Apache + Tomato

Discussion in 'Tomato Firmware' started by Dethredic, Jan 23, 2008.

  1. Dethredic

    Dethredic LI Guru Member

    Ok, port 80 is not blocked by my ISP. I am not running a firewall. I have a WRT54G.

    Now, I fooled around with Apache on windows about a year ago, and I was successfully able to get my server up and running. There were no problems. Back then I didn't have tomato.

    Now, I am making a Linux server, to host one of my websites. I have tomato, and after spending a couple hours googleing and doing trial and error settings on my router, I still can't get it. I know know my server is working because I can access it via localhost.

    So, here are some of the things I have tried:


    I have tried various variations of these settings. Some times they were on or off while others were on / off.

    I have not yet had the chance to plug my comp directly into my modem, but if you can see something that I should change, or if there are other settings I need to change, that would be great! This is really frustrating me.
  2. LLigetfa

    LLigetfa LI Guru Member

    In Apache, you need to explicity allow access from the outside. Localhost access is allowed by default.
  3. Dethredic

    Dethredic LI Guru Member

    So you are saying that by default, apache only allows localhost to access it? How can I allow access from the outside??

    I didn't see anything in the apache2.conf
  4. LLigetfa

    LLigetfa LI Guru Member

    On my Apache server the allowed list in under the sites-enabled folder.
  5. LLigetfa

    LLigetfa LI Guru Member

    Here is my config.
    NameVirtualHost *
    <VirtualHost *>
    	ServerAdmin webmaster@localhost
    	DocumentRoot /var/www/
    	<Directory />
    		Options FollowSymLinks
    		AllowOverride None
    	<Directory /var/www/>
    		Options Indexes FollowSymLinks MultiViews
    		AllowOverride None
    		Order allow,deny
    		allow from all
    		# This directive allows us to have apache2's default start page
                    # in /apache2-default/, but still have / go to the right place
                    RedirectMatch ^/$ /apache2-default/
    	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    	<Directory "/usr/lib/cgi-bin">
    		AllowOverride None
    		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
    		Order allow,deny
    		Allow from all
    	ErrorLog /var/log/apache2/error.log
    	# Possible values include: debug, info, notice, warn, error, crit,
    	# alert, emerg.
    	LogLevel warn
    	CustomLog /var/log/apache2/access.log combined
    	ServerSignature On
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from ::1/128
        # Provide an alias to phpmyadmin
        Alias /phpmyadmin /usr/share/phpmyadmin
        <Directory /usr/share/phpmyadmin>
            # Restrict phpmyadmin access to just my worksation
            Order Deny,Allow
            Deny from all
            # Allow from
            Allow from ::1/128
  6. Dethredic

    Dethredic LI Guru Member

    mine is almost identical.

    No major things different
  7. LLigetfa

    LLigetfa LI Guru Member

    Yes, and my example above allows ONLY localhost to some areas and subwebs. I have other "includes" to define other sites that DO allow more than localhost but I didn't post those.

    It does allow from all to www though.
  8. Dethredic

    Dethredic LI Guru Member

    So can you post something that will allow external sources to access my server?
  9. LLigetfa

    LLigetfa LI Guru Member

    Right now my Apache server is only serving a walled garden on my hotspot. I will open a site to the internet tomorrow as a test and post the config.
  10. Dethredic

    Dethredic LI Guru Member

    ok thanks
  11. Low-WRT

    Low-WRT LI Guru Member

    I can't figure out what the problem is. Are you sure port 80 is not blocked?

    I did the same thing you did. I downloaded Apache in my Linux box, copied the website files into the appropriate folder, and forwarded port 80 to that box--exactly as you did.
    I didn't mess with the .conf file or the router's DMZ at all.

    Let us know what happens when the computer is plugged directly into the modem.
  12. Dethredic

    Dethredic LI Guru Member

    Ok, I can access the server on another computer inside my LAN, using it's local IP (192.168.x.xxx).
  13. Dethredic

    Dethredic LI Guru Member

    Ok, I was able to plug my modem directly into my server and here are my results.

    When I was directly hooked up to my router I did an Ifconfig.

    my local IP changed from to I would have expected it to change to my external IP of I then checked my external IP and it changed to I re did the connection to check this was accurate, and it is.

    Now, when directly connected to the modem my friend could type in and he could see my site. So, the problem is 100% in my router. I will try to forward port

    So, if I am hooked up directly to the modem my server works, and my IP changes. I need the router, or I won't have other internet... So, I am going to go back to the default Linksys firmware and see what I can do with that.
  14. LLigetfa

    LLigetfa LI Guru Member

    Yes, you would get a different IP because the PC has a different MAC address than the router. At least you know Apache is working and the problem is with the port forwarding.
  15. Dethredic

    Dethredic LI Guru Member

    So, you use tomato.

    What setting do you have that are different from mine? Maybe some settings on a different page or something.
  16. LLigetfa

    LLigetfa LI Guru Member

    I use Tomato at home but haven't forwarded ports through it. I use m0n0wall on my hotspot and I forward several ports and do some 1:1 NAT'ing through it. Right now my port 80 is to a Sony PTZ camera in my office.

    I noticed in your first post that you both forward port 80 and you put the PC in the DMZ. I would think you would do one or the other, not both.
  17. Dethredic

    Dethredic LI Guru Member

    Well, I have tried just one or the other.
  18. Dethredic

    Dethredic LI Guru Member

    Ok, I switched back to the default firmware, changed some settings, and now it works!

  19. Low-WRT

    Low-WRT LI Guru Member

    I'm reaching here, but hold down the reset button for 30sec., reflash the router with Tomato , and when finished, hold down the reset button again for 30sec.

    Set up the port forwarding as before and hopefully all will work.
  20. LLigetfa

    LLigetfa LI Guru Member

    I always do the 30/30 thing to be safe as I don't have a lot of configs to have to redo.
  21. HennieM

    HennieM Network Guru Member

    You could run tcpdump or ethereal on your Linux box and see if the external request gets into your network at all.

    Also, you could ssh or telnet into your Tomato, and check the iptables carefully, maybe even run the "test" sequence, to see what happens to an incoming packet.
  22. Macskeeball

    Macskeeball LI Guru Member

    Is this just a case of you doing port forwarding to an IP that is not being statically assigned to the desired device, and thus the IP to that device changes every so often, breaking the port forwarding rule?
  23. u3gyxap

    u3gyxap Network Guru Member

    Why don't you try without the router and see if it works?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice