mysterious port 80 blockage

4

1

Okay, this has really stumped us.

This all takes place on an internal LAN - no routers involved. A computer running Windows 7 has an application that serves a webpage for users. It seems to be an Apache http server plain on port 80.

This has worked fine everyday for over a year, until this morning when users complained they couldn't reach it. I first checked to see if I could ping from around the LAN. No problem. I was able to see the home page locally on the computer itself. NMAP shows port 80 not open. Netstat says port 80 is listening.

When I connect to this computer with a cross-over cable to laptop I can see the website fine. When I try to connect through switch no go. Wireshark shows packets sent, not responded to.

I've tried a different NIC (USB NIC), swapping cables, using different switchports, restarting application and computer.

Any suggestions as to what might be going on, or how to troubleshoot further? Windows firewall seems open for http.

phildh3

Posted 2015-11-07T06:19:19.797

Reputation: 41

have you tried another switch port? I've had lightening events knock one port out, leaving the rest of the switch functioning. is the switch manageable enough to specify linkspeed/duplex? if so, do they match the settings on the server? set the nic to auto negotiate if you cannot manage the switch. – Frank Thomas – 2015-11-07T06:29:47.640

1When you used the crossover cable, you probably had to put in the web server's IP address, because you didn't have DNS or an /etc/hosts file set up on that isolated network, right? So could it be a DNS or hostname problem? Maybe your DNS server is pointing that hostname at the wrong IP address. – Spiff – 2015-11-07T07:19:19.583

2Check if windows update installed anything over night. This reeks of firewalling – Linef4ult – 2015-11-07T10:59:02.823

1Maybe other host on LAN got the same IP address of the server? Can you confirm if arp table shows the correct mac address? – None – 2015-11-07T23:33:13.750

@Spiff If it were a hostname problem, that would affect ping, too. – Barmar – 2015-11-14T01:17:44.797

@Linef4ult The firewall would affect access with the crossover cable, wouldn't it? – Barmar – 2015-11-14T01:18:47.350

Does Wireshark on the server show packets received? – Barmar – 2015-11-14T01:19:41.273

@GillesSilvano suggestion of duplicate IP sounds like the most likely cause. – Barmar – 2015-11-14T01:20:08.287

@Barmar First, OP didn't say he used a hostname to ping. Second, if the DNS server pointed the hostname at the wrong IP address, the host at that address may have been responding to the ping, and OP wouldn't have known the "wrong" host was responding. Third, not all "hostname problems" are DNS problems, per se. For example, if a web server wasn't configured to recognize a certain hostname in the HTTP/1.1 "Host:" header, it might fail to respond to HTTP requests for that hostname. – Spiff – 2015-11-16T20:18:17.747

Good points, except the last one. Since name-based virtual hosting happens at the application level, he would see the connection succeed in Wireshark, and get some kind of HTTP error. – Barmar – 2015-11-16T20:24:50.633

Answers

1

I'd bet my bottom dollar that Windows Firewall is only allowing inbound connection on port 80 for a specific profile (domain vs. private vs. public). The reason it worked with the crossover cable is that Windows considered that a different network with a different profile.

Open Windows Firewall with Advanced Security (wf.msc). Select Inbound Rules then, under Action, click New Rule. Set up a port-based rule for TCP 80, and set the firewall to allow it. Then enable the rule for all types of networks:

When does this rule apply?

Give the rule a name, then hit Finish. It should take effect immediately, but restarting the machine or just Apache wouldn't hurt.

Ben N

Posted 2015-11-07T06:19:19.797

Reputation: 32 973

Asked: 2015-11-07T06:19:19.797

Viewed: 81 times

Active: 2015-12-26T21:08:06.283