OT: Web server no longer works [Further problems?]

Rick Stevens ricks at alldigital.com
Thu Jul 3 21:36:40 UTC 2014 

On 07/03/2014 02:03 PM, Dave Stevens issued this missive:
> Quoting Jack Craig <jack.craig.aptos at gmail.com>:
>
>> ditto, ...
>
> Jack,
>
> Telus is my ISP and they block port 80. As a test I recently added
> "Listen 81" to my apache2.conf file and restarted the http service. Now
> when I want to connect to my computer from off-site I use the form
> URL:91 and I get through fine. It looks to me as if you are getting
> blocked. I think ping uses ICMP not http.

Most home ISPs block common "server" ports to prevent high bandwidth
usage on their networks. Typically they'll block ports 80, 443, 25, 465, 
8080 and a number of others. If you want those ports unblocked,
you typically have to sign up for their "business class" service or use
non-blocked ports (such as 81, 8081, whatever).

Both ping and traceroute use ICMP, so the missing ping or traceroute is
because either the target isn't there or ICMP is being blocked by the
provider. Blocking ICMP is often done by the provider because they
think it helps protect their users from port probers ("gee, there's no
machine at that IP so there's no reason to try to break in").

You could use traceroute with a "-T" option (to try a TCP SYN probe),
but you also need to specify a port you know the machine is listening on
but is NOT blocked by the ISP. Most ISPs don't block SSH on port 22, so
a "traceroute -T -p 22 <ipaddress>" may succeed IF you have sshd
listening on port 22. No guarantees, however.

>> traceroute 99.121.57.131
>> traceroute to 99.121.57.131 (99.121.57.131), 30 hops max, 60 byte packets
>>  1  192.168.2.1 (192.168.2.1)  0.213 ms  0.153 ms  0.162 ms
>>  2  cruzio_gw (63.249.90.1)  12.075 ms  12.983 ms  13.879 ms
>>  3  115.at-5-0-0.gw3.200p-sf.sonic.net (74.220.64.25)  15.307 ms  16.689
>> ms  17.607 ms
>>  4  0.ae2.gw.200p-sf.sonic.net (70.36.211.53)  18.514 ms  19.404 ms
>> 20.855
>> ms
>>  5  0.xe-5-1-0.gw.equinix-sj.sonic.net (208.106.27.121)  23.713 ms
>> 24.620
>> ms  25.052 ms
>>  6  sonicnet-customer.xo.com (216.156.84.101)  26.742 ms  14.087 ms
>> 14.908
>> ms
>>  7  192.205.37.189 (192.205.37.189)  17.804 ms  16.152 ms  17.042 ms
>>  8  cr1.sffca.ip.att.net (12.122.86.90)  21.607 ms  24.727 ms  25.085 ms
>>  9  12.122.114.41 (12.122.114.41)  25.399 ms  25.319 ms  25.266 ms
>> 10  * * *
>> 11  * * *
>>
>>
>> On Thu, Jul 3, 2014 at 1:03 PM, Mike Wright <mike.wright at mailinator.com>
>> wrote:
>>
>>> 07/03/2014 12:55 PM, Jonathan Ryshpan wrote:
>>>
>>>>
>>>> On Thu, 2014-07-03 at 13:12 -0500, Kevin Martin wrote:
>>>>
>>>>> On 07/03/2014 12:47 PM, Jonathan Ryshpan wrote:
>>>>>
>>>>>> I run a small weather station that acts as a web server.  Recently
>>>>>> it's
>>>>>> become impossible to
>>>>>> access it via the web, though I can still access it over my local
>>>>>> network.  Some details:
>>>>>>
>>>>>>    * My ISP is AT&T using their Uverse service.
>>>>>>    * The server was accessible from the web a month or so ago.
>>>>>>    * The server has web address oaklandweather.no-ip.org, which
>>>>>> currently resolves to
>>>>>>      99.121.57.131, and probably will for some time.
>>>>>>    * I can ping the server either over the LAN or via the web without
>>>>>> trouble.
>>>>>>    * An attempt to connect to the weather station as a web server
>>>>>> (HTTP) times out.
>>>>>>
>>>>>> I'm pretty sure that the Uverse gateway is set up correctly: It
>>>>>> worked
>>>>>> properly in the past
>>>>>> and I haven't made any changes to it.  An inspection of the settings
>>>>>> doesn't show anything
>>>>>> obviously wrong.
>>>>>>
>>>>>> Has AT&T changed its terms of service?  I vaguely remember the
>>>>>> terms of
>>>>>> service don't allow
>>>>>> customers to run servers; but I can't find any such restriction in
>>>>>> documents available on the
>>>>>> web.  Also the (AT&T supplied) gateway has a function to explicitly
>>>>>> open a "pinhole" allowing
>>>>>> HTTP service from a computer on the customer side of the gateway.
>>>>>>
>>>>>
>>>>  Do a google search for microsoft and no-ip.  You may have gotten
>>>>> clobbered by microsoft.
>>>>>
>>>>
>>>> It looks like there may be further problems.  Note that I can ping
>>>> oaklandweather.no-ip.org, but not connect to it as a web server.  Is it
>>>> possible for M$ to mess up the DNS entry so that ping is resolved
>>>> correctly but HTTP is not?  Here's the failure report from Konqueror:
>>>>
>>>>          The requested operation could not be completed
>>>>
>>>>          Timeout Error
>>>>
>>>>          Details of the Request:
>>>>                * URL: http://oaklandweather.no-ip.org/
>>>>                * Protocol: http
>>>>                * Date and Time: Thursday, July 03, 2014 12:26 PM
>>>>                * Additional Information: oaklandweather.no-ip.org:
>>>> Socket
>>>>                  operation timed out
>>>>                * Description:
>>>>
>>>>          Although contact was made with the server, a response was not
>>>>          received within the amount of time allocated for the
>>>> request as
>>>>          follows:
>>>>                * Timeout for establishing a connection: 20 seconds
>>>>                * Timeout for receiving a response: 600 seconds
>>>>                * Timeout for accessing proxy servers: 10 seconds...
>>>>
>>>>
>>> Hi Jonathon,
>>>
>>> I just tried pinging 99.121.57.131 and got no reply.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-    They say when you play a Microsoft CD backwards, you'll hear    -
-   Satanic messages, but if you play it forwards, it will install   -
-           Windows...which means Satan is in your system.           -
----------------------------------------------------------------------

More information about the users mailing list