[LON-CAPA-admin] Can't access server from off campus
Stuart Raeburn
raeburn at msu.edu
Sun Nov 15 11:33:23 EST 2015
Hi Todd,
>
> ... Is there
> something in the configuration of LON-CAPA itself that I may have set, not
> realizing the effect it would have?
>
No, LON-CAPA does not make any changes itself to firewall settings for
port 80.
>
> Do you have any other ideas of what to look for?
>
You might try using traceroute from a machine in the local network.
On a remote machine nmap reports:
Interesting ports on lc1.Mines.EDU (138.67.208.217):
PORT STATE SERVICE
80/tcp filtered http
If you currently have both the apache web server and iptables running,
you'll need to allow access to port 80 in your iptables rules.
Depending on the version of Linux distro you might either use the command:
setup
or the command:
system-config-firewall-tui
to set this.
Anytime you update iptables settings, you subsequently need to either:
(a) run /home/httpd/perl/loncron (as www)
or
(b) run /etc/init.d/loncontrol restart (as root)
to set rules for port 5663.
LON-CAPA does not make any changes itself to firewall settings for
ports 80 (http) or 443 (https), but both loncontrol and loncron do
dynamically enable access to port 5663 for other servers in the
LON-CAPA network.
Using traceroute for both lc1.Mines.EDU and loncapa.Mines.EDU I see
the same response -- hops recorded as far as: 138.67.253.1, which
whois reports as belonging to Colorado School of Mines.
Stuart Raeburn
LON-CAPA Academic Consortium
Quoting Todd Ruskell <todd.ruskell at gmail.com>:
> Hi all,
>
> We've got a library server, a load balancer, and an access server in our
> cluster. The library server and load balancer are both accessible from on
> and off campus. For some reason the access server is only available from
> on campus--with campus IP addresses behind the campus-wide firewall. Any
> access from an off-campus IP address gives a "web page not available"
> time-out error.
>
> Our IT people assure me that the holes in the campus firewall are the same
> for all three machines. Assuming that's true, I've tried completely
> shutting off iptables on the access server, and still no luck. Is there
> something in the configuration of LON-CAPA itself that I may have set, not
> realizing the effect it would have?
>
> Do you have any other ideas of what to look for?
>
> Thanks,
> Todd
More information about the LON-CAPA-admin
mailing list