| View previous topic :: View next topic |
| Author |
Message |
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
 Posted: Sat Aug 16, 2003 5:00 pm Post subject: Using apache on a university campus |
 |
|
| First of all, now I am at college using true high speed internet, not that slow starband. Is there any way to set up apache on a college computer. Current ly I know apache is working because I can access it on my machine. My brother at home can't access it. Is it because of a firewall issue or is it something else. He tried pinging my ip address and still can't access. Can someone help me out here please? |
|
| Back to top |
|
 |
slartibartfasz
Veteran
Joined: 29 Oct 2002
Posts: 1462
Location: Vienna, Austria
|
| Posted: Sat Aug 16, 2003 6:12 pm Post subject: Re: Using apache on a university campus |
|
|
| Tiny_Guy wrote: | | First of all, now I am at college using true high speed internet, not that slow starband. Is there any way to set up apache on a college computer. |
depends on the computer i'd say  - well yes there are ways to speed up apache - if u use apache2 and have a lot of memory - look into the caching capabilities - they can make a big difference....
[EDIT]if u look for pure performace there are a few web servers that are faster than apache - apache is just the one that is the most flexible[\EDIT]
| Quote: | | Current ly I know apache is working because I can access it on my machine. My brother at home can't access it. Is it because of a firewall issue or is it something else. He tried pinging my ip address and still can't access. Can someone help me out here please? |
u have to be more specific here. do u run a firewall? does your campus admin block important ports? what did u allow in the apache conf?
_________________
To an engineer the glass is neither half full, nor half empty - it is just twice as big as it needs to be. |
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Sat Aug 16, 2003 10:40 pm Post subject: |
|
|
| Quote: | | depends on the computer i'd say - well yes there are ways to speed up apache - if u use apache2 and have a lot of memory - look into the caching capabilities - they can make a big difference.... |
I did say set up apache, not speed up.
I am not running a firewall, and I also don't know if my campus admin blocks any ports. How do I check which ports are blocked?
[EDIT]Also I think my ip address is a unique external one(world viewable). Also test out my apache2 configuration by using http://ab285.no-ip.com/[/EDIT]
Here is my apache2.conf.
| Code: |
### /etc/apache2/conf/apache2.conf
### $Id: apache2.conf,v 1.2 2003/02/23 19:39:22 woodchip Exp $
###
### Main Configuration Section
### You really shouldn't change these settings unless you're a guru
###
ServerRoot /etc/apache2
ServerName ab285.no-ip.com
#LockFile /etc/apache2/apache2.lock
PidFile /var/run/apache2.pid
ErrorLog logs/error_log
LogLevel warn
DocumentRoot /home/httpd/htdocs/
### Dynamic Shared Object (DSO) Support
###
### You should always leave these three, as they are needed for normal use.
### mod_access (Order, Allow, etc..)
### mod_log_config (Transferlog, etc..)
### mod_mime (AddType, etc...)
###
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
###
### New Modules for 2.0 (some are experimental)
###
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule echo_module modules/mod_echo.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule case_filter_module modules/mod_case_filter.so
