| View previous topic :: View next topic |
| Author |
Message |
genechan
-
Joined: 28 May 2003
Posts: 25
Location: Burnaby, BC, Canada
|
 Posted: Mon Aug 02, 2004 7:47 pm Post subject: Access to Abyss from Internet Stopped Working! |
 |
|
My Web site at http://genechan.homeip.net/ has been running fine under Abyss for over a year, since the knowledgeable folks on this forum helped me work through some problems (see http://www.aprelium.com/forum/viewtopic.php?p=10464&highlight=#10464). About 10 days ago, it stopped being accessible from the Internet, and I have been unsuccessfully trying to figure out why and to fix it. I'm appealing for help again, if not to tell me exactly what's wrong, then to point me in the right direction (tools, procedures) to figure it out - please!
Here's my setup:
- Windows XP Home Edition, ADSL, D-Link DI-704P Router (port 80 forwarded to 192.168.0.117), Kerio Personal Firewall 2.1.5, Proxomitron proxy server [on port 8080 for my Web browsers], Abyss X1 v1.2.0.6 Web server, Windows XP Internet Connection Firewall is OFF.
Here's what happens:
1. My server (QUATTRO) runs on 192.168.0.117 on my internal LAN (inside the router). I can access my Web site from this PC, and the Abyss logfile shows the access coming from 192.168.0.117, but nothing shows up in the Kerio firewall log. This PC (QUATTRO) has a "hosts" file containing an entry "192.168.0.117 genechan.homeip.net", which probably enables the request to bypass the Kerio firewall. Conclusion 1: Abyss works.
2. Two different PCs on my LAN, STEVE (on 192.168.0.121) and HOMER (192.168.0.153), both "inside" the router, also access the Web site okay, and both the Kerio firewall logfile and the Abyss logfile show the access coming from 142.173.67.12 (the public IP address of my LAN.) STEVE has no "hosts" file at all, so it must be using DNS to look up the public IP address. Conclusion 2: Abyss works.
3. Anyone from outside my LAN (i.e., the Internet) fails to get to my Web site - from their perspective, their attempt times out after a minute or two. I see the request in the Kerio firewall log, which shows the requesting Internet IP, and says the access is permitted, and it's going to Abyss on port 80. In the Abyss logfile, NOTHING appears for that request. Conclusion 3: the request successfully passes through the router and firewall, but Abyss never gets it.
Here's what I've tried:
4. Turning off the Kerio firewall, re-installing the firewall, turning off the proxy server, un-installing (delete .conf file) & re-installing Abyss. No improvement.
5. Run a port sniffer (Port Peeker) on port 80, in place of Abyss. Requests come in, are recognized, logged, and passed through the Kerio firewall, and appear in Port Peeker's log. Conclusion 5: requests successfully go through the router, the firewall, and appear on port 80 for an application listening to that port. (One odd thing: Kerio's timestamp shows the access coming in and being permitted, then Port Peeker's timestamp shows the access upwards of 10-20 seconds later. What's happening in the meantime?)
6. Use proxify.com to try to access my Web site From my PC (QUATTRO). Like attempts from other "outside" users, this also fails (times out at the requestor's screen). The request appears in the Kerio logfile, but not in the Abyss logfile.
7. Use http://www.psi-rho.com/dsltools/test.php?type=www to test whether port 80 appears to be open. It responds "Port 80 does not appear to be open". Kerio does show the access request coming in, and permitting it to go to to Abyss on port localhost:80. Nothing shows up in Abyss' logfile.
8. Open up port 8088 in the router (port forwarding to 192.168.0.117), and change Abyss' listening port to 8088. This WORKS for "proxify" attempts and real "outside" attempts. !!! Conclusion 8: Abyss works, but somehow, it doesn't work with port 80 for "outside" requests.
The first question comes to mind: if there's no entry in the Abyss logfile, does that mean Abyss never received the request, or did it receive the request but was unsuccessful in sending a response (e.g., if an outbound response is blocked by a firewall or router?)
The second question: is there a hint of the problem source to being able to get Web site access from "inside" the LAN, but not from "outside"? Why does it work on port 8088, but not on port 80?
Perhaps a red herring: I've been dutifully installing Microsoft's "security patches" to Windows XP as they make them available. Any possibility one of these might be causing me grief?
I'm out of ideas, and desperately seeking help in solving this one. I've considered installing a different Web server, to see if that would work, but I'm not quite at that stage of desperation, yet.
Thanks in advance for any help you can offer.
(Sorry for this long post, but it may be helpful to relate what I've tried already.)
