Need Help on setting up a small home site.

Hello everyone. I want to run Apache 2.0 on my Fedora Core 3 box to
host a small website of mine.Howevery, this is the first time I have
ever done such a thing so I came up agains a lot of problem. I use a
graphical tool to set it up- system-config-httpd, I guess. My linux
computer connects to the internet through a ADSL modem from Zyxel and I
am provided with a dynamic IP address by my ISP. Since the modem
contains a web-based configuration site, everyone connects to my
computer will log in that site ( they don't know the password
ofcourse), it also happens when I register a free dynamic dns from
dydns.org. I blocked incoming request to that website and edit the NAT
config with SUA- (Start port 80, end port 80, IP address 192.168.1.33
where 192.168.1.33 is my dhcp start IP). In the httpd gui configuration
I filled in something like this :
MAIN : Server name : anhhung.dyndns.info
Available Addresses : All available addresses listens on port
80
VIRTUAL HOST : Basic setup : Virtual Host Name : anhhung.dyndns.org
( I even used another different host name but still didn't work)
Host infomation Name Based VH : 192.168.1.33
Hostname : anhhung.dyndns.org
http://localhost and 192.168.1.33 point me to the
Fedora Core Test Page : This page is used to test the proper operation
of the Apache HTTP server after it has been installed. If you can read
this page, it means that the Apache HTTP server installed at this site
is working properly.....
I asked some friends of mine to log in the site but
they all got connection refused. I have no idea what's going on. One
more thing, What is the differnce between the Main adn VH, how do they
work, what is the VH for, did I do st wrong when I set up the VH the
same as the main section. What should I do to fix this problem. I know
this is very basic thing for U guys here but I'm a complete newcomer to
apache (just had internet connection for only 17 days!!!)

On 1 Jul 2005 10:23:32 -0700,
anhhung@gmail.com posted:

> Hello everyone. I want to run Apache 2.0 on my Fedora Core 3 box to
> host a small website of mine.Howevery, this is the first time I have
> ever done such a thing so I came up agains a lot of problem. I use a
> graphical tool to set it up- system-config-httpd, I guess. My linux
> computer connects to the internet through a ADSL modem from Zyxel and I
> am provided with a dynamic IP address by my ISP.

The graphical tool isn't that brilliant. If you can follow the Apache
manual, you're much better off configuring it manually.

> Since the modem contains a web-based configuration site, everyone
> connects to my computer will log in that site ( they don't know
> the password of course),

This shouldn't happen, because your modem should only listen for
configuration connections on the LAN side.

> it also happens when I register a free dynamic dns from
> dydns.org. I blocked incoming request to that website and edit the NAT
> config with SUA- (Start port 80, end port 80, IP address 192.168.1.33
> where 192.168.1.33 is my dhcp start IP).

Is 192.168.1.33 *just* what you're using internally? (Your NAT forwarding
rules.) You have configured your dynamic name service to use your external
IP with your dynamic hostname? (You need to.)

> In the httpd gui configuration I filled in something like this :
> MAIN : Server name : anhhung.dyndns.info
> Available Addresses : All available addresses listens on port
> 80
> VIRTUAL HOST : Basic setup : Virtual Host Name : anhhung.dyndns.org
> ( I even used another different host name but still didn't work)

If you're setting up the main server to respond to that address, you
wouldn't also want to set up virtual hosts (that's for getting a server to
act as many different servers, for different host addresses).


> Host infomation Name Based VH : 192.168.1.33
> Hostname : anhhung.dyndns.org
> http://localhost and 192.168.1.33 point me to the
> Fedora Core Test Page : This page is used to test the proper operation
> of the Apache HTTP server after it has been installed. If you can read
> this page, it means that the Apache HTTP server installed at this site
> is working properly.....


> I asked some friends of mine to log in the site but
> they all got connection refused. I have no idea what's going on.

You have forwarded external port 80 requests through your modem to the
computer running the webserver, *AND* opened a hole through your firewall?

> One more thing, What is the differnce between the Main adn VH, how do
> they work, what is the VH for, did I do st wrong when I set up the VH
> the same as the main section.

Have you looked through the Apache manual yet? It explains it, and it's
how most of us are going to explain it, too. If you're slightly familiar
with it while asking questions, you might get more specific answers to the
parts of it that you don't understand.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.

How can I post my httpd.conf file content so that U can view and give
me some advice on it. I opened port 80 through NAT because some else
told me that I have to open that port and forward request to my
computer. This is a single computer without any Lan. How should I know
which IP address to use? Vh is used to serve multiple websites ( I know
that know :)). But what if I want to serve only one site. I mess the
<VH> directive up I don't know how to fix it as it is. So if U don't
consider it rude to post a long config file here, may I do it, perhaps,
on the next reply. When I disabled the modem config site for
outsiders, all connection to my computer seems to be blocked because it
I, and so else, try to access through anhhung.dyndns.info, I got
connection refused.

On 1 Jul 2005 23:37:52 -0700,
anhhung@gmail.com posted:

> How can I post my httpd.conf file content so that U can view and give
> me some advice on it.

