Go Back   WhatIsMyIP.com® Forum > IP and Network Questions > Unix/Linux Networking Questions

Notices

Unix/Linux Networking Questions Ask your Unix/Linux networking questions here.

Closed Thread
 
Thread Tools Display Modes
Old 08-20-2014, 05:34 AM   #1
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default nmap result show my port 80 be filtered, plz help

Dear expert(like Shnerdly):

my webhosting again, have trouble(not work).
under att uverse and motorola NVG510 dsl-router.

my follow some suggestion, test by nmap on all ports in my linux system.

here is what I got.(it ever work, and when it
beginning to not work, I still can use some free proxy site to type in my (public-external)ip(v4) to
see my website. But now it all gone. My firefox just reply "too long , time out".(some one on the
linux list told , it is At&t or us gov block. But whatismyip site response my public ip is not under block list.)

----------------------
Not shown: 65532 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp filtered http
7547/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 11.18 seconds
----------------
plz help, Eric Lin, in LA
fsshl is offline  
Old 08-20-2014, 10:13 AM   #2
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

Your nmap results show that port 80 is "filtered". That means something is blocking nmap from getting a good test result. It could be being blocked by the ISP or it could be a firewall issue.

Have you made any changes on your Linux server or changes to your router or added anything new to your network? If so, try working back to see what is blocking the port.

If you call your ISP, they will tell you if they are blocking any ports on your IP. Unless you have requested it be open, port 25 will certainly be blocked by them but they may also be blocking port 80 if they are seeing too much traffic on that port to your IP.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 08-20-2014, 03:05 PM   #3
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default

I do try to modify my Apache's(conf, and maybe other) to try to put it as virtual, to accommodate 2 domain names to distribute to my 2 different index.html(webpages), in this same public ip.

I will try to go back to unmodify it,

are you sure it is the problem?(my site, or my isp's
cause?)

looking to hear from you again, thanks a lot ina dvance, eric
fsshl is offline  
Old 08-20-2014, 04:33 PM   #4
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

I'm afraid that I can't be sure of anything at his point.

Are you able to access the Apache server from another computer on your local network?
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 08-20-2014, 11:49 PM   #5
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default

I go to grc.com, to scan my port, the result is my port 80 , was closed (your computer has responded that this port exists but is currently closed to connections.)(purple color).

I use my smart phone connect with wi-fi on same router-dsl, I try to put my eth0,'s inet address(by ifconfig) 192.168.1.71
my smart phone's android browzer response (webpage not available)

-------
I follow web's ubuntu startup apache2's suggestion
---
[email protected]: /home/eric[email protected]:/home/eric# service apach32 restart[[email protected]
* Restarting web server apache2  AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

[ OK ]
]0;[email protected]: /home/eric[email protected]:/home/eric# exit

----------------------------------
am I missing anything?

this machine I use is different from last time I did, which is ever success but be filtered on port80 later-I just tested yesterday on it at grc.com, it is "green" filtered on my all ports, probably because I use virtual server(2 domain name) bind my (same) external ip.

This machine is the one of default on server edition install of ubuntu 13.10 then upgrade to 14.04.(Apache 2.4.7(ubuntu)server -on 127.0.0.1 on port 80)(which shown when I type in localhost or 127.0.0.1)

so that looks my other network computer under Motorola's NVG510, wont see this machine's webbrodcasting.

looking to hear from you again soon, thanks a lot in advance, Eric
fsshl is offline  
Old 08-21-2014, 12:29 AM   #6
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

Your server is telling you that it has a problem starting Apache.

Try to undo your vhosts setup and see if a single domain will work. Try it from your LAN, if that works try it from the Internet.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 08-21-2014, 11:47 AM   #7
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default

yes
that is what I do(did) now.

but it still not work,
I tried grc.com, to scan my common port, my port 80
on this new system-only brocast one site, is (closed).

------
Your Internet connection's IP address is uniquely associated with the following "machine name":

99-116-254-135.lightspeed.irvnca.sbcglobal.net
---------
grc.com response me above before I proceed their scan. is that have problem to be stick with lightspeed.irvnca.sbcglobal.net after my ipv4?

looking to hear from you again soon, Eric
fsshl is offline  
Old 08-21-2014, 02:03 PM   #8
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

Before you even look at scanning your ports, you need to get Apache working on the server. If you scan the port when Apache is down it will give you the error you are getting. It will see that Port 80 is forwarded but it's not getting a response from the machine port 80 is forwarded to.

