Unable to access Apache Server from Outside the LAN
We are running Apache 2.2 on Windows Server 2008 R2.
We have developed a php/sql application and it runs just fine when accessed from within the lan (i.e: http://myapp.domain.local)
We are however struggling to make the application accessible from outside the our lan using http://myapp.domain.int
We have allowed port 80 in the Windows and ASA firewall. We have also setup a nat rule. The resource is published to dns. However the application is still not accessible.
We are stumped and no one is really an Apache expert onsite.
The application is stored at C:\Server\www\savsvr000020
I am also attaching out httpd confing file for assistance and guidance.
Please help
httpd.txt
We have developed a php/sql application and it runs just fine when accessed from within the lan (i.e: http://myapp.domain.local)
We are however struggling to make the application accessible from outside the our lan using http://myapp.domain.int
We have allowed port 80 in the Windows and ASA firewall. We have also setup a nat rule. The resource is published to dns. However the application is still not accessible.
We are stumped and no one is really an Apache expert onsite.
The application is stored at C:\Server\www\savsvr000020
I am also attaching out httpd confing file for assistance and guidance.
Please help
httpd.txt
also I found if you are testing it by trying to go out from your LAN and back in to your LAN it won't work - (some kind of loopback protect) try it from a system truely outside your LAN,
ASKER
Hi ChiternPC,
The router is not part of the firewall. We are however publishing other websites through it using NAT with no problems. The ISP does not block anything, just gives us a public IP with all ports open.
I am testing strictly from outside our LAN to avoid any loopback issues.
I just feel i am missing something with Apache.
The router is not part of the firewall. We are however publishing other websites through it using NAT with no problems. The ISP does not block anything, just gives us a public IP with all ports open.
I am testing strictly from outside our LAN to avoid any loopback issues.
I just feel i am missing something with Apache.
From an outside source, can you telnet to port 80 on the external IP address? Does your apache server have a default gateway set as your firewall?
Is the app using any other ports?
ASKER
Default gateway is set to firewall ip.
Interestingly I cannot telnet to port 80 on the external IP.
So it must be a firewall issue? (ASA 5505)
Interestingly I cannot telnet to port 80 on the external IP.
So it must be a firewall issue? (ASA 5505)
Could you show a (sanitized) config of the ASA?
ASKER
banner motd **** Unauthorized Use or Access Prohibited ****
ftp mode passive
clock timezone WAST 1
clock summer-time WADT recurring 1 Sun Sep 2:00 1 Sun Apr 2:00
dns domain-lookup outside
dns server-group DefaultDNS
name-server 196.44.128.146
name-server 196.44.136.165
domain-name sacu.local
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_in extended permit icmp any any time-exceeded
access-list outside_in extended permit icmp any any echo-reply
"....sanitized stuff....."
access-list outside_in extended permit tcp any host 41.205.140.13 eq www
access-list inside_nat0_outbound extended permit ip 10.9.8.0 255.255.255.0 10.9.8.0 255.255.255.0
access-list LOCAL-LAN-VPN standard permit 10.9.8.0 255.255.255.0
".....sanitized stuff..."
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 41.205.140.13 10.9.8.55 netmask 255.255.255.255
"...............santized stuff............."
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 41.205.140.9 1
---------------------
the server with problems is the "41.205.140.13"
ftp mode passive
clock timezone WAST 1
clock summer-time WADT recurring 1 Sun Sep 2:00 1 Sun Apr 2:00
dns domain-lookup outside
dns server-group DefaultDNS
name-server 196.44.128.146
name-server 196.44.136.165
domain-name sacu.local
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_in extended permit icmp any any time-exceeded
access-list outside_in extended permit icmp any any echo-reply
"....sanitized stuff....."
access-list outside_in extended permit tcp any host 41.205.140.13 eq www
access-list inside_nat0_outbound extended permit ip 10.9.8.0 255.255.255.0 10.9.8.0 255.255.255.0
access-list LOCAL-LAN-VPN standard permit 10.9.8.0 255.255.255.0
".....sanitized stuff..."
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 41.205.140.13 10.9.8.55 netmask 255.255.255.255
"...............santized stuff............."
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 41.205.140.9 1
---------------------
the server with problems is the "41.205.140.13"
Well that should be ok.
You said it was a php/sql app. Are you sure it's only using port 80?
One other thing I found. In the httpd there is a line: ServerName localhost I think that should be: myapp.domain.int localhost:80 as stated on: http://www.ehow.com/how_6049004_do-connections-access-apache-server_.html
You said it was a php/sql app. Are you sure it's only using port 80?
One other thing I found. In the httpd there is a line: ServerName localhost I think that should be: myapp.domain.int localhost:80 as stated on: http://www.ehow.com/how_6049004_do-connections-access-apache-server_.html
ASKER
Thanks Erniebeek,
When I add "myapp.domain.int localhost:80" to the httpd file the Apache fails to start.
I earlier opened the ASA firewall for all tcp,upd,ip connections. Even turned off the Windows firewall. No joy... So I don't think it is strictly a port issue
When I add "myapp.domain.int localhost:80" to the httpd file the Apache fails to start.
I earlier opened the ASA firewall for all tcp,upd,ip connections. Even turned off the Windows firewall. No joy... So I don't think it is strictly a port issue
Perhaps adjusting this in apache config:
ServerName localhost
set to
ServerName 10.9.8.55
ServerName localhost
set to
ServerName 10.9.8.55
ASKER
No joy either way unsatiated. The Apache server starts but is still only accessible from within the LAN
ASKER
When i run a port scanner from within the LAN, port 80 is open on the server.
When I try from outside the lan using yougetsignal.com it is closed. Aaggghhhh.... I need some coffee
When I try from outside the lan using yougetsignal.com it is closed. Aaggghhhh.... I need some coffee
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you figured it out, good job :)
ASKER
It is likely that Apache and some other service were clashing at Port 80 therefore a new IP resolved the problem.
my firewall and router are in the same box so I figure a port forwarding rule to allow port 80 (or whatever post my application uses) to route to a particular ip address on my local LAN from the outside world.