_________________
Gene Chan genechan@vcn.bc.ca
Burnaby, BC, Canada gene_chan@telus.net
Little Mountain Brass Band http://lmbb.vabbs.org/
British Columbia Regiment Association Band http://www.geocities.com/BCRegtBand |
|
| Back to top |
    |
 |
genechan
-
Joined: 28 May 2003
Posts: 25
Location: Burnaby, BC, Canada
|
| Posted: Tue Aug 03, 2004 11:51 pm Post subject: Two abyssws.exe Process Images Running? |
|
|
Still trying to diagnose and fix my problem. When I look at Windows XP (Home Edition) "Windows Task Manager" (Ctl-Alt-Del), under "Processes", I see two lines containing "abyssws.exe", both with User Name = "Owner", Session ID = "0". One has Mem Usage = 272K, the other Mem Usage = 676K. (These Mem Usage sizes keep changing, so Abyss is doing *something*, but apparently not outputting Web pages in response to requests.)
Is it normal to have these two abyssws.exe processes running at the same time?
_________________
Gene Chan genechan@vcn.bc.ca
Burnaby, BC, Canada gene_chan@telus.net
Little Mountain Brass Band http://lmbb.vabbs.org/
British Columbia Regiment Association Band http://www.geocities.com/BCRegtBand |
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Wed Aug 04, 2004 3:55 am Post subject: Re: Access to Abyss from Internet Stopped Working! |
|
|
Wow. That was one of the most intelligently written questions on this forum I've ever seen.
| genechan wrote: | | The second question: is there a hint of the problem source to being able to get Web site access from "inside" the LAN, but not from "outside"? Why does it work on port 8088, but not on port 80? |
Sounds like your ISP started to block port 80. However, I don't have an answer to the "goes in halfway" question.
| genechan wrote: | | Is it normal to have these two abyssws.exe processes running at the same time? |
Yes it is. It is part of Abyss's anti-crash feature. If Abyss crashes, then the second process opens up a new Abyss again.
_________________
Bienvenidos! |
|
| Back to top |
    |
|
genechan
-
Joined: 28 May 2003
Posts: 25
Location: Burnaby, BC, Canada
|
| Posted: Wed Aug 04, 2004 6:45 am Post subject: Re: Access to Abyss from Internet Stopped Working! |
|
|
| iNaNimAtE wrote: | | Wow. That was one of the most intelligently written questions on this forum I've ever seen. |
Your compliment means a lot to me, coming from you. Thank you.
| Quote: | | Sounds like your ISP started to block port 80. However, I don't have an answer to the "goes in halfway" question. |
I considered that, but couldn't explain how the Kerio firewall log shows requests coming in and being passed on to Abyss on port 80, and Port Peeker shows messages coming in on port 80. My far-fetched hypothesis: my ISP has an SPI-enabled filter that lets inbound port 80 requests through, takes note of the requesting IP address and port, and blocks any outbound messages with that IP address and port number. Possible?
FLASH UPDATE! Just called my ISP's tech support. You were right. They have blocked port 80 (and a bunch of other TCP ports) for customers with dynamic IP addresses. Their "solution" for people who want to run Web servers is "upgrade your service to one with a static IP address" (for more money, of course.)
Looks like my workaround to try will be to get a new URL that redirects to the old URL with a different port number. I.e., http://genechan.webhop.net/ redirects to http://genechan.homeip.net:8081/ Not a nice solution... I have to go back and change all references containing the old URL to update them to the new one. (If you try the new URL, please let me know whether it works for you or not.)
Thanks so much for solving this problem for me.
_________________
Gene Chan genechan@vcn.bc.ca
Burnaby, BC, Canada gene_chan@telus.net
Little Mountain Brass Band http://lmbb.vabbs.org/
British Columbia Regiment Association Band http://www.geocities.com/BCRegtBand |
|
| Back to top |
|
|
Axis
-
Joined: 29 Sep 2003
Posts: 336
|
| Posted: Wed Aug 04, 2004 1:59 pm Post subject: |
|
|
Hi genechan--
Your site is now answering!
Regards,
Axis |
|
| Back to top |
|
|
genechan
-
Joined: 28 May 2003
Posts: 25
Location: Burnaby, BC, Canada
|
|
| Back to top |
|
|
iNaNimAtE
-
Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.
|
| Posted: Thu Aug 05, 2004 12:16 am Post subject: |
|
|
http://genechan.homeip.net:8081/ <-- Works for me.
Well, I'm really sorry to hear that, but glad the problem was fixed. No-IP offers a Port 80 redirect that will mask your port number for you, maybe you should try it out.
_________________
Bienvenidos! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
