netbsd-help: Re: Timeout on port 80

Subject: Re: Timeout on port 80
To: (Brian Buhrow) <buhrow@cats.ucsc.edu>
From: Eric Fox <eric@fox.phoenix.az.us>
List: netbsd-help
Date: 08/04/1998 13:27:05
On 04-Aug-98 Brian Buhrow wrote:
>       It occurrs to me that you realy need to establish whether or not the
> problem is that traffic is not getting in or out.  My guess is that the
> packets coming from the client to your server are getting in, but that your
> responses are not going out the right hole.  Is it possible that your httpd
> is sending data with a source address that doesn't match the target address
> you're trying to reach?  That is, if the IP address of the inaccessible
> port is 3.4.5.6 and you telnet to 3.4.5.6:80, are you sure that the machine
> isn't responding with a source address of 7.8.9.10?  If it is, it could be
> that your provider is blocking source addresses that it thinks shouldn't be
> coming from certain places in an attempt to keep people from performing IP
> spoofing attacks against its customers.  I'm particularly struck by this
> because you have an interface of ppp0, which doesn't worrk, and an
> interface of ne0, which does.  What does the output of netstat -an show?
> In particular, compare the things listening through inetd: ftp, telnet,
> rsh, etc. with what's listening on port 80.  Everything should be wild
> carded.  If it's not, then this might point at your problem.
> -Brian
> 

Here are the listening ports of 'netstat -an':

  tcp        0      0  *.863                  *.*                    LISTEN
  tcp        0      0  *.6000                 *.*                    LISTEN
  tcp        0      0  *.80                   *.*                    LISTEN
  tcp        0      0  *.1025                 *.*                    LISTEN
  tcp        0      0  *.37                   *.*                    LISTEN
  tcp        0      0  *.13                   *.*                    LISTEN
  tcp        0      0  *.113                  *.*                    LISTEN
  tcp        0      0  *.79                   *.*                    LISTEN
  tcp        0      0  *.512                  *.*                    LISTEN
  tcp        0      0  *.513                  *.*                    LISTEN
  tcp        0      0  *.514                  *.*                    LISTEN
  tcp        0      0  *.23                   *.*                    LISTEN
  tcp        0      0  *.21                   *.*                    LISTEN
  tcp        0      0  *.25                   *.*                    LISTEN
  tcp        0      0  *.515                  *.*                    LISTEN
  tcp        0      0  *.2049                 *.*                    LISTEN
  tcp        0      0  *.111                  *.*                    LISTEN
  tcp        0      0  *.53                   *.*                    LISTEN

Port 80 appears to be the same as all the others.  I don't belive my provider
is performing the type of blocking you describe above, because it would, I
belive, affect connections to any of the above ports and telnets, mail, and
such are working fine from the outside.

  /\---/\  Eric J Fox
 /  o o  \ mailto:eric@fox.phoenix.az.us
 \.\   /./ http://fox.phoenix.az.us
    \@/