Webserver/router problem

[Werdna]

Hi,

I was trying to set up my computer as a webserver, running Apache on WinXP. It works just fine behind my router, but from the outside it simply doesn't find the server. I happened to find some similar topics on this forum but not with the same problem.

I have set up port forwarding and this -seems- to work. I can access the website through my external IP (as long as I'm behind the router), which doesn't work if I disable the port forwarding. I tried using different ports than 80 with the exact same result. The only firewall in between is on the router and those ports are opened. It's a Topcom BR 604.

If anyone could give me some hints on what might be wrong here, I'd appreciate it

 

[DelJo63]

I've done this many times -- it sounds like you've done it correctly, BUT ...

To test public access to your site, you (and your users) will need to know
the CURRENT public ip address of your router. Typically you access the
router (locally) via your browser and get the public DNS,Gateway and IP addresses
for your router; give the public ip to your user to access as
http://your-public-address/

the request goes to your-public-address, port forward port 80 to your
private LAN address, eg 192.168.0.2
and Apache will return the index.html file content
(btw: http://your-public-address without the trailing '/' will always fail with this setup)

your Apache must be configured;

Listen 0.0.0.0:80
Listen 0.0.0.0:20080​

or

Listen 127.0.0.1
Listen 192.168.0.2​

the first is more general, documents using multiple ports, and will use ANY
nic address available.

 

[Werdna]

Thanks for the quick response!

To test public access to your site, you (and your users) will need to know the CURRENT public ip address of your router.

I know this, and it's static.

port forward port 80 to your private LAN address, eg 192.168.0.2

This I did.

Listen 0.0.0.0:80
Listen 0.0.0.0:20080​

I tried it with a few different ports already, or why should you listen to 20080? I tried and it didn't make a difference.

Listen 127.0.0.1
Listen 192.168.0.2​

Here I don't understand what you mean. If I substitute "Listen 80" with those two lines Apache complains there is no port number (as it should).

 

[Werdna]

Here are some pics of the configuration:


My server is on 192.168.1.101, Apache is on port 33333. The firewall has that port opened, as seen in the picture. Apache itself is working fine and I can access the website just fine from another computer behind the router through "http://[public IP]:33333/" or "http://192.168.1.101:33333/". But it doesn't work from anywhere else, it simply doesn't find the server.

I have to be missing something blindingly obvious and my only conclusion so far is that I'm an *****

 

[DelJo63]

Listen 127.0.0.1
Listen 192.168.0.2

Here I don't understand what you mean. If I substitute "Listen 80" with those two lines Apache complains there is no port number (as it should).

LISTEN is a different directive than PORT.
As shown, the two LISTEN directives cause Apache2 to be accessible by the
LOCALHOST name (which is always 127.0.0.1; http://localhost/) or be the LAN address (assumed here to 192.168.0.2 http://192.168.0.2/)

If port forwarding (port 80) is working, then access by your public address will
arrive on the Listen 192.168.0.2 on the default port(80)

192.168.0.2 is an example and you need to map your lan address everywhere it is seen in this post!

You should be aware that an ISP has the right (an frequently does so) to
block well known server ports, such as 20,21,22,23,80,143

If you force your Apache to LISTEN on 192.168.0.2:20080 AND
access your site via http://your-public-ip:20080/, it is highly unlikely
that the ISP will intervene in the transaction

 

[Werdna]

I'm not quite sure what you mean, but, if I write:
LISTEN 33333
It will accept any IP on that port, as far as I understand it. So this should not be a problem, and it shouldn't matter if I specify an IP or not? If I instead specify the private IP for my router like this:
LISTEN 192.168.1.1:33333
Then the server refuses to start, with no useful error message. Where am I going wrong there?

My ISP doesn't block port 80. I tried it on other ports (like 33333) anyway but it doesn't make a difference.

 

[DelJo63]

What version of Apache are you running?

Apache 2.0.55 directives:

LISTEN is used to restrict the server to respond to IP address requests
PORT is used to change just the port used for access
and listen iport is valid syntax.


>LISTEN 192.168.1.1:33333 Then the server refuses to start, with no useful error message.

sounds like Apache didn't find that ip to be accessible; are you sure that's the lan address?

>My ISP doesn't block port 80. I tried it on other ports (like 33333) anyway but it doesn't make a difference.

how can you tell?

All I can say is, when the configuration is correct for your environment,
it is possible to do what you are attempting. Find the log files to see
what is happening.

 

[Werdna]

>sounds like Apache didn't find that ip to be accessible; are you sure that's the lan address?

Yep.


> how can you tell?

Because the website is still not accessible from the outside.


> Find the log files to see what is happening.

This, among other things:
[notice] Child 788: Starting thread to listen on port 33333.
[notice] Parent: Received shutdown signal -- Shutting down the server.
It's not really telling me anything useful...

 

[DelJo63]

> how can you tell?

Because the website is still not accessible from the outside.

Sorry, there's many reasons for that symptom and so far that is
not a supportable conclusion. If your mind is made up -- best wish -- I can't
help you much further.

 

[Werdna]

That the site isn't accessible is not a conclusion, it's a simple fact. I didn't make any conclusions in that post.

If you mean how I know my ISP doesn't block port 80 - because I asked them.

"listen iport" is as far as I know valid syntax. But it wasn't working for me, I have no idea why.

Never mind, I don't understand you half the time anyway and it'll be a few weeks before I can try this again. But thanks for trying though

 

[DelJo63]

Recall the statement was:
>>My ISP doesn't block port 80. I tried it on other ports (like 33333) anyway
>>but it doesn't make a difference.
and I asked
>how can you tell?

your reply:

That the site isn't accessible is not a conclusion, it's a simple fact. I didn't make any conclusions in that post.

why inaccessible may be true, it did not relate to the question asked; but finally

If you mean how I know my ISP doesn't block port 80 - because I asked them.

we get a usable answer.

Sorry, but I'm not clairvoyant and can only deal with what you report and must
assume that when you say you've done something (eg port forward the router), that
A) that is a fact which was performed correctly and
B) your router is 100% functional.

Summary:
when the public ip-address is known,
there is a port forward from your router to the LAN address of your server,
which is LISTENing on your server specific port,
will allow an Internet user to access your LAN hosted server via
http:// your-public-ip : your-server-specific-port /
with the assumption that the ISP does not block your-server-specific port
and the firewall on the server host allows TCP/input on your-server-specific port from all sources.

N.B: the public URL *MUST* contain the trailing '/'