Optonline http server

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Optonline http server

Post by Ambush Commander »

I got a clever idea: I've got a static IP address and a reasonable upload speed, so why not make my local SVN server available to the WWW (though still password protected)? This way, I can do development away from home!

So after much wrangling with port forwarding and Apache configuration, I finally opened up port 1990 to the public (80 and 8080, for reasons then unknown to me, didn't work). All was good.

Then, the next day, I attempted to access it, and it was borked! My IP address wouldn't respond! After much hacking, I realized that my ISP Optonline had blocked that port. I opened another one and things worked like a charm.

However, I suspect that I won't have that port much longer either. There's lots of possible ports to use, but it'll be a pain to have to reconfigure Apache every time one gets blocked. So I ask ye': is there any way to do equivalent functionality? Remote desktop is great, but occasionally LogMeIn is blocked and it's no good for file transfers.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Can't you find out the addresses your isp uses to probe your ports? This way you can deny those (usually a range).... while you (typically not in that range, since you're "away from home") can still use the service :)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Mmm... that would be really smart. I'll have to start paying closer attention to my logs then.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Apache hasn't reported any access attempts outside of IP addresses I know about. Does that mean they're not really probing, or that probing doesn't require Apache's involvement?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Apache would only report for the ports it listens to.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Yes, but Optonline wouldn't know about open webservers unless it probed the ports that Apache was listening too...
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Afaik apache only logs http request... All your isp has to do is send a tcp/ip packet with the syn bit set... And see if they recieve a packet with the syn/ack bit set back... from that point they can presume there is something running on that port...
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Yes, but presumably if they only check for open ports, they won't know whether or not a server is running there are not. The other possibility is that they block all open ports, but that's highly unlikely.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Has there been a flurry of incoming activity? They won't need to probe you if they can just look at their router logs and see lots of inbound connection attempts to your ip:80
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Nope. It's entirely personal, and I've only used to a few times before.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

You may want to give them a call... Running a personal server on your own personal connection that you are personally paying for shouldn't be against their TOS... They may just need to set a flag on your account to allow (certain) open ports (assuming it's an automated process on their end.)

Most ISP's, mine included (they block all in/out on port 25 and port 113 (smtp/pop) to servers other than their own, preventing me from running my own mail server, yet they've 'let' me run a web server for nearly 3 years now... huh?) block a lot of the standard server ports to prevent you from using your connection to run a terabyte kiddie porn ftp dump...

Most of the time, upgrading your account to a "business" class account will remove most of the restrictions (along with a little extra weight from your wallet)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Oh, this is rich. It's not my ISP. It's my Zone Alarm firewall! :oops: For some reason, it doesn't start blocking newly opened ports until I reboot, which is why the ports seem to close like hotcakes. I need to figure out to stop this while keeping the firewall up.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

/me slaps AC upside the head with a trout

ZA will let you open ports thru the firewall, just allow incoming connections to the port you have svn on... (you can also filter by ip address, so you can only allow work ip's thru)
Post Reply