Excellence in creative mediocrity
actions » SearchLogin 39 articles • 20 Aug 2008
Navigation
Categories
Older articles
Links

Article with comments

Saturday, 12 Nov 2005

permalink Firewall follies

admin

This blog was unavailable for a couple of days after I moved it back to the main webserver from my backup webserver. After wandering down several dead-end paths, I finally determined the issue was with my webserver's internal firewall. As always with this stuff, the answer seems so obvious in retrospect.

It seemed surprising to me that my blog's server would not respond to browser requests after I moved the files from the backup server machine to the main server machine. I didn't change any config details, so why couldn't I get through? I checked my router's firewall, and yes, the port forwarding for port 9080 had been updated to reflect the new location.

I posted a question on this topic on the snakelets-webapps mailing list on Sourceforge, and the response was a suggestion that my hosts file was screwed up. I discovered that yes, indeed, it was slightly screwed up, but that wouldn't have prevented the access (it did solve a lingering e-mail problem I'd been having, though :-) ).

It seemed strange that I could access the blog from the server itself, but not from any other PC. I rechecked my router firewall settings several more times. Could it be that they weren't being taken into consideration?

After several other fruitless avenues of investigation, I hit on the idea of shutting my apache webserver on port 80, and running this Frog blog on that port. Immediate access! Same result if I tried it on port 8080, which my calgarybikeroots.org site had been using. But no access on port 9080, or port 8000, or 8181, or any of a number of others that I tried. It almost seemed as though there were a second firewall in the way.

I went through my process list with 'ps aux | grep shorewall' looking to see if I had shorewall running. Nothing there. Then it occurred to me to use webmin, a web-based config tool for sys admins. I immediately saw that my iptables config allowed TCP traffic on ports 80 and 8080, but no others. Aha! After this, it was a quick fix to add Frog's port 9080, and we are back in business.

• Wrote midtoad at 03:04 | read 23× | Add comment

Comments (0)

No comments for this article yet.

Write a comment

Your name  
E-mail   (only visible for blog owner)
Homepage
How much is 6−1?   (protection against spam-bots)
Text:

[b] [i] [u] [tt] [center] [code] [quote] [url] [url=] [img] [@] [@@] [@:]
detailed help about markup
© midtoad - powered by Frog a frog - valid XHTML+CSS
Process times: page=0.004 request=0.014 cpu=0.014