  #6  
Old 11th August 2006, 12:33
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

So I'd say that looks good.
Do you see anything in the apache access logs while accessing? Normally you should.
What you could do is saving the output of tcpdump to a capture file and take a look with ethereal at the packets content to see what the apache returned.
tcpdump port 80 -W /tmp/youcapturefile.cap

What I' wondering is, why your client does not get anything. Does the router have any logs where you could take a look at?
Reply With Quote
  #7  
Old 11th August 2006, 17:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

What's the output of
Code:
iptables -L
?
Do you use a domain or an IP address to connect to your server from outside your LAN?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:

Last edited by falko; 12th August 2006 at 17:36.
Reply With Quote
  #8  
Old 13th August 2006, 21:15
ubuntu server newbie ubuntu server newbie is offline
Junior Member
 
Join Date: Aug 2006
Location: Phuket
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I apologise for the long post in advance.

My iptables were empty (the same as now, see below) so I thought that I'd do a clean install just in case I'd changed something (to aviod needle in a haystack) as I'm only using this pc to learn linux so I'm not losing anything.

My current (new) OS is Ubuntu server 6.06 LAMP option with ubuntu desktop, amule, build-essential packages, I've also run update and upgrade.

I bought a new ethernet PCI card which I'm using now.

I still have the same problem so back to basics seemed the best way so I've tried to cover every step
  • I'm running emule ok (High id) on another pc on my lan and amule on this computer (also High id) with ports 4662 and 4672 open so I'm happy that port forwarding with my router is ok
  • The fact that amule can act as server (it's uploading files) from this setup also means that tcp data can get out past my router
  • Apache2 seems to be working to some extent as it's serving the default page to another computer on my lan (I entered an internal ip into firefox on another computer)
  • Since amule can use 4662 I tried to get apache to use it by adding 'Listen 4662 to ports.conf for apache2 and restarted it, still no joy
  • I get output for tcpdump dst port 80 and tcpdump port 80 when requesting from external IP so I thought I'd try to run amule on port 80, doesn't work even though the amule test page says that 80's open (anomily ?)
  • At all times when trying to request a page I'm using IP address, not FQDN or any other domain name.
  • Maybe the IP address(s) I'm using are wrong? portforward.com and myip.dk both give me what I believe to be my extrenal IP address, however whatsmyip.org and amule are a showing different IP address – one that I believe is the IP of my router on my ISP's lan. When I try this IP I get my router's set up page.

  • My ip tables are empty (only headers), see below
    Router log only lists boot, connection etc – nothing useful
Router seems to be ok (amule works)
apache seems to be ok (can serve to lan IP)
ISP doesn't appear to be blocking access to post 80 (amule test page says port open)
I get a connection refused (111) error on port 80, even though I see output on tcpdump, but error 'Firefox can't establish a connection to the server' on any other port. The errors come up pretty quickly, quicker than I see the tcpdump output and not slow enough for a genuine timeout/server not responding.


The most obvious thing to me is that the protocol for apache2 is tcp6, not tcp – why is that? Can my ISP handle tcp6? (they won't tell me as I'm sure they don't know themselves, I only have the choice of 1 ISP and they're useless) Can I change it to tcp to eliminate it? All I did to install the new ethernet card was put it in and boot – could there be a problem with the driver? Can I follow the packets (how)?



netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:36230 *:* LISTEN 4302/hpiod
tcp 0 0 localhost:mysql *:* LISTEN 4596/mysqld
tcp 0 0 *:4662 *:* LISTEN 6721/amule
tcp 0 0 localhost:ipp *:* LISTEN 5373/cupsd
tcp 0 0 localhost:60314 *:* LISTEN 4308/python
tcp6 0 0 *:www *:* LISTEN 6642/apache2
tcp6 0 0 *:81 *:* LISTEN 6642/apache2
udp 0 0 *:4665 *:* 6721/amule
udp 0 0 *:4672 *:* 6721/amule

amule output

tcpdump dst -i2 port 4662
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:09:00.601442 IP 195-150-178-66.jtb.pl.distcc > 192.168.1.4.4662: P 984866779:984866862(83) ack 457039173 win 65300
01:09:00.648000 IP 192.168.1.4.57565 > 195.74.247.98.4662: F 360434971:360434971(0) ack 3118294436 win 1728 <nop,nop,timestamp 243550 4338418>
01:09:00.651018 IP 195-150-178-66.jtb.pl.distcc > 192.168.1.4.4662: P 83:138(55) ack 1 win 65300
01:09:00.757998 IP 192.168.1.4.49706 > dslb-088-073-052-050.pools.arcor-ip.net.4662: P 455262406:455262428(22) ack 1978081104 win 1728 <nop,nop,timestamp 243561 2745896>
01:09:00.789720 IP 192.168.1.4.47249 > 201.37.227.32.4662: . ack 3253590533 win 1460 <nop,nop,timestamp 243564 202607>
^F^X01:09:00.955511 IP 81.240.132.176.50950 > 192.168.1.4.4662: . ack 460441369 win 65217

6 packets captured
584 packets received by filter
462 packets dropped by kernel

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Output when using exteral IP address to request

tcpdump dst -i2 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:19:58.426512 IP 192.168.1.4.35962 > pppBKK-150-132.pacific.net.th.www: S 1156142549:1156142549(0) win 5840 <mss 1460,sackOK,timestamp 309327 0,nop,wscale 2>
01:19:58.872206 IP 192.168.1.4.35962 > pppBKK-150-132.pacific.net.th.www: . ack 4028938538 win 1460 <nop,nop,timestamp 309372 459915587>
01:19:58.872383 IP 192.168.1.4.35962 > pppBKK-150-132.pacific.net.th.www: P 0:422(422) ack 1 win 1460 <nop,nop,timestamp 309372 459915587>
01:19:59.293302 IP 192.168.1.4.35962 > pppBKK-150-132.pacific.net.th.www: . ack 1349 win 2184 <nop,nop,timestamp 309414 459915628>
01:19:59.294867 IP 192.168.1.4.35962 > pppBKK-150-132.pacific.net.th.www: . ack 1430 win 2184 <nop,nop,timestamp 309414 459915628>
^X
5 packets captured
10 packets received by filter
0 packets dropped by kernel


tcpdump -i2 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:21:58.270402 IP 192.168.1.4.35964 > pppBKK.www: S 1284248063:1284248063(0) win 5840 <mss 1460,sackOK,timestamp 321312 0,nop,wscale 2>
01:21:58.909341 IP pppBKK.www > 192.168.1.4.35964: S 4162375405:4162375405(0) ack 1284248064 win 5792 <mss 1360,sackOK,timestamp 459927591 321312,nop,wscale 0>
01:21:58.909454 IP 192.168.1.4.35964 > pppBKK.www: . ack 1 win 1460 <nop,nop,timestamp 321376 459927591>
01:21:58.918413 IP 192.168.1.4.35964 > pppBKK.www: P 1:423(422) ack 1 win 1460 <nop,nop,timestamp 321377 459927591>
01:21:59.568870 IP pppBKK.www > 192.168.1.4.35964: . ack 423 win 6432 <nop,nop,timestamp 459927657 321377>
01:21:59.700681 IP pppBKK.www > 192.168.1.4.35964: . 1:1349(1348) ack 423 win 6432 <nop,nop,timestamp 459927669 321377>
01:21:59.700750 IP 192.168.1.4.35964 > pppBKK.www: . ack 1349 win 2184 <nop,nop,timestamp 321455 459927669>
01:21:59.701899 IP pppBKK.www > 192.168.1.4.35964: P 1349:1430(81) ack 423 win 6432 <nop,nop,timestamp 459927669 321377>
01:21:59.701957 IP 192.168.1.4.35964 > pppBKK.www: . ack 1430 win 2184 <nop,nop,timestamp 321455 459927669>
^X
9 packets captured
18 packets received by filter
0 packets dropped by kernel

