Topic: Port 80 not available

[Tony Howden]

Hi All

I am trying to configure a new ADSL connection via Hotkey/Primus in Melbourne.

It all works fine - finally - except that I cannot get port 80 to respond outside of the local network.

I've confirmed via lynx localhost that it works. I can browse to the primary site on the local lan. External access gives a 404.

A port scan says that  port 80 is filtered. Using https: to get to the server-manager works fine, so its not Apache in general, but obviously something relating to the config of the addressing.

DNS config is configured ok as the name resolves for my ssl or ssh connections.

Anyone know if it is possible to have Apache config screwed so that 80 fails, but 443 works ?  I am using a standard sme setup at the moment. Or is it possible that port 80 is messed in the firewall process somehow ?

TIA

cheers
Tony

[Paul]

Hi there

I've got the same problem more or less. I left a message 2 weeks ago or so and unfort. had no reply.

I'll explain my situation and it may differ slightly from yours, but maybe someone can come up with an answer for either one of us or both.....

My website on port 80,443 and 980 or something for server-manager is mostly available from outside. But occasionally it stops responding from outside for roughly 25 minutes on ports 80 & 443, but not port 80. It happens more often if the site gets visited more often, but it also stops with no visitors.

Only port 80,443 stops responding and sometimes port 25. Port 22 with SSH works perfectly everytime. I will log in from outside with SSH, use Lynx on port 80 and the apache/websites work perfectly. From outside it doesn't. (Also an ADSL connection).

If I now reboot the system before the on average 25 minutes is over, the Apache/Sites work again, If I Don't, but wait, then it starts working again after 25 minutes. I just last night reinstalled E-Smith on another machine with basic installation 5.5 with Update 2, own SSL certificates and SMTP-Relay on. For the rest no funnies like htaccess, secure mail, or nothing. NO other RPM installations at all. It is therefore in E-Smith  and NOT the hardware and NOT the ISP as it works again after a reboot.
It also happens at night with no one on line or anything funny like someone using Kazaa on the network.
(I have an external machine with Netsaint which monitors the HTTP every 5 minutes and send me an email and SMS if the e-smith goes down). I can therefore see when it goes down and when it comes up again and how long it has been down for.

I got a feeling that it has something to do with firewalling, but not sure.

I have a standard SERVER installation (Not Gateway), I looked at IPCHAINS and NETSTAT, but see no funnies.(In up and down moments and I compared the results)
Restarting MASQ doesnt help, restarting Apache (httpd) doesn't help, only a reboot helps. (I wouldn't know what else to restart to pinpoint it)

I also eliminated SQUID with restartes, flushing cache,etc.

My next step is to dump e-smith and use a standard RedHat with which I have no problems on other servers as I cannot afford to be off air. I would hate to do it as REALLY like e-smith and Qmail, but won't have a choice.

Any help will be greatly appreciated.

best Regards
Paul

[Marvin]

I had the same exact problem, turned out that I had a corrupt ISO.

I installed it on my
VirtualPC - HTTPS:// = ok, HTTP:// = bad
1u server - HTTPS:// = ok, HTTP:// = bad
P.O.S. Compaq Deskpro - HTTPS:// = ok, HTTP:// = OK

I was like, what the heck! But then I remembered I had used two different disks. One was downloaded a long time ago (about the first couple of days 5.6 came out) and the other was downloaded and burned a month after (because I couldn't find the first one).

That was the only thing I could find.

Then there was a nother problem. The 1U was a test machine, so I was testing other solutions (which suck in comparison to the Mitel SME Server). I had Debian on there and when I put in the BAD SME CD it complained about the file system not being halted properly so I rebooted it and shut down nicely after doing a disk check as well. Second time, still complained, and then gave some script error.

Pissed off to no end because this was taking more than the usual 10 minutes to install I went and got the newer GOOD disc and had no problems installing it. All I had to do was type "More Options" then "Install" and it allowed me to format the existing partitions without giving a script error like the previous one had.

The long and short of it all is that yes, I had the same problem, and you are probably suffering from either a damaged installation CD (corrupted in download) or you got one of the first couple of days ISOs.

Unfortunately, I cannot compare the good ISO to the bad ISO for I took a screwdriver to the bad one out of frustration just seconds after finding that the good one worked!

-=/ Marvin /=-

[Graham Harris]

I've only just woken up and maybe the caffeine hasn't kicked in yet but isn't this just a case of port blocking by the ISP?

At http://www.iprimus.com.au/tc.asp iPrimus says...

4.12  You must not connect a sub-network to the Internet Access, unless iPrimus expressly allows otherwise in writing, including without limitation hosting of FTP, SMTP, HTTP and Proxy Services.

[Tony Howden]

Hi Graham

Damn well hope not, its meant to be a business account specifically for outbound web services, i.e. it should exempt from that issue.

I'd also expect that if they blocked 80 then they'd also be blocking 25, 22, 443, etc. which are working fine.

cheers
Tony

[Tony Howden]

Hi

I am not sure what is happening with your setup and it may be a corrupt iso as with the other report. There is no time out issue with mine and its only a problem with port 80.

