Apache 2.2 on Debian (through NAT) not working :(

Serberus · 11 Nov 2006 at 16:30

I installed Debian about a month ago and have had issues with Apache 2.2. I have redirected port 80 traffic to my Debian box but have had little success.

Checking logs I have no error msgs.

Code:

# /usr/local/apache2/bin/apachectl start
# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
[B][COLOR=Lime]tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN[/COLOR][/B]
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
udp        0      0 192.168.0.5:137         0.0.0.0:*
udp        0      0 0.0.0.0:137             0.0.0.0:*
udp        0      0 192.168.0.5:138         0.0.0.0:*
udp        0      0 0.0.0.0:138             0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
# cat /usr/local/apache2/logs/error_log
[Sat Nov 11 14:44:27 2006] [notice] Apache/2.2.3 (Unix) PHP/5.2.0 configured -- resuming normal operations

httpd.conf:

Listen 80
ServerName dev.serberus.net:80
DocumentRoot "/www/dev/serberus.net/htdocs"
Include conf/extra/httpd-vhosts.conf

httpd-vhosts.conf:

NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin webmaster at dev dot serberus dot net (anti spam, not in conf)
DocumentRoot /www/dev/serberus.net/htdocs
ServerName dev.serberus.net
ErrorLog logs/dev.serberus.net-error_log
CustomLog logs/dev.serberus.net-access_log common
</VirtualHost>

Code:

# /usr/local/apache2/bin/apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server dev.serberus.net (/usr/local/apache2/conf/extra/httpd-vhosts.conf:27)
         port 80 namevhost dev.serberus.net (/usr/local/apache2/conf/extra/httpd-vhosts.conf:27)
Syntax OK
# ifconfig
eth0      Link encap:Ethernet  HWaddr xxxx
          inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2243 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1768 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:222865 (217.6 KiB)  TX bytes:231359 (225.9 KiB)
          Interrupt:11 Base address:0x9000
# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# cat /etc/hosts
127.0.0.1       localhost.localdomain   localhost
192.168.0.5     loonix.dev.serberus.net loonix

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
# ping dev.serberus.net
PING dev.serberus.net (87.74.82.162) 56(84) bytes of data.
64 bytes from host-87-74-82-162.bulldogdsl.com (87.74.82.162): icmp_seq=1 ttl=250 time=16.7 ms
64 bytes from host-87-74-82-162.bulldogdsl.com (87.74.82.162): icmp_seq=2 ttl=250 time=15.8 ms
64 bytes from host-87-74-82-162.bulldogdsl.com (87.74.82.162): icmp_seq=3 ttl=250 time=16.9 ms

That's high latency for a local machine?

Any ideas? I'm stumped

Just re-read this post and it's not clear what the issue is - dev.serberus.net is not accessible, Apache doesn't appear to be serving anything...

Serberus · 11 Nov 2006 at 18:47

Looks like my router, although I'm lost as to what i've mis-configured :S

If I put 192.168.0.5 in my Windows hosts file I can access Apache fine.

Mr. Brightside · 11 Nov 2006 at 18:53

NAT Loopback, or lack of/bad implementation sounds like the cause. What router are you using?

Hope this helps, null

Serberus · 13 Nov 2006 at 07:59

Netgear DG834.

I get access logs mailed to me each morning, some people have managed to access port 80 (exploit trawlers). Odd.

Mr. Brightside · 13 Nov 2006 at 17:17

I'm thinking this thread might be better off moved to the NIC forum?

Anyways, if the domain in question is serberus.net then I can access it fine, no slowness etc. This is to be expected; NAT loopback will only effect PCs behind the same router as the server you are trying to connect. Complete lack of NAT loopback, if I understand correctly, will result in the server being inaccesible (from the LAN - as I said, WAN can still access it fine).

A Google for 'dg834 loopback' yields this single page: http://forums.whirlpool.net.au/forum-replies-archive.cfm/351308.html

If what is said there is true, the DG834 simply doesn't support NAT loopback. As for the ping times, this can be explained because the lack of loopback support means the ping request is actually bounced all the way to Bulldog and back.

As for work arounds to the problem, you could either just access the server via its LAN IP, edit the DNS entries on your router if it does DNS at all, or add a mapping for your servers LAN IP in your hosts file.

Hope this helps, null