Apache web server not accessible publicly

Question

I have an Apache (2.4.10) web server running on a desktop with Debian (Jessie, 8).

The desktop has a static local IP address (192.168.x.x) and my WAN (public) IP address has been fixed as well (82.x.x.x) by my ISP. A port-forward for port 80 to this desktop has been added.

I can access the webpage from my LAN without problems, but I cannot access it using the WAN address, from inside or outside my home: I receive a "The webpage is not available - ERR_CONNECTION_REFUSED" from Chrome. Note that I can open my router using the WAN address (on another port).

The webpage itself is not much more than "index.html" with Hello World.

I tried turning of the iptables firewall, did not work. I tried a different port than 80, did not work. I have called by ISP and port 80 is not blocked. I have already Googled myself crazy. Does anyone have any suggestions on how to make the site accessible?

Answer 1

I solved it!

Thanks to Moonpoint I realised the problem was in the Port-Forwarding. So I took another look and noticed that for the port 80-rule, the "WAN Interface" was set to "ADSL" (default). I don't know what it means, so I never changed it. I tried different options and setting it to "ETHWAN" solved the issue. I can now access the webpage publicly and I've add a no-ip DDNS which also works.

EDIT: Now I learned the ETHWAN WAN interface was simply the one added to the router by my ISP and is the interface for glas fiber connection.

Answer 2

When you state you tried turning off the iptables firewall, but were unsuccessful, do you mean you disabled the iptables firewall, but still couldn't connect to the web server from an external IP address or do you mean you were unable to disable the host-based iptables firewall? Check the Apache access and error logs for your website to see if any attempt to access the system from an external IP address is logged in either of those files. Check your Apache /etc/httpd/conf/httpd.conf file. Do you have any section in it similar to the following anywhere in the file:

<Directory /home/www/example>
      Order Deny,Allow
      Deny from all
      Allow from 192.168 127.0.0.1
 </Directory>

In the example above, access from all but the localhost address, 127.0.0.1, and systems on the same LAN, i.e., 192.168.xxx.xxx, is disallowed. If you want to make the server accessible to the world, a "Deny from all" would be inappropriate.

You can isolate the problem to the Debian system on which you are running the Apache web server or the router where you set up port forwarding, provided there are no intervening pieces of network equipment, by using the tcpdump command on the Debian Linux system. Issue the command tcpdump -i any port 80 as root. That will cause tcpdump to look only for connections to port 80 on any interface, ignoring other traffic. Then try to connect to the web server from an external address. If tcpdump shows the traffic to port 80 reaching the Linux system then port forwarding is working correctly. If it doesn't you likely have an issue with port forwarding, so double-check that you are forwarding port 80 to the correct IP address for the web server.