Apache runs on :8080 but times out when changed to :80

This one has stumped me for about a week now.  I have apache 2 running on a CenOS 5 box.  I configured the httpd.conf file to use virtual hosts and configured the port to be 8080 for testing.  Now the server is ready to go live and I cannot get apache to respond on port 80.  I have the correct firewall rules, I even flushed iptables to be sure.  I change everything related to port 8080 to 80 in the conf file, restarted the service and simply get a network timeout error.  If I do a netstat i do see httpd listening on port 80.  I do not have anything else running on port 80.
LVL 3
thecureisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TintinCommented:
From the command line, what happens when you do

telnet <ip address> 80
0
mrjoltcolaCommented:
Can you connect from localhost?

telnet localhost 80

If so, then try telnet to the primary IP 80

Still sounds like firewall, if you get timeouts. Check the logs under apache/logs and see if there is anything interesting.

I would try disabling firewall altogether for a sanity check.


0
TintinCommented:
Also, do you see anything in /var/log/apache/error_log (note that the path to the logs will vary depending on your Apache setup and Linux distro)
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Kerem ERSOYPresidentCommented:
Hi,

Will you post your

netstat -anpt | grep ":80 " 

output here ?

Cheers,
K.

0
thecureisAuthor Commented:
ok so i can telnet from localhost to 80 and when i type ehlo i get the apache 2 test page.  If I try to telnet from my computer i get nothing.

KeremE - Below is my output, note the 172.30.0.101 is my client
netstat -anpt | grep :80
tcp        0      0 10.198.0.7:80               172.30.0.101:1581           SYN_RECV    -
tcp        0      0 :::80                       :::*                        LISTEN      32088/httpd

Open in new window

0
thecureisAuthor Commented:
i have also stopped iptables
service iptables stop

And i still cannot telnet from my computer to port 80.

I have checked the error_log and see nothing
0
Kerem ERSOYPresidentCommented:
Hi,

The line :
tcp        0      0 10.198.0.7:80               172.30.0.101:1581           SYN_RECV    -

Shows that the connection has been closed using a SYN. This would generally happen when there's an HTTP blocker in between. Are you sure that there's no web blocker type of stuff ??

Since you have your IPTables F/W disabled and you can telnet to localhost 80 it seems that something is blocking your connection or there's a communication issue on one of your ends.

Are you sure that your PC does not block web access because of some client such as Norton NAC etc.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thecureisAuthor Commented:
Well I do not have anything such as Norton or McAfee installed and the connection is refused regardless of the client.  Is there anything on the linux box that could be blocking port 80? the only things running on this box are mysql and proftp
0
mrjoltcolaCommented:
What does your Listen line show in httpd.conf?

Are you saying the connection times out or is immediately refused? There is a difference.
0
Kerem ERSOYPresidentCommented:
In fact it does not seem  that the connection is not working. it seems that youe apache is serving the page but something is blocking the page.

Web PAge blockers like WebSense will send a syn like that.

Will you please post your httpd.conf here ?
0
Kerem ERSOYPresidentCommented:
I'll be happy too see your apache log too (at least the last 5-10 lines)
0
Kerem ERSOYPresidentCommented:
Normally you'll get something like this:

netstat -anpt | grep ":80 "
tcp        0      0 :::80                       :::*                        LISTEN      3878/httpd          
tcp        0      0 ::ffff:10.0.0.1:80          ::ffff:10.0.0.100:1668      TIME_WAIT   -

the time_wait indicated that the page was transferred successfully and the client (web browser) has closed the connection.

While in your case we see that there is a syn. If you' httpd was npt listening to 80 in the beginning we would not be seeing a line  like that:

tcp        0      0 10.198.0.7:80               172.30.0.101:1581           SYN_RECV    -

at all.
0
thecureisAuthor Commented:
The connection times out after about 15 seconds and firefox says network timeout.

I have attached my apache conf
httpd.conf.txt
0
thecureisAuthor Commented:
I also believe that something is interrupting the connection but I am unsure of what.  I am not running a personal software firewall, only hardware firewall which both the linux server and I sit behind.
0
Kerem ERSOYPresidentCommented:
Your config seems ok but I did not understand how do you expect the client could return site1 or site2 but in this case you need to get default apache page.. But it is obvious that something is closing the conection..

Please check your network for this type of software.
0
thecureisAuthor Commented:
site1 and site2 are returned based on the url passed to the server, this works fine with the listening port set to 8080, just not 80.  Since the server is receiving the request then closing it, I doubt that anything on the network would cause this.  It seems to be something on the linux box itself.
0
Kerem ERSOYPresidentCommented:
I mean if you have set-up yor hosts file in your client system. If the request could reach the system then obviously VirtualHost logic will decode it and send it to the right virtual host.

If an application is listening to a port then it is the only application to listen that pot. The only exception is the use of a promiscuuous listening software such as snort. Do you run something like snort on the box ??

Will you post the output of

ps -aef

and

netstat -anpt
0
nabeelmoiduCommented:
I'd suggest you do a  wireshark network dump and use the "Follow TCP stream"
http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowTCPSection.html option so that you get an exact idea where the problem lies.
0
thecureisAuthor Commented:
KeremE - I am not running snort on this machine, its just a basic out of the box CentOS install.  I have done a netstat -anpt and I see everything listening and found port 80
  tcp        0      0 :::80                       :::*                        LISTEN      2868/httpd  

nabeelmoidu - I ran wireshark, attempting to connect via a web browser and filtered the results by dest ip.  I see 3 packets


They all read the same
SRC        DEST                    Protocol            Info
MY IP      Linux Server            TCP                 quaddb > HTTP [SYN] SEQ=0 WIN=65535 LEN=0 MSS=146

Open in new window

0
Kerem ERSOYPresidentCommented:
This is the problem here.  Communication with a web server nd web browser does not end with SYN.  IT generally ends with a disconnect by the client. SYN packets are generally issued by policy enforcing servers such as web-blockers, IPS systems etc.

Can you disconnect the Ethernet port of your server and connect it to a separate switch and then connect another workstation to the same switch and retry if you can access the web server ?

Don't forget that your WS IP address must be in the same subnet as your webserver. So if IP's are manually assigned to your workstations then you might need to set it manually.
0
nabeelmoiduCommented:
Ok, so that means your SYN connection attempt does not get any reply. If you run tcpdump or wireshark on the server at teh same time, for eg.
tcpdump src host your-pc
and check if the SYN reaches the server, we can proceed further
0
Kerem ERSOYPresidentCommented:
But your WireShark output shows that your HTTP Client sends SYN. I still insist that there's some web blocking logic in between ad cloding hhte connection.  Please do as I told and disconnect your server from your intranet and try with a siwtch and a workstation or a notebook.
0
thecureisAuthor Commented:
KaremeE - This is on a VMWare machine plugged into a plain old switch, not L2.  Do you think it has something to do with VMWare ESXI?

What I do not understand is that I do not see a  ACK coming back from the server, do you think that is what's being blocked?
0
thecureisAuthor Commented:
Ok, breakthrough, i can now access the server locally on port 80, just not from the web.  I have an A record pointing to our router and the rules are all in place but external does not work.  I am also testing on a VPN from my house and it just times out.  So I am not thinking it to be a firewall rule in our cisco.  Will check that out and post back.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.