Cant load website from remote computer

[etopeter]

I just installed FC 4 and everything seemd to be fine. Now I have problem with my web server. The process is running and I can view the website if im on the server but if I switch to another computer and try to connect via HTTP I cant load anything (dead). FTP is working fine and I can connect from both computers.

My firewall is on but I allowed HTTP and FTP there (aslo eth0 and pppd is checked as trusted).

Can anyone help me with this?

[jim]

Selinux
Plain and simple

Code:

system-config-securitylevel

select selinux

open the htppd section and put a check into the disable selinux on httpd deamons

then restart httpd

[etopeter]

Unfortuneately its still not working. I looked at FTP SELinux settings and the protection deamon is not checked there. After killall -HUP httpd there are no changes.

FTP working HTTP not.

Where should I look for errors? All connctions I have in /var/log/httpd I have from 127.0.0.1. Nothing from remote computer so I dont think its httpd problem but some firewall security issue.

I tried also to disable SELinux and restart my machine but it doesnt change anything. When I'm connectiong through external computer still cant load HTTP but can login in to FTP.

[jim]

do you have a router ?

[etopeter]

I have DSL modem that splits connection but 2 computers are connected to Internet independly. There isnothing to configure.
From my client computer I can login to FTP. I did it in the past and everything worked fine.
I installed Fedora Core 3 and I have the same problem. I also tried Mandrake 10.1 but I cant configure my DSL connection there so I dont know if Httpd works fine or not.
Mayby I should change distribution? What is the best and easyiest to maintain for begginer like me and still have full packet of security and webserver?

[jim]

do you havea registared domain name? are you using a dyndns account?


what is the name of the site?

[etopeter]

I have dynamic IP You can try:

ftp://68.237.2.72/ <- is working
http://68.237.2.72/ <- not working

There is no name of the site yet. I installed only php script but the point is that I want to use this server as a commercial website.

[jim]

results from NQT

Quote:

68.237.2.72 resolved to pool-68-237-2-72.ny325.east.verizon.net

DNS Query Results:


; <<>> DiG 9.2.5 <<>> any pool-68-237-2-72.ny325.east.verizon.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5576
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;pool-68-237-2-72.ny325.east.verizon.net. IN ANY

;; ANSWER SECTION:
pool-68-237-2-72.ny325.east.verizon.net. 86400 IN A 68.237.2.72

;; AUTHORITY SECTION:
ny325.east.verizon.net. 25487 IN NS ns2.bellatlantic.net.
ny325.east.verizon.net. 25487 IN NS ns4.verizon.net.
ny325.east.verizon.net. 25487 IN NS ns1.bellatlantic.net.
ny325.east.verizon.net. 25487 IN NS ns2.verizon.net.

;; ADDITIONAL SECTION:
ns1.bellatlantic.net. 49673 IN A 199.45.32.40
ns2.verizon.net. 12711 IN A 151.203.0.86
ns2.bellatlantic.net. 29275 IN A 199.45.32.41
ns4.verizon.net. 70791 IN A 151.203.0.87

;; Query time: 100 msec
;; SERVER: 24.93.1.118#53(24.93.1.118)
;; WHEN: Mon Sep 26 18:47:24 2005
;; MSG SIZE rcvd: 222

WWWhois Results:

Connecting to whois.crsnic.net...

NOT FOUND: No match for 68.237.2.72

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "68.237.2.72".

>>> Last update of whois database: Mon, 26 Sep 2005 14:58:28 EDT <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

IP Whois Results:

Connecting to whois.arin.net...

Verizon Internet Services VIS-68-236 (NET-68-236-0-0-1)
68.236.0.0 - 68.239.255.255
Verizon VZ-DSLDIAL-NYCMNY-25 (NET-68-237-0-0-1)
68.237.0.0 - 68.237.127.255

# ARIN WHOIS database, last updated 2005-09-25 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Checking Port 80...

Port 80 does not appear to be open.
Ping Results:

PING 68.237.2.72 (68.237.2.72) 56(84) bytes of data.

--- 68.237.2.72 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4026ms

Since thewre is no DNS name this could part of the problem. the other is thae fact that port 80 isn't open hence the reason why traffic is not allowed on port 80

what is in /etc/httpd/conf/httpd.conf

[jim]

Quote:

Originally Posted by etopeter

I have dynamic IP You can try:

ftp://68.237.2.72/ <- is working
http://68.237.2.72/ <- not working

There is no name of the site yet. I installed only php script but the point is that I want to use this server as a commercial website.

Is this the IP you have all day long?

stupid question
Do you have apache installed ?

write a quick page

PHP Code:

<? php
phpinfo (); 
?>

and try to browse that

[etopeter]

My IP has changed before you did this test.

68.237.47.98 its my current IP and I'll keep as long as I can (possibly to your reply).
Ftp works (strange because not from browser anymore but only FTP client)
Http don't.

/etc/httpd/httpd.conf
says Listen 80
so I assume its correct. I still can connect to apache via my server (graphical Firefox) and it just works. Everything is default after install settings except : SELinux httpd service -> Disable SELinux protection... is checked.

Thank You verry much for interest and big help.

EDIT: I noticed that I can connect via SSH from remote computer. SSH works!

[jim]

there isn't a hash like so...
# listen 80

Cuz if not something is blocking port 80

in your drl modem can you configure it to allow traffic inccomming on port 80 through to your server?

[etopeter]

My DSL modem shouldnt block anything. I saw once that you can set something but its not important. FTP and SSH is working why HTTP?
There is no hash in the Listen 80 line in httpd.conf (From my server I can view the site guess its same port 80).
When I checked eth0 and ppp0 as trusted im able to view FTP via browser (from external computer).
Very wired because all the settings are from default installation - is it common in Fedora 4? I installed FC 3 before and I had the same problem...

[jim]

If you installed FC3 and now Fc4 and you still ahve the samee problem, It has something to do either with
A) you configuration is incorrect
B) you ISP monitors traffic and has disabled the ability to run a webserver from your PC ( unlikely tho)

what IP address does each of your PC's get is it always dynamic? In your case I would ask if someone you know has a router for you to test a setup.
allow traffic in on port 80 and route it all to your webserver. seems that when a request is made to your server is being blocked because you either do not have port 80 open or the request doesn't know where to go.

From my scan above, I would have to say that port 80 isn't open
open a terminal and type tail -50 /var/log/messages

see if you have any avc errors listed

[gavinw6662]

have you looked at a firewall to? Is your firewall set to let outgoing traffic through?? As well as you need to be able to receive responses on port 80.....

[etopeter]

I dont think its my ISP this thing is driving me crazy!

How can I check my firewall? Is this only what I can change in SYSTEM Settings -> Security Level ?
Is there any other way to see what is firewall blocking?

from avc "errors" by typing tail -50 /var/log/messages i have:

localhost dbus: avc: received policyload notice (seqno=2)
localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain lenght 1
localhost dbus: avc: received policyload notice (seqno=2)
localhost dbus: avc: 5 AV entries and 5/512 buckets used, longest chain lenght 1