Apache config help requested

Message

slackline · Post by **slackline** » Tue Oct 06, 2009 9:31 am

Hi,

Just finishing off setting up a server, and am having trouble getting Apache to recognise the domain name I've been assigned (statsmail.trehtcancer.nhs.uk).

Initially I was getting the following errors in the logs...

Code: Select all

[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received.  Doing graceful restart
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for 
ServerName

So I added 'ServerName statsmail.trentcancer.nhs.uk' to /etc/apache2/httpd.conf and also /etc/apache2/apache2.conf, and restarted the server and the error message has gone...

Code: Select all

[Tue Oct 06 08:26:38 2009] [notice] SIGUSR1 received.  Doing graceful restart
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for 
ServerName
[Tue Oct 06 08:26:38 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations
[Tue Oct 06 09:27:55 2009] [notice] caught SIGTERM, shutting down
[Tue Oct 06 09:27:55 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations
[Tue Oct 06 10:06:02 2009] [notice] caught SIGTERM, shutting down
[Tue Oct 06 10:06:03 2009] [notice] Apache/2.2.11 (Ubuntu) configured -- resuming normal operations

But I connections just time out now when I point the browser at the address, despite the fact I can see it on localhost *i.e. 127.0.1.1).

I think I'm missing something in the configuration though because it Apache doesn't appear to be listening on the Foreign Address as netstat shows...

Code: Select all

root@miles:/etc/apache2# netstat  netstat -a -tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:www                   *:*                     LISTEN      3368/apache2    
tcp        0      0 localhost:ipp           *:*                     LISTEN      3556/cupsd      
tcp        0      0 *:smtp                  *:*                     LISTEN      29230/master    
tcp        0      1 miles.local:45380       statsmail.trentcanc:www SYN_SENT    28248/firefox   
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      2160/sshd

Any pointers on where I might have gone wrong would be appreciated (can post config files if required). Feels like I'm so close, but not quite there!

Cheers

slack

Anarcho · Post by **Anarcho** » Tue Oct 06, 2009 11:17 am

Any firewall/packet filter running?

Please provide the output of

iptables -L -v

slackline · Post by **slackline** » Tue Oct 06, 2009 12:56 pm

Anarcho wrote:Any firewall/packet filter running?

Please provide the output of

iptables -L -v

Nope, no firewalls on the local machine the install is on...

Code: Select all

root@miles:/etc/apache2# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

But this computer has been placed in a DMZ, and strangely the IP address that ifconfig reports is not the same as that which www.whatismyipaddress.com reports and I've been told the computer is configured as...

Code: Select all

root@miles:/etc/apache2# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:14:22:b0:9e:c7  
          inet addr:192.168.2.22  Bcast:192.168.7.255  Mask:255.255.248.0
          inet6 addr: fe80::214:22ff:feb0:9ec7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1500493 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93528 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:284352007 (284.3 MB)  TX bytes:9113800 (9.1 MB)

I've been told the computers been setup with DNS as statsmail.trentcancer.nhs.uk and nslookup reports a different IP associated with this address (its reporting the same as www.whatismyipaddress.com)

Code: Select all

root@miles:/etc/apache2# nslookup statsmail.trentcancer.nhs.uk
Server:		194.72.7.142
Address:	194.72.7.142#53

Non-authoritative answer:
Name:	statsmail.trentcancer.nhs.uk
Address: 10.211.48.240

The DNS administrator here at the place I work has told me that port 80 isn't blocked at all (nor is 25), although given he doesn't appear to have read 80% of each of the emails I've sent him I get the impression he's not too up to speed on what I'm trying to do or how to set it up properly at his end.

I should also add that I've got the following in /etc/hosts (and have restarted apache after all changes, but no dice)...

Code: Select all

10.211.48.240   statsmail.trentcancer.nhs.uk

Cheers,

slack

elgato319 · Post by **elgato319** » Tue Oct 06, 2009 1:35 pm

Is the server reachable from the outside or only in your internal network?

If it's only internal:
can you ping statsmail.trehtcancer.nhs.uk from your local pc?

do you get any response if you "telnet statsmail.trehtcancer.nhs.uk 80"?
any response if you telnet the ip directly?

slackline · Post by **slackline** » Tue Oct 06, 2009 1:41 pm

It should only be reachable from the internal network. I can neither ping nor telnet to 10.211.48.240.

I can however access web-pages on loopback and at 192.168.2.22 on the server itself, so does this mean that its an issue with port-forwarding between 10.211.48.240 and 192.168.2.22?

Things are getting closer to being sorted (or at least understood by me!).

Cheers,

slack

Anarcho · Post by **Anarcho** » Tue Oct 06, 2009 5:18 pm

It seems like it is either a problem with port forwarding or a routing problem. Maybe you could try with tcpdump on that machine whether the incoming packets even arrive and just the outgoing packets can't find a way out or if the incoming packets doesn't even arrive at your machine.

You could also give the output of "route -n"

slackline · Post by **slackline** » Wed Oct 07, 2009 3:13 pm

Right, cheers for the pointers guys.

There is another set of firewalls in place that I was completely unaware of and it does appear as though port-forwarding isn't established correctly.

I've taken the computer out of the DMZ, put it on the local intranet and can access web-pages fine.

The output from tcpdump -n is exceptionally verbose so I'm not going to post it.

Apparently the people in charge of this extra firewall are "looking into the problem" (i.e. someones not in work today and I have to wait until they are back tomorrow before it can be fixed!).

Cheers for the help/pointers, kind of glad to know that its not anything I did!

slack