Re: The connection was refused when trying to connect to ...

From: Dan (danieloconnor_at_dbt.net)
Date: 09/10/03 

Date: 9 Sep 2003 18:41:04 -0700

Joe <joe@jretrading.com> wrote in message news:<bAN35$GaxhX$EwPj@jretrading.com>...
> In message <f03dc8e4.0309082003.5dd37849@posting.google.com>, Dan
> <danieloconnor@dbt.net> writes
> >Joe <joe@jretrading.com> wrote in message
> >news:<Ic4zuiINFOX$Ew9V@jretrading.com>...
> >>
> >> Try entering 'netstat -tupan' at the command prompt and look for the
> >> line(s) with port 80 in the local address, and state 'Listen'. Is the
> >> Foreign Address 0.0.0.0:*?
> >>
> >
> >Ok, so I am not listening on any ports. Any ideas why this might be
> >happening? What might I check? Thanks for your help and suggestions.
> >
> >
> >Proto Recv-Q Send-Q Local Address Foreign Address
> >State PID/Program name
> >tcp 0 0 0.0.0.0:110 0.0.0.0:*
> >LISTEN 3355/xinetd
> >tcp 0 0 0.0.0.0:111 0.0.0.0:*
> >LISTEN 682/portmap
>
> These are the ones: Apache turns up here and in ps, top etc. as httpd.
> It does look as if they're listening normally. Port 80 is http and port
> 443 is https.
> >tcp 0 0 0.0.0.0:80 0.0.0.0:*
> >LISTEN 3265/httpd
> >tcp 0 0 0.0.0.0:443 0.0.0.0:*
> >LISTEN 3265/httpd
>
> The problem has to be at the modem. grc.com shows that none of your
> ports are open to the Internet, whereas the netstat output shows several
> daemons listening (including at least three which shouldn't listen to
> the net, but a firewall will keep them fairly safe).
>
> From the Mozilla connection, your machine seems to be set to a private
> (192.168....) IP number. This is normal for a private network, but it
> does mean that the modem/router must do NAT (network address
> translation) to allow the web server to pretend to be on your real
> Internet IP address. This is quite likely to be the source of the
> problem: external connections to the modem are not being routed to the
> totally different IP address of your server. Check the modem
> documentation under either NAT or Port Forwarding, or possibly something
> similar. For your browser to work at all, the modem must be doing
> something of this sort, and you basically need to tell the modem to
> accept connections on ports 80 and 443 and pass them to your computer on
> the same port numbers. Different modems have different ways of doing
> this.
>
> Some routers can be told to forward all connection requests to a single
> internal machine, and if that's all yours will do, you *must* get the
> firewall running to protect the services you have running which must
> never accept Internet connections (X, portmapper, dhclient in your list,
> though you probably don't want sendmail listening either). X can be told
> only to listen to the machine it's on, and there may be ways to limit
> dhclient, which must presumably accept an IP address from the modem.
> Disable that if the modem allows it. You almost certainly shouldn't have
> the portmapper running at all, I can't offhand think of any reason why a
> single machine should run it (it's for certain rather insecure network
> protocols).
>
> Hope that helps. Your distro will have the Linux HOW-TOs somewhere in
> the documentation, one of which is the NAT HOW-TO. This gives a
> reasonably comprehensible explanation of the whole NAT business.

Thanks for your help Joe! You are quite a wealth of information and
have been very helpful to me.

As it turns out I was able to make a change to my httpd.conf file that
made all the difference. I did have port 80 set to listen, however I
did not have port 80 itself specified as a port in the file. The
change I made is shown below, just added the line port 80. After this
I was able to set my firewall to High security and I am serving pages
just fine now. Thanks for all of your help!

-Dan

# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
port 80
Listen 80

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf

Relevant Pages