[ale] apache wierdness

James P. Kinney III jkinney at localnetsolutions.com
Thu Apr 14 12:06:44 EDT 2005


On Thu, 2005-04-14 at 10:30 -0400, Yu, Jerry wrote:
> what's the results for /index.html and /cgi-bin/printenv when you try it
> from
> 1) from localhost

works OK
> 2) from DMZ  or intranet, aka., behind the firewall which NATs the
> apache
works OK
> 2) from outside
Works OK on some ISP's. Speakeasy is NOT one that works. 
> 
> apache log: does access_log shows the hang request as an success?
Log shows connection but no request.


216.27.162.82 is my machine, 172.16.10.2 is the DMX internal interface,
172.16.10.1 is the web server. 216.27.164.101 is the external interface.
Here's a tcp dump of the DMZ interface:

tcpdump: listening on eth1
09:19:44.310293 216.27.164.101.53964 > 172.16.10.1.https: S
865145535:865145535(0) win 5840 <mss 1460,sackOK,timestamp 150425947
0,nop,wscale 2> (DF)
09:19:44.310419 172.16.10.1.https > 216.27.164.101.53964: S
2810103798:2810103798(0) ack 865145536 win 5792 <mss
1460,sackOK,timestamp 129832767 150425947,nop,wscale 0> (DF)
09:19:44.329400 216.27.164.101.53964 > 172.16.10.1.https: . ack 1 win
1460 <nop,nop,timestamp 150425965 129832767> (DF)
09:19:44.338396 216.27.164.101.53964 > 172.16.10.1.https: P 1:121(120)
ack 1 win 1460 <nop,nop,timestamp 150425965 129832767> (DF)
09:19:44.338556 172.16.10.1.https > 216.27.164.101.53964: . ack 121 win
5792 <nop,nop,timestamp 129832770 150425965> (DF)
09:19:44.339059 172.16.10.1.https > 216.27.164.101.53964: P 1:123(122)
ack 121 win 5792 <nop,nop,timestamp 129832770 150425965> (DF)
09:19:44.364614 216.27.164.101.53964 > 172.16.10.1.https: . ack 123 win
1460 <nop,nop,timestamp 150426001 129832770> (DF)
09:19:44.392973 216.27.164.101.53964 > 172.16.10.1.https: P 121:645(524)
ack 123 win 1460 <nop,nop,timestamp 150426002 129832770> (DF)
09:19:44.425129 172.16.10.1.https > 216.27.164.101.53964: . ack 645 win
6432 <nop,nop,timestamp 129832779 150426002> (DF)
09:19:44.453231 216.27.164.101.53964 > 172.16.10.1.https: P 645:816(171)
ack 123 win 1460 <nop,nop,timestamp 150426081 129832779> (DF)
09:19:44.453388 172.16.10.1.https > 216.27.164.101.53964: . ack 816 win
7504 <nop,nop,timestamp 129832781 150426081> (DF)
09:19:44.458288 172.16.10.1.https > 216.27.164.101.53964: P 123:370(247)
ack 816 win 7504 <nop,nop,timestamp 129832782 150426081> (DF)
09:19:44.465501 172.16.10.1.https > 216.27.164.101.53964: . 370:1818
(1448) ack 816 win 7504 <nop,nop,timestamp 129832782 150426081> (DF)
09:19:44.465655 172.16.10.2 > 172.16.10.1: icmp: 216.27.162.82
unreachable - need to frag (mtu 1465) [tos 0xc0]
09:19:44.531404 216.27.164.101.53964 > 172.16.10.1.https: . ack 370 win
1728 <nop,nop,timestamp 150426168 129832782> (DF)
09:19:44.531932 172.16.10.1.https > 216.27.164.101.53964: . 1818:3266
(1448) ack 816 win 7504 <nop,nop,timestamp 129832789 150426168> (DF)
09:19:44.532048 172.16.10.2 > 172.16.10.1: icmp: 216.27.162.82
unreachable - need to frag (mtu 1465) [tos 0xc0]
09:19:44.531943 172.16.10.1.https > 216.27.164.101.53964: P 3266:3681
(415) ack 816 win 7504 <nop,nop,timestamp 129832789 150426168> (DF)
09:19:44.569365 216.27.164.101.53964 > 172.16.10.1.https: . ack 370 win
1728 <nop,nop,timestamp 150426206 129832782,nop,nop,sack sack 1
{3266:3681} > (DF)
09:19:45.545528 172.16.10.1.https > 216.27.164.101.53964: . 370:1818
(1448) ack 816 win 7504 <nop,nop,timestamp 129832891 150426206> (DF)
09:19:45.545624 172.16.10.2 > 172.16.10.1: icmp: 216.27.162.82
unreachable - need to frag (mtu 1465) [tos 0xc0]
09:19:47.585536 172.16.10.1.https > 216.27.164.101.53964: . 370:1818
(1448) ack 816 win 7504 <nop,nop,timestamp 129833095 150426206> (DF)
09:19:47.585668 172.16.10.2 > 172.16.10.1: icmp: 216.27.162.82
unreachable - need to frag (mtu 1465) [tos 0xc0]
09:19:51.665535 172.16.10.1.https > 216.27.164.101.53964: . 370:1818
(1448) ack 816 win 7504 <nop,nop,timestamp 129833503 150426206> (DF)
09:19:51.665681 172.16.10.2 > 172.16.10.1: icmp: 216.27.162.82
unreachable - need to frag (mtu 1465) [tos 0xc0]