LoadModule case_filter_in_module modules/mod_case_filter_in.so
LoadModule deflate_module modules/mod_deflate.so
#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
#LoadModule bucketeer_module modules/mod_bucketeer.so
LoadModule logio_module modules/mod_logio.so
###
### Global Configuration
###
# Splitting up apache2.conf into two files makes it easier to support
# multiple configurations on the same serer. In commonapache2.conf
# you keep directives that apply to all implementations and in this
# file you keep server-specific directives. While we don't yet have
# multiple configurations out-of-the-box, this allows us to do that
# in the future easily. (PERLPROXIED *ahem*)
#
# For Apache2 we load all conf files in conf/modules.d
Include conf/modules.d/*.conf
Include conf/commonapache2.conf
###
### IP Address/Port
###
#BindAddress *
Listen 80
###
### Log configuration Section
###
<IfModule mod_log_config.c>
#Single logfile with access, agent and referer information
#This is the default, if vlogs are not defined for the main server
CustomLog logs/access_log combined env=!VLOG
#If VLOG is defined in conf/vhosts/vhosts.conf, we use this entry
#CustomLog "|/usr/sbin/apache2splitlogfile" vhost env=VLOG
</IfModule>
###
### Virtual Hosts
###
# We include different templates for Virtual Hosting. Have a look in the
# vhosts directory and modify to suit your needs.
Include conf/vhosts/vhosts.conf
#Include conf/vhosts/dynamic-vhosts.conf
#Include conf/vhosts/virtual-homepages.conf
###
### Performance settings Section
###
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
# prefork MPM [THIS IS THE DEFAULT]
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
# perchild MPM
# NumServers: constant number of server processes
# StartThreads: initial number of worker threads in each server process
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# MaxThreadsPerChild: maximum number of worker threads in each server process
# MaxRequestsPerChild: maximum number of connections per server process
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
|
|
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Sun Aug 17, 2003 7:04 am Post subject: |
|
|
Looks like they are blocking port 80.
| Code: | $ telnet 152.44.82.137 80
Trying 152.44.82.137...
$ tcptraceroute 152.44.82.137 80
Selected device eth0, address 192.168.1.100, port 33018 for outgoing packets
Tracing the path to 152.44.82.137 on TCP port 80, 30 hops max
1 192.168.1.1 (192.168.1.1) 0.597 ms 0.411 ms 0.365 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 tbr2-p013601.sl9mo.ip.att.net (12.122.11.125) 33.571 ms 32.002 ms 61.447 ms
8 tbr2-p013801.cgcil.ip.att.net (12.122.10.45) 39.182 ms 42.280 ms 40.678 ms
9 * * *
10 * * *
11 * * *
12 cer-core-03.inet.qwest.net (205.171.139.6) 39.703 ms 39.045 ms 41.378 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * |
|
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Sun Aug 17, 2003 11:44 am Post subject: |
|
|
I'm trying it with port 8080, see if it works now.
[EDIT]What tool could I use to help determine the bandwidth on my university connection? Also would there be a way to determine if I am behind a firewall?[/EDIT] |
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Sun Aug 17, 2003 8:37 pm Post subject: |
|
|
Still cannot connect. 
| Code: | $ nmap -P0 -p 80,8080 152.44.82.137
Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-08-17 16:29 EDT
Interesting ports on 152.44.82.137:
Port State Service
80/tcp filtered http
8080/tcp filtered http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 36.232 seconds |
| Tiny_Guy wrote: | | What tool could I use to help determine the bandwidth on my university connection? |
Umm... ttcp, ftp an ISO from a Gentoo mirror  , a bandwidth test page. |
|
| Back to top |
|
|
slartibartfasz
Veteran
Joined: 29 Oct 2002
Posts: 1462
Location: Vienna, Austria
|
| Posted: Sun Aug 17, 2003 8:51 pm Post subject: |
|
|
if the server only has to serve a selected group of people u can make it listen to any port u want, not just 80 and 8080....
if not, perhaps u need to tell the guys at the campus net that u want to run a server. thats how they do it here - the dont have a problem with someone running a sever (of any type), but they block the ports by default to 'prevent errors'. the errors are usually windows boxes with IIS and code red or similar. but if u keep your servers clean with sensible up/donwload they let you through.
so if u talk to the guys in a sensible way, they just might let u through - try to think like the network admin
_________________
To an engineer the glass is neither half full, nor half empty - it is just twice as big as it needs to be. |
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Mon Aug 18, 2003 1:30 am Post subject: |
|
|
| Yeah it may be blocked. I told my brother at home to ping my machine using a no-ip.com domain. The ping traffic didn't get through. Does the ping program use a particular port? I don't think the campus net uses port forwarding, but there is a possibility it does. |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
| Posted: Mon Aug 18, 2003 2:40 am Post subject: |
|
|
Your university admins might be evil pieces of trash that block SYN packets (and hence the ability for people on the outside to establish connections to the inside).
