Forum OpenACS Q&A: Port 80 blocked by router? Or the software guy blames the hardware guy.

Collapse
1: Port 80 blocked by router? Or the software guy blames the hardware guy.
Posted by Jerry Asher on 01/30/03 10:31 AM
I have a system which has had a very frustrating install, and I'd like to blame it on someone's router but I don't know how to track it down.

It would appear that port 80 is blocked.  The system is running RH 8.0.  I stop iptables and then start a webserver on port 80.  I cannot connect to it from a different machine outside the local network.  I can connect to it if I start on the machine itself.  I don't know what happens if I try from another machine on the same subnet.

If I stick the webserver on ANY OTHER port, everything works fine.

How do I determine where PORT 80 is getting blocked?

I'm blocked on this one myself, can someone offer me a clue purgative?

Thanks,

Collapse
2: Re: Port 80 blocked by router? Or the software guy blames the hardware guy. (response to 1)
Posted by Jun Yamog on 01/30/03 10:41 AM
Hi Jerry,

Telnet or nmap from another machine to port 80.  Its possible to block ports on the router or even switch level.

Collapse
3: Re: Port 80 blocked by router? Or the software guy blames the hardware guy. (response to 1)
Posted by Lamar Owen on 01/30/03 06:19 PM
Is Apache installed?  Is xinetd watching port 80?

Is there anything in the log about not being able to bind port 80?

Ok, here's how I would track this down.  I'd get the permission to do this from all the admins involved, though, as what I'm going to describe will be detected by most IDS's as an intrusion attempt.

I would runt a standard traceroute to see what hosts lie on the path from you to the server in question.  Then, I'd run an nmap idlescan ( see http://www.insecure.org/nmap/idlescan.html ) using each host on the path as the zombie along the way.  This can allow you to find where port 80 is being blocked.

Collapse
4: Re: Port 80 blocked by router? Or the software guy blames the hardware guy. (response to 1)
Posted by hafeez bana on 01/30/03 11:38 PM
A few things you might want to try.

1) Make sure the webserver is running as root. Port 80 is a priviledged port and you cannot bind to it running as a normal user.

2) Dump the output of "ipchains -L" - is port 80 listed there?  If so that could be the problem. For iptables there should be a corresponding command. I have a strong suspicision the problem lies here. There will probably be something that allows you to flush the tables temporarily. Try that.

3) Worse case scenario. Have a look at the output of a packet sniffer such as tcpdump.

Regards,
Hafeez

Collapse
5: Re: Port 80 blocked by router? Or the software guy blames the hardware guy. (response to 1)
Posted by Jerry Asher on 01/31/03 08:25 AM
Turns out it was a router serving the entire site.  The network engineer routinely blocks port 80 to keep code red out of his network.

Thanks for the help, Lamar, thanks for the suggestion of nmap's idlescan.

Collapse
6: Re: Port 80 blocked by router? Or the software guy blames the hardware guy. (response to 1)
Posted by Lamar Owen on 02/01/03 05:13 AM
You're welcome, Jerry.  Glad it helped.

I routinely use idlescan at sites I am responsible for.  It is a great tool to see just how good your security is.  Or isn't.

And it makes a good troubleshooting tool when the firewall seems to not be working quite right.