Attach it to a message, or copy and paste it into one.

> I opened port 80 through NAT because some else
> told me that I have to open that port and forward request to my
> computer.

Yes, that's the usual thing to do. But there's several aspects to it.

If your internet connection is something like a router, then you do have to
forward connections through it. If it's just a simple modem, then the
computer is the first network device.

Some routers also have a firewall, and you need to allow incoming
connections to port 80, so that they can be routed through to something
behind it. Say specifically what model yours is so that someone can say
what you may have to do.

> This is a single computer without any Lan. How should I know
> which IP address to use?

Run /sbin/ifconfig and you can see the IP addresses associated with all
your interfaces on your computer. 192.168.x.y ones are local network
addresses. Usable within your network, but not to outsiders. However, if
you're configuring your modem/router to forward port 80 connections
through, then it's done to that internal address. Outsiders will connect
to the external IP address of your router.

> Vh is used to serve multiple websites (I know that know :)). But what
> if I want to serve only one site. I mess the <VH> directive up I don't
> know how to fix it as it is.

Then you only need the main configuration, and can remove all virtual host
directives. Hint: Avoid uncommon abbreviations, like "VH", while trying
to diagnose problems. Then we're all clear about what you're talking
about.

> So if U don't consider it rude to post a long config file here, may I do
> it, perhaps, on the next reply.

It's a common enough thing to do, and it may be the only way we work out
your problem.

> When I disabled the modem config site for outsiders, all connection to
> my computer seems to be blocked because it I, and so else, try to access
> through anhhung.dyndns.info, I got connection refused.

I've no idea what you've removed. What's "modem config site"?

Basic concept of hosting something when you're behind a modem with in-built
firewall and router, hosting "www.example.com", your current public IP
address being 192.0.34.166, and your computer's internal LAN IP address
being 192.168.1.1:

You'd allow incoming port 80 connections through the firewall.

You'd forward port 80 through to 192.168.1.1.

You'd set your dynamic IP configuration gizmo to set your *current* public
into your DNS records for www.example.com (configuring their DNS server
with your details). For now, that'd be 192.0.34.166, and your program
should automatically update the records whenever your IP changes.

You'd set your HTTP server to listen to port 80 on all interfaces (for
simplicity's sake).

You'd set your HTTP servername as www.example.com.

You'd ensure that on your system that www.example.com resolves to an IP
address that you can use. For some networks you won't be able to connect
to your public IP, so you might add www.example.com as an alias for your
LAN address in your hosts file.

e.g. 127.0.0.1 localhost.localdomain localhost www.example.com

This last step allowing you to browse your own webserver on your own
machine.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.

On Sat, 2 Jul 2005 20:22:03 +0930,
Tim <tim@mail.localhost.invalid> posted:

> Basic concept of hosting something when you're behind a modem with in-built
> firewall and router, hosting "www.example.com", your current public IP
> address being 192.0.34.166, and your computer's internal LAN IP address
> being 192.168.1.1:

Addendum: Considering that I've gave an example with an internal IP, the
following hosts file entries would fit in with that example.

127.0.0.1 localhost.localdomain localhost
192.168.1.1 www.example.com

However, the original example (of putting the www.example.com alias onto
the local loopback address would also have worked).

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.

Hi . I did as you advised but:
--- As I mentioned, my ADSL modem ( Router) has a web-based
configuration site. Perhaps I have to explain a bit. It's a website
that allow anyone on the network to configure the modem without having
to telnet to it or use a specific software.Unfortunately, this web tool
binds itselft to 192.168.1.1, therefore, telling Apache to listens to
that address is impossible : (99)Cannot assign requested address:
make_sock: could not bind to address 192.168.1.1:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
-- I then tried to bind it to 192.168.1.33 since my computer is
the one that connects to the modem ( no LAN). 192.168.1.33 points me to
the exact testing website in /var/www/html as well as
anhhung.dyndns.info, in the case I have already added
anhhung.dyndns.info as an alias to /etc/hosts. Without doing so,
anhhung.dyndns.info still points to the website of the modem(
192.168.1.1).Outsiders cannot access the dns and now, they can access
it,but not to my website, to the modem website.
--- Perhaps, imo, apache is no problem, the problem lies in the
Modem configuration. It's bad, I don't know much about port forwarding
and stuff like this. Hoping that someone uses the same modem like me :)
.. It's a Zyxel Prestige 660R-61C.
---- ifconfig gives me the following :
/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:06:7B:0A:F7:8D
inet addr:192.168.1.33 Bcast:192.168.1.255
Mask:255.255.255.0
inet6 addr: fe80::206:7bff:fe0a:f78d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:294042 errors:0 dropped:0 overruns:0 frame:0
TX packets:262312 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:376563074 (359.1 MiB) TX bytes:18905997 (18.0 MiB)
Interrupt:11 Base address:0xc000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:588 errors:0 dropped:0 overruns:0 frame:0
TX packets:588 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:337254 (329.3 KiB) TX bytes:337254 (329.3 KiB)
Then 192.168.1.33 should be my IP address.
I use NAT, there are two options : SUAonly and Fullfeature. But SUA
must be used if I have one public WAN address and the latter is for
more than one. How do I know that I have one or many Wan puplic
address. I obtain my IP address from ISP. If NAT-SUA or FullFeature is
the right tool for port forwarding, how come it won't work. I've tried
editting everything to 192.168.1.33 port 80 both SUA and Full feature
alternatively but fails. I really have no idea what's going. Anyone
having experience with the modem please help me out.

