[LON-CAPA-admin] Can't access server from off campus

Stuart Raeburn raeburn at msu.edu
Sun Nov 15 11:33:23 EST 2015


Hi Todd,

>
> ... Is there
> something in the configuration of LON-CAPA itself that I may have set, not
> realizing the effect it would have?
>

No, LON-CAPA does not make any changes itself to firewall settings for  
port 80.

>
> Do you have any other ideas of what to look for?
>

You might try using traceroute from a machine in the local network.

On a remote machine nmap reports:

Interesting ports on lc1.Mines.EDU (138.67.208.217):
PORT   STATE    SERVICE
80/tcp filtered http

If you currently have both the apache web server and iptables running,  
you'll need to allow access to port 80 in your iptables rules.

Depending on the version of Linux distro you might either use the command:

setup

or the command:

system-config-firewall-tui

to set this.

Anytime you update iptables settings, you subsequently need to either:
(a) run /home/httpd/perl/loncron (as www)

or

(b) run /etc/init.d/loncontrol restart (as root)

to set rules for port 5663.

LON-CAPA does not make any changes itself to firewall settings for  
ports 80 (http) or 443 (https), but both loncontrol and loncron do  
dynamically enable access to port 5663 for other servers in the  
LON-CAPA network.

Using traceroute for both lc1.Mines.EDU and loncapa.Mines.EDU I see  
the same response -- hops recorded as far as: 138.67.253.1, which  
whois reports as belonging to Colorado School of Mines.


Stuart Raeburn
LON-CAPA Academic Consortium


Quoting Todd Ruskell <todd.ruskell at gmail.com>:

> Hi all,
>
> We've got a library server, a load balancer, and an access server in our
> cluster.  The library server and load balancer are both accessible from on
> and off campus.  For some reason the access server is only available from
> on campus--with campus IP addresses behind the campus-wide firewall.   Any
> access from an off-campus IP address gives a "web page not available"
> time-out error.
>
> Our IT people assure me that the holes in the campus firewall are the same
> for all three machines.  Assuming that's true, I've tried completely
> shutting off iptables on the access server, and still no luck.  Is there
> something in the configuration of LON-CAPA itself that I may have set, not
> realizing the effect it would have?
>
> Do you have any other ideas of what to look for?
>
> Thanks,
> Todd



More information about the LON-CAPA-admin mailing list