Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First off, close 81-89. You don not open ports that are never used, that is just an invitation to hackers. All connections for web servers come in only on 80.
You won't see much in syslog. Most of that has nothing to do with the webservice. All the ppp is point to point communications, like a phone modem. That shouldn't be used at all with a high speed connection, so I don't know why they are looking for a connection. The lines about eth0 are just what they say. You have no ipv6 router, as ipv6 is not used anywhere in the US at present. The other tells you that connection is up and fine.
You really are not at a level where you are ready to admin a linux box. I'm not saying that to scare or downplay what you've done so far, but your inability to get this going shows that you don't have the networking knowledge for a project like this, a clear lack of linux knowledge is present, and by not using searches here and with google that you just aren't set to take care of a linux box.
Furthermore, how in the world are we supposed to check if you're configured correctly when you have yet to tell us what the domain name is for the site?
i accept what you say...i have done a fair amount of research but i can only fit so many hours in between my working hours. this is sort of a sideline thing that im trying out. but im not looking to go full top notch here. to explain the lack of knowledge with linux is because ive only been working with it for 2 weeks...after hours.
oh and the domain is (taken away) and i have closed port 82 - 89.
thanks for the help so far though
I'm not suggesting that you become a linux master overnight by any stretch, just that you need to get some more skills together before you put boxes live on the internet. If you get rooted, that will be a very bad experience for you.
Closing 82-89 isn't enough, close 81 as well. The way ports work is they are only contact ports. Everyone asking to connect to your linux box is asking for port 80, and then your server says to them something along the lines of, "ok cool, go to port 23423 for further info." Those ports will be open, it is just 80 that needs to be mapped and kept clean. And regardless of if 1 person or 1,000,000 people try to look at your page, every single one of them will come in at port 80.
Your page doesn't load at present. Also, from what I can tell from this side of the connection, it looks like your ISP may be blocking access to you on port 80. A quick scan of peppie32.dyndns.org says it is not live. Since that is your external IP address obviously it is live, and that suggests some type of mask put in place by your ISP. Do you know if they allow you to run webservers on your connection?
[later]You do not have the port forwarding set up correctly. An extended scan of your IP showed only one port open on the WAN side -
Not shown: 1696 filtered ports
PORT STATE SERVICE
5190/tcp open aol
So you need to get the router to open and forward 80, and still confirm that your ISP will allow you to do that.[/later]
no i dont know that...but i can find out but only on monday ofcourse. sorry i meant to say that i closed all ports and only port 80 is open.
i did read that that could be a possibility. what would happen if i change the server to listen to port 8080 instead of port 80 and then ofcourse open port 8080 on the router?
i really do think i need more experience too...but how i see it is how else do you gain experience other than getting your hands dirty. and besides we only want to use server for demo purposes to save our hosting service's bandwidth and space.
I just edited my post above, you don't have port 80 open, you only have something opened for AOL -
Not shown: 1696 filtered ports
PORT STATE SERVICE
5190/tcp open aol
it is fine to get dirty, just be very aware that somebody can compromise your system fairly easily when you don't know what you're doing. So if somebody roots you and turns you into the proverbial spam fountain, you'll still be legally responsible for that.
And you can change to 8080, although if 80 is blocked, it is often that 8080 is blocked as well. You'll need to get a hold of somebody in tech support and find out exactly what the policy is. You also could just change it on the router, forward 8080 to 80 internally, if your router supports it.
ok will get more information about whether or not we are allowed to run our own webserver here.
i just ran a test as well and i see what you mean that port 80 is not forwarded although it is supposed to be forwarded. and yet port 8080 is forwarded.
how do i forward port 8080 to 80 internally?
[EDIT]
seeing to it that i have forwarded port 8080 and have apache listening to port 8080 too...could you check the domain with port 8080?
In any case, I can't connect to that either. Did you restart apache after you made the change, and can you connect locally at it's lan IP address with :8080 tacked on at the end?
yes i did restart apache after i made the changes...i restart apache after i make any changes. and yes i can access the server on LAN with the IP address :8080.
i also saw on another site that a person did a demonstration of the file /etc/hosts
and he put the following in (taking me as an example)
192.168.1.1 router.peppie32.dyndns.org #the router
192.168.1.33 www.peppie32.dyndns.org #the server
is this needed in anyway?
and i restarted apache jsut to be safe
otherwise what solution is there to get this thing online so that we can start using it for demos (it wont be advertised).
you mentioned that i need to find out from our ISP if we are allowed to run a webserver.
if not what do we need from our ISP and if yes what do we still need from our ISP.
and other than that what else do you suggest? also what firewall, anti-spam and anti-virus packages would you suggest? ive read about firestarter, iptables, spamassassin. but what would you suggest?
By editing /etc/hosts, you only effect the DNS lookups from that machine. If your ISP allows connections but doesn't allow you to loopback onto your own address, then it makes sense to put in the LAN ip address, but that doesn't help your windows boxes in any way. I would say it is completely a waste, and just connect to it by its LAN address within your place, but you certainly can do that if you want to.
You don't need anti-spam or anti-virus on a webserver, unless you allow people to upload files, in which case you should use clamav, available at http://clamav.net. You should get a hardware firewall in front of this and any other box that is exposed to the world. Doesn't matter if it is a computer running something like smoothwall or a dedicated hardware unit like something from sonicwall, but something should be protecting your machines.
Anti spam makes no sense, unless the box is a mail server.
You need to find out if you can run a webserver from your ISP, and if they block all connections, or only connections on 80, the whole deal. You need to find out where the holes are so you can go through them, if they exist at all.
no im not interested in a mail server.
ok thanks...ill look into those...i will be needing antivirus besause the demos will include people uploading. although it will be cleaned up on a daily / weekly bases.
i just changed something on the router now (ddns username) and now if i try and access www.peppie32.dyndns.org from within the LAN it asks me for the router's username and password. why does it do it now and previously it just timed out?
Because you finally got it working! I can get to your site now, although the title on the tab says only 60. so you certainly have some work ahead of you. Not that it is resolving correctly, we find that your IP is allowing you to loopback if you are connecting to your router when you try http://peppie32.dyndns.org, and the site is available at http://peppie32.dyndns.org:8080.
Your public IP changed too in the past hour, maybe when I was looking before it was trying to connect to the wrong IP.
yes i know my public IP changes...i never knew it changes every hour or so...i thought it changes every time i reconnect to the itnernet.
the title is because thats just a template my dad had setup...the actual script in there does not work. oh and it was not a username i changed it was the host name i changed on the DDNS option on the router.
what if i have another dns i.e www.peppie32.dyndns.info how would i get that one working if i only have an option to enter one host name in the router?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
