External access to home web server

I have set up a web server on my linux machine at home, which works
fine when using http://localhost but not when i try and access it from
the outside world.

My machine is behind a conexant router, which forwards port 80
(externally) to port 80 on the internal IP address of the linux box.

Also, I have disabled the WAN side web interface of the router and
changed the port of the web interface to 8080, so that web requests
don't get directed to the router.

Here is what I receive when trying to telnet to the web server from
outside:-

sbarnett@sf01267w:10$ telnet <external ip> 80
Trying <external ip>...
telnet: Unable to connect to remote host: Connection refused

And a port scan on my IP address says that port 80 is blocked
(stealthed) - so it looks like the port forwarding isn't working to me,
but I've no idea why...I have port 22 forwarded (for ssh) which works
fine.

Anyone got any ideas?

On 2005-08-15, (E-Mail Removed) <(E-Mail Removed)> wrote:
> I have set up a web server on my linux machine at home, which works
> fine when using http://localhost but not when i try and access it from
> the outside world.
>
> My machine is behind a conexant router, which forwards port 80
> (externally) to port 80 on the internal IP address of the linux box.
>
> Also, I have disabled the WAN side web interface of the router and
> changed the port of the web interface to 8080, so that web requests
> don't get directed to the router.
>
> Here is what I receive when trying to telnet to the web server from
> outside:-
>
> sbarnett@sf01267w:10$ telnet <external ip> 80
> Trying <external ip>...
> telnet: Unable to connect to remote host: Connection refused
>
> And a port scan on my IP address says that port 80 is blocked
> (stealthed) - so it looks like the port forwarding isn't working to me,
> but I've no idea why...I have port 22 forwarded (for ssh) which works
> fine.
>
> Anyone got any ideas?

Hi,

maybe you already checked but did you check if you have a firewall on your
machine and if it blocks port 80?

Matteo

No firewall on my machine - just firewalling via the router.

(E-Mail Removed) wrote:
> sbarnett@sf01267w:10$ telnet <external ip> 80
> Trying <external ip>...
> telnet: Unable to connect to remote host: Connection refused
>
> And a port scan on my IP address says that port 80 is blocked
> (stealthed) - so it looks like the port forwarding isn't working to me,
> but I've no idea why...I have port 22 forwarded (for ssh) which works
> fine.

Have you tried using tcpdump or ethereal to verify that the connection
request is reaching your machine?

Paul

Just to add some more info on this - I know for definite that my ISP
doesn't block traffic on port 80.

Also, after playing around a bit, I have discovered that I can
successfully forward any external port to any other internal port APART
FROM PORT 80!!

But it doesn't matter which port I try and forward to port 80
internally, it refuses to connect.

OK, this is what I get from tcpdump (first time I've used this, so a
bit of a novice here) when I try and telnet from my office to port 80
at home ....

12:36:20.323279 firestar.micromuse.com.12024 > 10.0.0.11.http: S
1752602682:1752602682(0) win 24820 <nop,nop,sackOK,mss 1440> (DF) [tos
0x80]

And when I try and connect to it using my browser, I get loads of very
similar lines before it fails to connect.

Does this make any sense to you?

(E-Mail Removed) wrote:

> And a port scan on my IP address says that port 80 is blocked
> (stealthed) - so it looks like the port forwarding isn't working to me,
> but I've no idea why...I have port 22 forwarded (for ssh) which works
> fine.

Perhaps port 80 is blocked by the ISP? If so, use a different port.
Have you run ethereal or tcpdump on your computer, to see if the requests
are even reaching that computer? Without further info, it's hard to tell
what the problem is.

(E-Mail Removed) wrote:

> OK, this is what I get from tcpdump (first time I've used this, so a
> bit of a novice here) when I try and telnet from my office to port 80
> at home ....
>
> 12:36:20.323279 firestar.micromuse.com.12024 > 10.0.0.11.http: S
> 1752602682:1752602682(0) win 24820 <nop,nop,sackOK,mss 1440> (DF) [tos
> 0x80]
>
> And when I try and connect to it using my browser, I get loads of very
> similar lines before it fails to connect.
>
> Does this make any sense to you?

Where are you running tcpdump? You need to run it on the target system, to
see what's happening there.

Yes, I realised that - this tcpdump was indeed run on my home machine,
whilst trying to telnet to it from the office (I'm ssh'ed into home
from work).

James Knott wrote:
> (E-Mail Removed) wrote:
>
> > OK, this is what I get from tcpdump (first time I've used this, so a
> > bit of a novice here) when I try and telnet from my office to port 80
> > at home ....
> >
> > 12:36:20.323279 firestar.micromuse.com.12024 > 10.0.0.11.http: S
> > 1752602682:1752602682(0) win 24820 <nop,nop,sackOK,mss 1440> (DF) [tos
> > 0x80]
> >
> > And when I try and connect to it using my browser, I get loads of very
> > similar lines before it fails to connect.
> >
> > Does this make any sense to you?
>
> Where are you running tcpdump? You need to run it on the target system, to
> see what's happening there.

(E-Mail Removed) wrote:
> Yes, I realised that - this tcpdump was indeed run on my home machine,
> whilst trying to telnet to it from the office (I'm ssh'ed into home
> from work).

What you should get after it is a second line, starting with something like:
10.0.0.11.http > firestar.micromuse.com.12024

Are you sure you don't have a firewall?

Paul