Hello all,
I just setup an Apache server and I use dyndns.org for DNS to my "Custom DNS" domain name. I have a linksys router and I opened port 80 to forward all traffic to the webserver. When I open a browser to http://www.mydomain.com from ANY computer on my LAN I can see the site, however, when I use a computer on the outside, I cannot see the site (times out). Any idesas on why this would happen, is it a DNS problem, or a Apache config problem?

thanks in advance

Have you tried putting your w-server in the DMZ?

i think that because the firewall's problem.

Ok you ask if its a DNS problem, in oder to see if it is or not you need to ping the domain. Pind the domain you set up with dyndns.org and see if it resoulves to your IP address. If i does then its not a DNS issue.

Another problem that might be the case is your ISP may block ports and not allow connections ont hem. popular service ports such as 80(httpd traffic) 110(pop3 mail) 25(smtp mail server) 22(sshd service) and others as well.

One way to see if this is the issue is posibly forward another port from your firewall to port 80 on your linux box. Say 8080 and forward it to port 80 on your web server. Then to access the site you would just type in a browser foo.com:8080 and if you can access it then your ISP blocks traffic on port 80 and I would bet on other popular service ports as well.

In the case you can not still access the server it could be that you have misconfigurd your router. It could all so be that you need to open a port on your linux box on your firewall.

Hope this helps you fix the problem.



Later
NZ

I totally agree with NegativeZERO, it sounds like something (either a firewall or your ISP) is blocking port 80. But, when I had this problem I switched to port 8080, and it still didn't work. My ISP was being paranoid, and blocked 8080 also. You may just want to choose a random number.

thanks for all your help, I will try these solutions and let you know what happens.

so far I pinged the domain and it seems like it resoloves ok, gonna try opening everythin up and see what happens, I really hope my ISP aren't a bunch of paranoid losers :) ....

ok, well I pinged like I said, except all the requests time out (?!?), but it does seem to resolve ok. I also moved the machine into the DMZ of the router, so all of its ports should be open.. Could it be the firewall on the linux box itself, I thought I had said for it to allow incoming http requests, does it block ping requests by default?

Can you post whats in your rc.firewall script? Se I can see if its allowing connectons to port 80 or what ever random port you selected. All so most default firewall dont block ICMP packets I dont bleave. I may be incorrect on that one though.

If you know how to edit iptable go ahead and put this string in your rc.firewall with the other INPUT rules

$IPTABLES -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT

This is all so assuming your ethernet device is eth0, if its eth1 or diffrent change it to the correct device setting.

If this fixes it, you had a firewall problem all along. If not you need to double check your router settings and make sure your ISP does not block port 80.



Later
NZ

hmmmmm, I think I found out that the problem is my firewall on the linux box is set to "high". Curiously, though, when I use the GUI to go to change this to medium or no firewall, the settings don't "stick". In other words, when I go back to the security tab, it is still set on high.
Any ideas on how to REALLY change these?
NZ, could you provide a bit more info on how to set manually via terminal (sorry, I'm still a newbie here, i hate using the GUI but I occasionally fall back on it when I can't go through shell).

thanks

P.S. I tried running the IPCHAINS command you mentioned manually, but I get "command not found". I also tried this using ipchains with the same result.

van, i'm almost positive that it is your router that is preventing your site from being seen. even though you have enabled http port forwarding to your server, you may have to telnet into your router and adjust the filters to forward http. some routers do not give you all of the configuration options in the gui session so it's best to get accustomed to doing router maintenance via telnet. check your router's manufacturer website for FAQs on running a server behind the router using NAT

I think its probably the ISP. I know verizon and many others block port 80 (bastids). They used code red and nimbda to try to make folks pay them to host.

I think its probably the ISP. I know verizon and many others block port 80 (bastids). They used code red and nimbda to try to make folks pay them to host.

Busa_blade,
That is an odd comment. I have been using Verizon DSL for over 2 years (since Feb. 2001) and have always been able to serve off of port 80.

YMMV - maybe because I am in the fGTE region and you are in the fBA region.

I just thought I would let the posters here know this, because if you are in a fGTE area you should be fine (I have friends that are on Verizon DSL as well and we all can serve off any port).

-Wraven