25 packets received by filter
0 packets dropped by kernel

> 
> # -----Original Message-----
> # From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On 
> # Behalf Of James P. Kinney III
> # Sent: Thursday, April 14, 2005 8:12 AM
> # To: rsj at radio.org; Atlanta Linux Enthusiasts
> # Subject: Re: [ale] apache wierdness
> # 
> # On Wed, 2005-04-13 at 21:27 -0400, Randal Jarrett wrote:
> # > Since the IP address has changed have you made sure that 
> # you flushed 
> # > all the caches on your browser?
> # > 
> # Tried from a freshly built machine (2 actually, a linux box and an XP
> # Pro) with the same results.
> # > 
> # > On Wed, 2005-04-13 at 16:46 -0400, James P. Kinney III wrote:
> # > > Scenario:
> # > > 
> # > > apache server behind nat firewall.
> # > > Network changes just occurred.
> # > > Nat reconfigured to accept new external IP and redirect to DMZ 
> # > > apache server.
> # > > 
> # > > Situation:
> # > > 
> # > > _partial_ connections. If login to web script with bad 
> # user name or 
> # > > password, system returns the correct "bad username or password. 
> # > > Login failed" error message from the login script.
> # > > 
> # > > Using a good combination, I get no response. It looks 
> # like a server 
> # > > hung on connect. wget eventually times out. BUT! The person who 
> # > > wrote the app on the server connects just fine with the 
> # SAME LOGIN 
> # > > THAT FAILS WITH ME?!?!?!
> # > > 
> # > > Both of us see the same IP address. No errors in the log files.
> # > > 
> # > > If I try and access a perl script in cgi-bin called printenv with 
> # > > the perms set to no execute, I get an apache arror 
> # message telling 
> # > > me it can't be execute. If the perms are fixed, the 
> # server just sits 
> # > > and does NOTHING.
> # > > 
> # > > I have never seen something like this before and am 
> # comletely perplexed.
> # > > 
> # > > The firewall now has old and new connections on it (i.e. 
> # old IP and 
> # > > new
> # > > IP) We are in the process of migrating to a new ISP/data 
> # line provider. 
> # > > 
> # > > If everything failed to go through, I could understand it 
> # being the 
> # > > network change. But some stuff comes through. Static 
> # pages don't happen.
> # > > Error messages happen.
> # > > 
> # > > 
> # > > _______________________________________________
> # > > Ale mailing list
> # > > Ale at ale.org
> # > > http://www.ale.org/mailman/listinfo/ale
> # -- 
> # James P. Kinney III          \Changing the mobile computing world/
> # CEO & Director of Engineering \          one Linux user         /
> # Local Net Solutions,LLC        \           at a time.          /
> # 770-493-8244                    \.___________________________./
> # http://www.localnetsolutions.com
> # 
> # GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) 
> # <jkinney at localnetsolutions.com> Fingerprint = 3C9E 6366 54FC 
> # A3FE BA4D 0659 6190 ADC3 829C 6CA7
> # 
> 
> This email and any attached files herein contain information that is intended only for the use of the individual or entity to whom it is addressed and may contain information that is legally privileged, confidential or otherwise exempt from disclosure under applicable laws. If the reader of this message is not the recipient, any disclosure, dissemination, distribution, copying or other use or retention of this communication or its substance is prohibited.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list