In my case I have three sme 5.5 servers running. They have all been operational for at least 6 months. They were configured with one as the gateway to my cable connection. The other two are setup as web email servers.

All of this works fine with the web server being used for live web sites via the gateway and some proxypass directives for apache. So I know that the setup should work and has been stable for quite some time.

Hooking up the new adsl connection to the we server directly everything works as it should except for the port 80 access. I have been through looking at every setting and either I am not seeing something obvious or its something very obscure that is causing default web site to respond with a cannot find server, when all the ibays respond correctly when https is used instead of http.

I have removed all the special config templates that I had running, just to assure myself that it was not something I was doing and its the same result. Its like the server firewall is set to not respond to the external lan for standard http requests.

cheers
Tony

[Jan]

What kind of NIC are you using??

I lost port 80 like your description. Then I corrected the the driver as in: http://www.e-smith.org/bugs/index.php3?op=showBug&bugID=92.

regards Jan

[Paul Wolsink]

Hi there
I use a Gateway 500 with a Realtek NIC and the second machine with the same problem is an NCR 3272 with built in NIC on the motherboard.
Used different drivers with installation. I also use v5.5 and not 5.6.

regards
Paul

[Tim]

I hink this is catching!!! I have been trying to find why my Web Server isn't available to outside world. From the Lan it is fine. It comes and goes with no idea of what is causing it not to work and what is causing it to work again. I'm running 5.5 as server only with one NIC. I have a SonicWall router that directs port 80 to the server as well as other needed ports. Mail services seem to always work, it seems it is just the web that gets blocked from the outside.

Tim

[Paul]

Wel, I'm glad to hear that I'm not the only one with this problem! At least it helps with fault finding.
What I have done now (yesterday) is a fresh 5.5 install with update 2 and absolutely no further users or virtual domains or nothing and gradually I will add everything until I find the problem.
One thing different is that the previous installations were standalone server only installations, and now I have installed server & Gateway with a second network card. Whether that is the problem or not is not know to me at this stage.
I also had like you Tim where it was server only with the ADSL router forwarding everything to the server.
Everything else was available like mail except port 80 & 443 from outside.
It could therefore be that it is related to the server only/server&gateway option.

I'll keep you posted. If you find something , please let me know!

regards
Paul

[Paul]

Hi there
After running the server for a couple of hours, the port 80 was again unavailable for a couple of minutes (22).
This was a clean installation with no users, no nothing.
I'll be installing RedHat or Mandrake tonight and see if that makes a differance.

regards
Paul

[Ken]

My e-smith 5.5 has quit on port 80 as well.

About a week ago (April 1?)  I had a problem where a windows 2000 computer had trouble getting a IP assigned and so I set a static IP for that computer.

We had been having occasional lockups which I attributed to a GNET DSL unit and on April 9, 2003 I exchanged it for a Dlink DSL unit.  I thought all was well  but found out April 10 th that our  site can not be accessed on port 80.

Network cards are Intel.

Is this problem only with 5.5 ?

I will be putting the GNET DSL unit back in place April 11, 2003 just to see if this fixes the problem but I expect it won't. Then I will try a re-install of of 5.5. Lastly I will try 5.6 unless I hear that everyone having problems has 5.5.

I only use this server http://64.114.103.192 for people to provide uploads to me, would it be much slower using the https:

Thanks, Ken

[Paul]

Hi Ken
I was going to use Redhat 8.0 for tests to test to see if it is really E-Smith or something else, but I'm not done with the setup yet.
I also downloaded SMe v5.6 last night and will try that over the weekend.
I get the feeling though that both 5.5 and 5.6 is playing up.
Paul

[Tim]

Paul,

It looks like this time the problem was with my ISP. They say they don't block any ports, but they had an outage yesterday for 45 minutes and my web site has been accessable since then. I did nothing to restore it. This is an adsl service and I did get this info from them:

One thing about traffic coming in from outside of the network that we see currently is that the ATM switch is designed for outgoing traffic (browser type) and will time out (arp entry) if no outgoing pings, browser requests, etc. are sent approx. every hour. I have had two others with servers that had a similar trouble.
By sending an occasional ping to any outside address the arp is reset and incoming traffic should be routed. Since we really are supporting the browser type traffic at this point, this is the best fix that we offer. It does seem to take care of issues of incoming traffic.

Maybe this will help, don't know, but my server stoppped responding when there was a lot of browser activity.

Tim

[ken]

Solution for my unit.

> I get the feeling though that both 5.5 and 5.6 is playing up.
> Paul

my ISP stated this


>I can do a DNS lookup on you, and I can ping you, but I cannot get these
>web pages either.  Check firewall and HTTP server maybe?

>Modem change should not cause problems.

However I can say absolutely that the modem change was the problem for me as I switched it in and out 2 times today and people can not connect when using the d-link dsl-3001.

When I use GNet DSL external Modem it works on all ports. ie. http and ftp
When I switch to D-Link DSL-3001 external DSL modem it doesn't work on Port 80.

In both instances I can get out but when using the D-Link people can not get in on port 80.


ip is http://64.114.103.192

I will be checking out the faulty Dlink ADSL modem on my home system & perhaps returning it.

Good Luck, Ken Graham