I have a Apahce running on FreeBSD 7 behind a Linux router serving as my firewall. I can access the web server from inside my network but I cannot acces it from outside. My gut tells me it is a firewall issue but I strongly doubt it to be the Linux firewall because my DNS server is configured similarly and it has no problems getting data through. Does FreeBSD start it's own firewall by default and if so, does it have default rules that would prevent me from being able to access the server from the outside? My ISP does not block port 80 so that shouldn't be it.

Thanks,
Ian

FreeBSD has no firewall enabled by default.

Awww crap do you know any other reason why I can't get to my server from the outside?

Do you have one or two network cards (one inside, one outside)? Is Apache enabled on both interfaces if there are two?

ifconfig -a
netstat -an | grep 80

Also try a tcpdump on the external interface and listen on port 80

tcpdump -pnli <nic> port 80

See if it responds when you try to visit your webserver from the outside. If there's nothing showing up in tcpdump output, the packets are not making it in (tcpdump is in front of any local firewall, so it will always see packets destined for the interface).

Have you tried telneting on external IP?

yes...to port 80 with no luck

Are you connecting to the outside IP from the inside? This may not always be possible, especially if you're using NAT or portforwarding. Only if the external IP is actually on the Apache server will you be able to connect to it from the inside.

Are you connecting to the outside IP from the inside? This may not always be possible, especially if you're using NAT or portforwarding. Only if the external IP is actually on the Apache server will you be able to connect to it from the inside.


No I connect from the outside.

So, does tcpdump show packets to port 80 arriving on the interface? If not, the problem lies elsewhere.

Tcpdump does output data when I connect from the outside but when I filter only port 80 traffic it displays nothing

Thats why I thought the FreeBSD firewall may be dropping the packets but I have not enabled the firewall.

tcpdump shows all traffic to an interface, even when firewalled. If no traffic shows up on port 80, it does not arrive on the interface. Try tcpdump on your Linux router.

Well that only leaves the perimeter firewall but I don't understand why. It has the same NAT and Forward rules as my DNS server and it's is working fine. Arghhh frustrating!!

grep ^Listen /usr/local/etc/apache22/httpd.conf
pfctl -d
ipfw disable firewall
Post output here and then try to telnet to server again