apache problems on multi interface configuration

[warnockm]

I have an interesting problem running apache. I currently have 2 NICs in a FC5 server, one on the internal network and one to the external network. Each NIC is on a different subnet. I'm able to connect to apache through the internal interface using it's ip address. When i try to connect through the external interface it does not work. My httpd.conf is set to "Listen 80". I tried changing it to 2 entries, one for each IP and port, but again, only the one interface worked. I assumed that something was wrong w/ the network firewall on the external side, so i ran tcpdump and tried to connect to both interfaces. I was surprised to see entries for the both interfaces when i connected to the appropriate ip. It appears the packets are making it to the server, but aren't making it into apache. I turned the system-config-network firewall off, and iptables --list has no entries in input, output or forwarding. At this point, i'm not sure what to try next. Any suggestions??

[stevea]

The command
netstat -lt | grep http
should return
tcp 0 0 *:http *:* LISTEN
--
If so then let's see your route table with ...
netstat -r

[warnockm]

netstat -r revealed 3 entries, 1 for *:http and 1 for each ipaddr:http. So that looks good. route table:

ipaddr1 * eth0
ipaddr2 * eth1
169.254.0.0 * eth1 ---- not sure why we have this ip on eth1
default ipadd_internal_router eth1

So basically we have the external IP on eth0, and internal ip on eth1, and the default route goes through the internal network. I don't think the default route should affect incoming connections. Right?

[warnockm]

I can't imagine how iptables or apache would be dropping the connection, but is there a way to log this? I tried using syslog to log dropped packets from iptables, but nothing showed up, probably because i have no rules in iptables. I also don't see any entries in error_log or access_log in apache. Is there a way to check other logs?

[warnockm]

Quote:

Originally Posted by warnockm

netstat -r revealed 3 entries, 1 for *:http and 1 for each ipaddr:http. So that looks good. route table:

ipaddr1 * eth0
ipaddr2 * eth1
169.254.0.0 * eth1 ---- not sure why we have this ip on eth1
default ipadd_internal_router eth1

So basically we have the external IP on eth0, and internal ip on eth1, and the default route goes through the internal network. I don't think the default route should affect incoming connections. Right?

Figured it out, the default route was through the internal network and the syn ack replies were blocked by the stateful firewall. thanks!