Topic: webserver only responds to internal requests

[Jan]

Hello,

I posted my question previously but doing so didn't solve the problem I'm having. I have SME 5.6u4 running as a server&gateway. Mail and FTP work fine from the internal and external (internet) side. Webservices only work from the internal Lan and NOT from the external (internet) side.

I know for sure port 80 is NOT blocked by anything but the firewall of the SME. When I use the port opening utillity I do get a response when scanning it that is it shows as closed not blocked as before.

I tried a switch between the external nic and the modem and scanned my SME
with another PC, I can not find any open port 80 or 443, I can find 21 and 25 open and running services. Somehow the server just refuses to serve webservices on the internet and I haven't got a clue what causes it.

Please, if anyone can talk me through some checks to see what it could be I would really appreciate it.

Regards,

Jan

[Michael Soulier]

Jan wrote:
>
> I know for sure port 80 is NOT blocked by anything but the
> firewall of the SME. When I use the port opening utillity I
> do get a response when scanning it that is it shows as closed
> not blocked as before.
>
> I tried a switch between the external nic and the modem and
> scanned my SME
> with another PC, I can not find any open port 80 or 443, I
> can find 21 and 25 open and running services. Somehow the
> server just refuses to serve webservices on the internet and
> I haven't got a clue what causes it.

You shouldn't need a port-opening utility.

Post the results of the following:

/sbin/e-smith/config show httpd-admin

/sbin/e-smith/config show httpd-e-smith

ps -ef | grep httpd

netstat -a | grep http

Mike

[Jan]

Hi Mike,

Thanks for your respons. So here is what I get:

/sbin/e-smith/config show httpd-admin

httpd-admin=service
    status=enabled

/sbin/e-smith/config show httpd-e-smith

httpd-e-smith=service
    access=private
    status=enabled

ps -ef | grep httpd

root     14897     1  0 Jun07 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
root     17036     1  0 Jun07 ?        00:00:00 httpd
admin     7232 14897  0 Jun08 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
www       7234 17036  0 Jun08 ?        00:00:00 httpd
www       7235 17036  0 Jun08 ?        00:00:00 httpd
www       7236 17036  0 Jun08 ?        00:00:00 httpd
www       7237 17036  0 Jun08 ?        00:00:00 httpd
www       7238 17036  0 Jun08 ?        00:00:00 httpd
www       7239 17036  0 Jun08 ?        00:00:00 httpd
www       7240 17036  0 Jun08 ?        00:00:00 httpd
www       7241 17036  0 Jun08 ?        00:00:00 httpd
www       7242 17036  0 Jun08 ?        00:00:00 httpd
www       7243 17036  0 Jun08 ?        00:00:00 httpd
admin    14153 14897  0 18:06 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
www      14159 17036  0 18:06 ?        00:00:00 httpd
admin    14161 14897  0 18:06 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
www      14164 17036  0 18:06 ?        00:00:00 httpd
admin    14165 14897  0 18:06 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
www      14168 17036  0 18:06 ?        00:00:00 httpd
admin    14169 14897  0 18:06 ?        00:00:00 /usr/sbin/httpd-admin -f /etc/ht
www      14172 17036  0 18:06 ?        00:00:00 httpd
root     16677 16595  0 20:43 pts/0    00:00:00 grep httpd

netstat -a | grep http

tcp        0      0 localhost:http-admin    *:*                     LISTEN
tcp        0      0 server.bh24.:http-admin *:*                     LISTEN
tcp        0      0 localhost:https-admin   *:*                     LISTEN
tcp        0      0 server.bh24:https-admin *:*                     LISTEN
tcp        0      0 server.bh24.net:https   *:*                     LISTEN
tcp        0      0 localhost:https         *:*                     LISTEN

Hope you can tell me whats wrong here.

Regards,

Jan

[Michael Soulier]

Jan wrote:
>
> /sbin/e-smith/config show httpd-e-smith
>
> httpd-e-smith=service
>     access=private
>     status=enabled

Try the following.

/sbin/e-smith/config setprop httpd-e-smith access public
/sbin/e-smith/signal-event remoteaccess-update

Cheers,
Mike

[Jan]

Hello Mike,

Its amazing! Well almost when I issue the command
/sbin/e-smith/config show httpd-e-smith
I get:
    access=public
    status=enabled

So the httpd seems to be set right this time. When I scan the external IP I get port 80 and 443 closed. So I opened both these ports. I tried our external IP just now and it just works!

I don't know what just happened and more to the point what went wrong in the first place but it seems to work perfectly now. Mike Thanks!! It truly is amazing.

Regards,

Jan

[Michael Soulier]

Jan wrote:
>
> So the httpd seems to be set right this time. When I scan the
> external IP I get port 80 and 443 closed. So I opened both
> these ports. I tried our external IP just now and it just
> works!

That should not have been required. I really don't know what the port-opening contrib does, but if it was not installed at all, everything should "just work".  If it works the way I think it does, you should be able to remove your rules for opening those ports, and just try a web browser. It should work, out of the box, with no contribs required.  So, either your scanner is lying, or the contrib was poorly written and is conflicting with our code. I am certainly not using any such contrib on my 5.6 box at home.

Cheers,
Mike

[Jan]

Mike,

You're absolutely right that scanner is ...... shall we say of lesser than usual quality it seems? I used http://scan.sygate.com and it gave me differing results almost everytime. I removed the rules and hooked up 'ye olde modem' and checked my own website. It worked slow but perfectly.

It may well remain a mistery how this disfunctioning all came to pass. I am just very happy and jumping with joy because I get to keep e-smith as our studentent home house server after all! They had threatened me with installing M$ 2000 or 2003! .... Cruel and unusual punishment in my opinion but the site had been off the air for almost a week.

Thanks again Mike!

Regards,

Jan