Solved

Unable to access Apache Server from Outside the LAN

Posted on 2012-04-04
16
860 Views
Last Modified: 2012-04-09
We are running Apache 2.2 on Windows Server 2008 R2.
We have developed a php/sql application and it runs just fine when accessed from within the lan (i.e: http://myapp.domain.local)

We are however struggling to make the application accessible from outside the our lan using http://myapp.domain.int

We have allowed port 80 in the Windows and ASA firewall. We have also setup a nat rule. The resource is published to dns. However the application is still not accessible.

We are stumped and no one is really an Apache expert onsite.

The application is stored at C:\Server\www\savsvr000020a.sacu.local\public_html

I am also attaching out httpd confing file for assistance and guidance.

Please help
httpd.txt
0
Comment
Question by:SACUADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +1
16 Comments
 
LVL 29

Expert Comment

by:chilternPC
ID: 37806156
you say you have set up a firewall to allow http through - is that part of the Router? (i.e the box that interfaces to your internet)

  my firewall and router are in the same box so I figure a port forwarding rule to allow port 80 (or whatever post my application uses)  to route  to a particular ip address on my local LAN from the outside world.
0
 
LVL 29

Expert Comment

by:chilternPC
ID: 37806171
also I found if you are testing it by trying to  go out from your LAN and back in to your LAN it won't work - (some kind of loopback protect) try it from a system truely outside your LAN,
0
 

Author Comment

by:SACUADMIN
ID: 37806207
Hi ChiternPC,

The router is not part of the firewall. We are however publishing other websites through it using NAT with no problems. The ISP does not block anything, just gives us a public IP with all ports open.

I am testing strictly from outside our LAN to avoid any loopback issues.

I just feel i am missing something with Apache.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 3

Expert Comment

by:unsatiated
ID: 37806219
From an outside source, can you telnet to port 80 on the external IP address?  Does your apache server have a default gateway set as your firewall?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37806227
Is the app using any other ports?
0
 

Author Comment

by:SACUADMIN
ID: 37806407
Default gateway is set to firewall ip.

Interestingly I cannot telnet to port 80 on the external IP.
So it must be a firewall issue? (ASA 5505)
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37806427
Could you show a (sanitized) config of the ASA?
0
 

Author Comment

by:SACUADMIN
ID: 37806506
banner motd **** Unauthorized Use or Access Prohibited ****
ftp mode passive
clock timezone WAST 1
clock summer-time WADT recurring 1 Sun Sep 2:00 1 Sun Apr 2:00
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 196.44.128.146
 name-server 196.44.136.165
 domain-name sacu.local
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_in extended permit icmp any any time-exceeded
access-list outside_in extended permit icmp any any echo-reply

"....sanitized stuff....."

access-list outside_in extended permit tcp any host 41.205.140.13 eq www
access-list inside_nat0_outbound extended permit ip 10.9.8.0 255.255.255.0 10.9.8.0 255.255.255.0
access-list LOCAL-LAN-VPN standard permit 10.9.8.0 255.255.255.0

".....sanitized stuff..."

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 41.205.140.13 10.9.8.55 netmask 255.255.255.255

"...............santized stuff............."

access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 41.205.140.9 1
---------------------

the server with problems is the "41.205.140.13"
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37806609
Well that should be ok.
You said it was a php/sql app. Are you sure it's only using port 80?

One other thing I found. In the httpd there is a line: ServerName localhost I think that should be: myapp.domain.int localhost:80 as stated on: http://www.ehow.com/how_6049004_do-connections-access-apache-server_.html
0
 

Author Comment

by:SACUADMIN
ID: 37806745
Thanks Erniebeek,

When I add "myapp.domain.int localhost:80" to the httpd file the Apache fails to start.

I earlier opened the ASA firewall for all tcp,upd,ip connections. Even turned off the Windows firewall. No joy... So I don't think it is strictly a port issue
0
 
LVL 3

Expert Comment

by:unsatiated
ID: 37806809
Perhaps adjusting this in apache config:

ServerName localhost

set to

ServerName 10.9.8.55
0
 

Author Comment

by:SACUADMIN
ID: 37806987
No joy either way unsatiated. The Apache server starts but is still only accessible from within the LAN
0
 

Author Comment

by:SACUADMIN
ID: 37807000
When i run a port scanner from within the LAN, port 80 is open on the server.
When I try from outside the lan using yougetsignal.com it is closed. Aaggghhhh.... I need some coffee
0
 

Accepted Solution

by:
SACUADMIN earned 0 total points
ID: 37807196
I resolved it finally.
(a) Added a second ip to the server, with no internal dns but with firewall ip as gateway.
(b) NAT'd the new IP
(c) Changed httpd back to "Listen 80" and "ServerName localhost:80"

All is working just fine website acessible from outside LAN and inside the LAN.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37809887
Glad you figured it out, good job :)
0
 

Author Closing Comment

by:SACUADMIN
ID: 37822737
It is likely that Apache and some other service were clashing at Port 80 therefore a new IP resolved the problem.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question