amule porttest webpage successful on port 80

tcpdump -i2 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:41:59.871814 IP 192.168.1.4.41066 > 1.0.0.0.www: P 2507444376:2507444865(489) ack 1083300088 win 1728 <nop,nop,timestamp 441471 460043888>
01:42:00.242375 IP 1.0.0.0.www > 192.168.1.4.41066: . ack 489 win 7504 <nop,nop,timestamp 460047729 441471>
01:42:01.016957 IP 1.0.0.0.www > 192.168.1.4.41066: P 1:824(823) ack 489 win 7504 <nop,nop,timestamp 460047805 441471>
01:42:01.017027 IP 192.168.1.4.41066 > 1.0.0.0.www: . ack 824 win 2140 <nop,nop,timestamp 441586 460047805>
01:42:16.745726 IP 1.0.0.0.www > 192.168.1.4.41064: F 1086988376:1086988376(0) ack 2503559107 win 6432 <nop,nop,timestamp 460049379 437246>
01:42:16.778008 IP 192.168.1.4.41064 > 1.0.0.0.www: . ack 1 win 1728 <nop,nop,timestamp 443163 460049379>
01:42:17.044069 IP 192.168.1.4.41065 > 1.0.0.0.www: P 2501251009:2501251496(487) ack 1084090170 win 1996 <nop,nop,timestamp 443189 460044712>
01:42:17.376210 IP 1.0.0.0.www > 192.168.1.4.41065: . ack 487 win 8816 <nop,nop,timestamp 460049442 443189>
01:42:18.531348 IP 1.0.0.0.www > 192.168.1.4.41065: P 1:677(676) ack 487 win 8816 <nop,nop,timestamp 460049557 443189>
01:42:18.531417 IP 192.168.1.4.41065 > 1.0.0.0.www: . ack 677 win 2334 <nop,nop,timestamp 443338 460049557>
01:42:23.118435 IP 192.168.1.4.41064 > 1.0.0.0.www: F 1:1(0) ack 1 win 1728 <nop,nop,timestamp 443797 460049379>
01:42:23.667918 IP 1.0.0.0.www > 192.168.1.4.41064: . ack 2 win 6432 <nop,nop,timestamp 460050071 443797>
^X
12 packets captured
24 packets received by filter
0 packets dropped by kernel
Reply With Quote
  #9  
Old 14th August 2006, 18:11
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by ubuntu server newbie
The most obvious thing to me is that the protocol for apache2 is tcp6, not tcp – why is that?
Can you post your Listen directives from your Apache configuration here?
Also have a look here: http://httpd.apache.org/docs/2.0/mod...on.html#listen
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 14th August 2006, 18:24
ubuntu server newbie ubuntu server newbie is offline
Junior Member
 
Join Date: Aug 2006
Location: Phuket
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I'm trying to use apache2 on a xp computer on my lan to see if I can run a web server with my ISP

Also I'm trying apache 1.3 on my ubuntu server 6.06 LAMP ubuntu-desktop config to see if that works.


The ports.conf output was

Listen 80
Listen 81
Listen 280
Listen 10080

or

Listen (whatever port I'm trying)



Great post about the perfect ubuntu 6.06 server setup, that's where I leart most of what little I know.

Thanks
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 13:29
ISPConfig and 8 IP's (all same open ports) edge Installation/Configuration 3 9th March 2006 07:56
Firewall won't open or close ports Scarecrow Installation/Configuration 1 14th February 2006 09:05
open ports rayit General 6 18th January 2006 14:23
Which ports should I open? Geoinline Installation/Configuration 4 18th November 2005 18:57


All times are GMT +2. The time now is 21:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.