Forum OpenACS Q&A: Port 80 blocked by router? Or the software guy blames the hardware guy.
It would appear that port 80 is blocked. The system is running RH 8.0. I stop iptables and then start a webserver on port 80. I cannot connect to it from a different machine outside the local network. I can connect to it if I start on the machine itself. I don't know what happens if I try from another machine on the same subnet.
If I stick the webserver on ANY OTHER port, everything works fine.
How do I determine where PORT 80 is getting blocked?
I'm blocked on this one myself, can someone offer me a clue purgative?
Telnet or nmap from another machine to port 80. Its possible to block ports on the router or even switch level.
Is there anything in the log about not being able to bind port 80?
Ok, here's how I would track this down. I'd get the permission to do this from all the admins involved, though, as what I'm going to describe will be detected by most IDS's as an intrusion attempt.
I would runt a standard traceroute to see what hosts lie on the path from you to the server in question. Then, I'd run an nmap idlescan ( see http://www.insecure.org/nmap/idlescan.html ) using each host on the path as the zombie along the way. This can allow you to find where port 80 is being blocked.
1) Make sure the webserver is running as root. Port 80 is a priviledged port and you cannot bind to it running as a normal user.
2) Dump the output of "ipchains -L" - is port 80 listed there? If so that could be the problem. For iptables there should be a corresponding command. I have a strong suspicision the problem lies here. There will probably be something that allows you to flush the tables temporarily. Try that.
3) Worse case scenario. Have a look at the output of a packet sniffer such as tcpdump.
Thanks for the help, Lamar, thanks for the suggestion of nmap's idlescan.
I routinely use idlescan at sites I am responsible for. It is a great tool to see just how good your security is. Or isn't.
And it makes a good troubleshooting tool when the firewall seems to not be working quite right.