On 3 Jul 2005 01:04:48 -0700,
anhhung@gmail.com posted:

> Hi . I did as you advised but:
> --- As I mentioned, my ADSL modem (Router) has a web-based
> configuration site. Perhaps I have to explain a bit. It's a website
> that allow anyone on the network to configure the modem without having
> to telnet to it or use a specific software.Unfortunately, this web tool
> binds itselft to 192.168.1.1, therefore, telling Apache to listens to
> that address is impossible : (99)Cannot assign requested address:
> make_sock: could not bind to address 192.168.1.1:80
> no listening sockets available, shutting down
> Unable to open logs

The 192.168.1.1 address is only one that I used for the sake of example,
likewise for other addresses I used in my examples. Of course, you have to
change it to suit however your network is set up.

> -- I then tried to bind it to 192.168.1.33 since my computer is
> the one that connects to the modem (no LAN).

Which is what you need to do, and the principle's the same whether your
local network is one router and one computer, or has many more devices.

> 192.168.1.33 points me to the exact testing website in /var/www/html
> as well as anhhung.dyndns.info, in the case I have already added
> anhhung.dyndns.info as an alias to /etc/hosts. Without doing so,
> anhhung.dyndns.info still points to the website of the modem
> (192.168.1.1).Outsiders cannot access the dns and now, they can
> access it,but not to my website, to the modem website.

192.168.x.y addresses are *internal* networking addresses only. Your
modem/router has two interfaces, one at your side (192.168.1.1 and one on
the world size with your public IP - whatever that is, though your current
message headers indicate it's probably 210.245.104.13).

The external address is the one that you need to set into public DNS
servers as the IP address for your anhhung.dyndns.info domain name. It's
the only one that other people (outsiders can connect to). Currently, I
see that your domain name is pointing at 210.245.99.168 (I used the "dig"
tool on Linux against your hostname), but there's no response to trying to
browse to it.

> the problem lies in the Modem configuration. It's bad, I don't know
> much about port forwarding and stuff like this. Hoping that someone
> uses the same modem like me :). It's a Zyxel Prestige 660R-61C.

Have you tried the Zyxel knowledge base?

> ---- ifconfig gives me the following :
> eth0 Link encap:Ethernet HWaddr 00:06:7B:0A:F7:8D
> inet addr:192.168.1.33 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::206:7bff:fe0a:f78d/64 Scope:Link
>
> Then 192.168.1.33 should be my IP address.

*ONLY* inside your own network. Well, that's *nearly* always *only*...
There are a few rather scummy ISPs which use private network addresses for
all of their customers.

All across the planet there are thousands of networks that have their own
devices at 192.168.1.1. Such addresses are not routeable over networks so
that many private networks can be made without needing registered IPs.
No-one, other than people on the same network as you, will be able to
connect to your web server at an address like 192.168.1.33.

You need a public IP address for outsiders to be able to connect to you.

> I use NAT, there are two options : SUAonly and Fullfeature. But SUA
> must be used if I have one public WAN address and the latter is for
> more than one. How do I know that I have one or many Wan puplic
> address. I obtain my IP address from ISP. If NAT-SUA or FullFeature is
> the right tool for port forwarding, how come it won't work. I've tried
> editting everything to 192.168.1.33 port 80 both SUA and Full feature
> alternatively but fails. I really have no idea what's going. Anyone
> having experience with the modem please help me out.

A quick searching around looks like "SUA" is some sort of Zyxel brandnaming
of NAT/proxying. Where you'd use it so that multiple computers on your LAN
can connect to your ISP, with *it* handling the network routing to the
right computers inside your network (responses to requests going to the
right PC). If you only have one computer, I can't see why you'd need to be
using it.

I haven't noticed anything detailing what "full feature" would mean. But
if it's the opposite of NAT/proxying (seeing as you've mentioned it or
SUA), the modem is used as a bridge (similar to dial-up modems - it's just
a connection between your PC and the ISP, your computer is treated as the
first network device, rather than the modem; the computer will get assigned
the public IP by the ISP).

Have a look at the webserver built into your modem. Somewhere ought to be
some indication of your current external IP address. But what tool do you
use to set your dyndns records with? It ought to be able to determine your
external address (unless you've got an extremely crap program, in which
case change it). Most of them are "set and forget" scripts, you ensure
it's called at the appropriate moments (e.g. at connection, and
periodically while connected), that it's configured with your hostname, and
it maintains the correct public IP address for your hostname all by itself.

As I've mentioned before, forwarding IPs through a device is only part of
the equation. If the device also has a firewall, you have to open a hole
through it, first. I haven't found an on-line manual for the modem you
mentioned to find out specifically how it operates, nor what its features
are.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.