You need to fix Apache before moving forward with anything else.

Going by the error you got from Apache, you need to set the ServerName in the apache.conf file or httpd.conf file, which ever you have. Because you are running vhosts, you would set the Server name to the Internal IP of the server including the port number as follows:

Code:
ServerName 192.168.1.71:80
Then make sure you either have the vhsts information syntax enter correctly in the apache.conf file or that you have it set to include the vhosts.conf file and then make sure the vhosts.conf syntax is correct.

A sample vhost entry would look like this:

Code:
<VirtualHost *:80>
ServerName <your external IP>
ServerAlias <your external IP>
DocumentRoot /srv/http
</VirtualHost>

<VirtualHost *:80>
ServerName whatever.com
ServerAlias www.whatever.com
DocumentRoot /srv/http/whatever
</VirtualHost>

<VirtualHost *:80>
ServerName whatever2.com
ServerAlias www.whatever2.com
DocumentRoot /srv/http/whatever2
</VirtualHost>
In the first sample, you would put your External IP as the ServerName and Server Alias without the < and >, for example:

ServerName 123.456.789.0

The DocumentRoot entry would be the full path from root of the machine to the apache html files.

In the second and third example, you would use your domain names instead of whaterer and whatever2
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.


Last edited by Shnerdly; 08-21-2014 at 02:31 PM. Reason: Additional Info
Shnerdly is offline  
Old 08-21-2014, 11:01 PM   #9
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default

Thanks your rich knowledge on apache to try to help me solve my problem.

the one I ever modify Apache webserver, is not operating(or connect to internet now).

I am using another computer, which is also ubunt-linux and I am follow default so I am sure its
webbrocasting function is well.

Under my test, if I did not forward my this new computer's httpd to my router's external ip, my smart phone(with Android op on it) can see my this new computer's index.html page, when I type in
192.168.1.71
on its url row
(this I tested before, it failed or not work, after
I forward my port from this new computer to my dsl-router(motorola NVG510))
the two lines of scripts I use to forward my port 80 are:
---------
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to (my external ip):80

iptables -A FORWARD -p tcp -d (my external ip) --dport 80 -j ACCEPT
---------

(my rounter, setup, I already open all port and turn
off all security filter)

hint: my this new computer actually is a server, it have 2 LAN holes.

looking to see your advice again, thank a lot in advance., Eric
fsshl is offline  
Old 08-22-2014, 08:30 PM   #10
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

Opening a port is not the same as forwarding it.
To run a webserver, you must forward port 80 to the internal IP of the webserver, or whatever port you want your webserver to operate on.

So can you see the webpage of the server when you go to the Internal IP of the server, 192.168.1.71 ? Just answer this question yes or no, I have a hard time following your explanations.

And you DO NOT forward your webserver to the router, You need to forward the port IN THE ROUTER to the internal IP of the webserver. Until you have it working, do not run the iptables on the webserver.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 08-23-2014, 08:52 PM   #11
fsshl
Member
 
Join Date: Jan 2013
Posts: 12
fsshl is on a distinguished road
Default

So can you see the webpage of the server when you go to the Internal IP of the server, 192.168.1.71 ? Just answer this question yes or no, I have a hard time following your explanations.

Yes
I can use both my smartphone(with wi-fi enable) to
192.168.1.71

-------------------------
And you DO NOT forward your webserver to the router, You need to forward the port IN THE ROUTER to the internal IP of the webserver. Until you have it working, do not run the iptables on the webserver.

so how to?(in last your post about configure my Apache(conf)?)

---------------------------
thanks your help again, Eric
fsshl is offline  
Old 08-23-2014, 08:58 PM   #12
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,108
Shnerdly has disabled reputation
Default

The post about apache.conf is about setting up the server to handle more then one domain, vhosts or virtual hosts.

Turn off the iptables on the apache server and forward port 80 in your router to 192.168.1.71. You managed forwarding the port the last time we were dealing with this. The process is the same.

After you get it working, you can re-establish iptables if you have the need.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Closed Thread

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 02:16 AM.


What Is My IP

Join WhatIsMyIP.com on Facebook Follow WIMI on Twitter

Need IP address location detection service? Get it from IP2Location.com now.

Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright - WhatIsMyIP.com®