See if sshd works. There is no legitimate reason for blocking ssh traffic as it is used primarily for remote access/administration.
I have very strong feelings about this topic.
Also, ping uses ICMP echo/reply (not on a TCP/UDP port). "tcptraceroute" works on TCP ports.
In addition, UNCC (where I go) also blocks ICMP packets at its gateway. It is also part of NCREN. |
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Mon Aug 18, 2003 2:41 pm Post subject: |
|
|
| Oh one thing I should mention is that I have my ip address set up as dynamic, so use the ab285.no-ip.com domain to traceroute or ping or whatever you need to do to see if you can connect. Yeah, I'll see if my brother can ssh into my machine. |
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Wed Aug 20, 2003 12:44 pm Post subject: |
|
|
| This topic seems finished. Apparently the admin won't allow web servers. Unfortunately I think even ssh is blocked. So unless anybody has something else to say, this topic is finished. |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
| Posted: Thu Aug 21, 2003 6:57 pm Post subject: |
|
|
Stupidity claims another campus full of victims.
Start a petition (and NOT an online one).
Get them to change their boneheaded and useless policies.
Don't let this kind of treatment become mainstream. |
|
| Back to top |
|
|
TheAgent
n00b
Joined: 23 May 2003
Posts: 29
Location: Waukesha, WI
|
| Posted: Fri Aug 22, 2003 1:31 am Post subject: |
|
|
If you're a CS/CE/IT major/minor, you might try talking to the head/chair of your department and seeing what options they might offer...
I know at my school, the CS Department offers webhosting on their servers for CS students...
_________________
TheAgent
Total Linux N00b
Shuttle SN41G2:
Athlon XP 2100+
512 MB Corsair PC2700
40GB Maxtor
NForce2 Soundstorm, VGA, Network |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
| Posted: Fri Aug 22, 2003 1:46 am Post subject: |
|
|
| TheAgent wrote: | If you're a CS/CE/IT major/minor, you might try talking to the head/chair of your department and seeing what options they might offer...
I know at my school, the CS Department offers webhosting on their servers for CS students... |
The problem is that the firewall will prevent something as benign as running an X server to interact with a remote machine. In addition, I learned a great deal about administration of machines by running servers on my campus network.
Forced firewalls are bad policy aimed at placating the RIAA and other misguided organizations trying to prevent you from running "warez-server.gardner-webb.edu" or something.
They should allow users to disable the firewall if they so choose (and perhaps even leave it enabled by default!). This way, the AOLers who don't know better will be protected from themselves while still allowing you to do legitimate work.
I'm extremely worried because my university is listed as a POP of his.
I REQUIRE the ability to listen on ports to do my studies. That's how I was able to manage my collaborative site, among other things. This one project would be larger than my entire webspace!
Your problem isn't computer-related. It is political.
Edit: sorry if I appear like an emotional wreck in this post. |
|
| Back to top |
|
|
Tiny_Guy
Tux's lil' helper
Joined: 31 Mar 2003
Posts: 118
|
| Posted: Tue Sep 09, 2003 2:38 am Post subject: |
|
|
| Would it be possible to do tunneling to allow other users to connect to my web server? Can someone also explain http tunneling? |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
| Posted: Thu Sep 18, 2003 5:44 pm Post subject: |
|
|
Try running on an alternate port like 8000.
nmap yourself from the outside to see what they are filtering.
Here are the ports that my university is blocking. |
|
| Back to top |
|
|
snorkel
Apprentice
Joined: 14 May 2002
Posts: 206
Location: Milwaukee, WI
|
| Posted: Thu Sep 18, 2003 5:55 pm Post subject: |
|
|
| A university is not going to allow incoming traffic to it network, unless it is on their DMZ. You can get out because it is NATed. |
|
| Back to top |
|
|
|
Networking & Security
