I run PHP/MySQL currently.
My home network is LAN'ed with an airport extreme bs
I am able to access PHP pages from the net.
All i did was open up port 80 and point it to the machine serving the pages, and turn websharing on.

Assuming you have done that

You may have something else wrong.

Thanks for the encouragement... would you be willing to go through your settings painstakingly... I suspect I have missed something really important.

As I mentioned in the first note... the site is visible everywhere on my LAN.... esp when I remember to add on the trailing "/"

Ok here are my settings

sys prefs>sharing>Services Personal File Sharing check,Personal Web Sharing check and Remote Login check

sys prefs>sharing>Firewall
Firewall On
Allow personal File Sharing , personal Web Sharing Remote Login
these are checked but greyed out
Alt Web Sharing 8888 checked... blue gumdrop and check

sys prefs>sharing Internet internet sharing off... (this is for using this mac as a wireless base?... I don't because I have a base.

airport admin Util>all settings>port mapping
public port 8888
priveat ip is 10.0.1.2
private port 80
I did not change any other settings in airport

it's the router between you and the internet.
You'll need to set up port forwarding in the nat table.

Now, what kind of router do you have between your lan and the www?
I can give specific instructions for a Cisco 677.

I have a cute little gadget calle Airport Extreme or is it Extream? Great device.

jasperx :
Is your internet connection connected *directly* to the AirPort Extreme?
That's a rather unusual setup in that case!
You really don't have any kind of box between the internet and the AirPort?

[apple.com...] step 2 in the sidebar to the right

It's that box (xDSL/Cable modem) between the internet and the AirPort that interests me.

I assume you can connect to the internet.
Go to : [grc.com...] - find the link to 'ShieldsUp', and on the ShieldsUp page press 'Probe My Ports!'

The cable enters the house and connectd directly to a cable modem.
The cable modem connects via CAT5 to the airport.
The airport connects wireless to a couple of pc and macs some w Asante cards and some with Apple cards.
The airport also is connected to a usb printer (Rendezvous) and to a standard ethernet hub.

All computers surf and share files and several can use the printer. The network works well

It's the cable modem - how is it set up :

What's the external IP-address on the Cable Modem?
Does the Cable Modem get a dynamic IP-address or is it a static IP-address?
Is the local part of your cable in effect a LAN? (the external IP-address of the Cable Modem will reveal this.)

I've no doubt that all of your computers surf very well :-)

The name of the game is, that it's *easy* to get at things from *inside* a LAN and connect to resources on the internet, while it's hard to get at computers on the inside of a LAN from the InterNet *unless* things are set up correctly.

To use an analogy : The cable modem is in effect a like a telephone switchboard. You call a companywide central number and get a person but you don't know which one and you don't care - that's the responsibilty of the swithcboard. If you want to connect to a particular person you need know the number for the local extension that you want to talk to.

Now, your case is further complicated by the fact that you actually have *two* switchboards : both the cable modem and the AirPort. If my memory serves me right there are two ways of setting up an AirPort : one where the ethernet port has an IP-address that's part of the same subnet as it dishes out through it's antenna (in your case 10.0.0.x) *or* it has an IP-address from another subnet (typically 192.168.1.x). In the first case we only have to deal with the cable modem situation. In the second case we also have to deal with the AirPort settings.

It's the cable modem - how is it set up :
What's the external IP-address on the Cable Modem?
I have been told not to post this but it is something like 12.211.##.#33

Does the Cable Modem get a dynamic IP-address or is it a static IP-address? I always thought it was dynamic but every time I look it is the same number and after multiple restarts... the cable company is having some trouble... the number is the same... I would expect that number to vary with all the folks on the neighborhood line taking their networks up and down lately.

Is the local part of your cable in effect a LAN? (the external IP-address of the Cable Modem will reveal this.) I am not sure how the number reveals this... I know that we can ping the number just fine.

To use an analogy : The cable modem is in effect a like a telephone switchboard. You call a companywide central number and get a person but you don't know which one and you don't care - that's the responsibilty of the swithcboard. If you want to connect to a particular person you need know the number for the local extension that you want to talk to.
Hmm... I have seen configuration browser interfaces for Linksys routers and I have played with my airport configuration a bit but I have never seen info or configuration set up for a cable modem. This puppy is labeled RCA and has a model number of DCM245. It is also clearly labeled with a Machine Address MAC.

Now, your case is further complicated by the fact that you actually have *two* switchboards : both the cable modem and the AirPort. If my memory serves me right there are two ways of setting up an AirPort : one where the ethernet port has an IP-address that's part of the same subnet as it dishes out through it's antenna (in your case 10.0.0.x) *or* it has an IP-address from another subnet (typically 192.168.1.x). In the first case we only have to deal with the cable modem situation. In the second case we also have to deal with the AirPort settings.
My airport has a LAN address of 10.0.0.1... just like the router for 10.0.0.0 should be. And it should have a WAN IP which I thought was that unchanging address assigned to us by the Cable company... or 12.211.xx.x33. If I understand what you are saying, the cable modem may actually have two IP address (like a router)?... one for my household on the network down the street... and another one which is the ip to the world... and what needs to be done is forward incoming traffic across that cable/router? I am going to have to find a way to discover info on this cable modem.

A bit of progress has been made: I was told to set my webserver up on my LAN with a manually assigned static IP... so I set it up as 10.0.1.201 in Network Prefs then I went over to Airport Admin and mapped port 80 requests to 10.0.1.201:80. Then I asked someone to check and they timed out... then I re-checked the Sheilds UP port prober at [grc.com...] It shows port 80 open! Earlier on all my ports were showing closed. So now I need to understand why my buddy cannot type in [12.211.xx.xx3...] and see my stuff?
If I type in [12.211.xx.xx3...] from another machine on my LAN it works great as does the 10.0.1.201/~pamelaparks. Which brings up a question... does the request for both of these url's travel the same path... that is to say, are both of these requests handled inside my LAN or is the request for 12.211...etc actually pass across the router and cable modem to one of the DNS for my isp and then get routed back?

Are you sure your ISP doesn't block :80? Set your server to another unused port when you get a chance.

A cable modem can function either like a modem or like a router

Anything that acts like a router has two IP-adresses: one on the outside/public port and another on the inside/private port(s)

What I would like you to do is to take the cat5 from the cable modem and attact it to one of your macs' ethernet port. Then open the Network Preference, and connect directly to the internet through the cable modem by-passing the AirPort.

Now, does a computer set up this way get a 12.211.xx.x33 address?

We have the following situations :

a) 12.211.xx.x33 <-> cable modem <-> 12.211.xx.x33
b) 12.211.xx.x33 <-> cable modem <-> 10.0.0.1
c) 12.211.xx.x33 <-> cable modem <-> 192.168.1.1

a) cable modem <-> 12.211.xx.x33 <-> AirPort
b) cable modem <-> 10.0.0.1 - 10.0.0.2 <-> AirPort
c) cable modem <-> 192.168.1.1 - 192.168.1.2 <-> AirPort

a) 12.211.xx.x33 <-> AirPort <-> 10.0.0.x
b) 10.0.0.2 <-> AirPort <-> 10.0.0.x
c) 192.168.1.2 <-> AirPort <-> 10.0.0.x

In case a) the external IP-number is simply passed through to the AirPort and the AirPort is the router between the WAN and the LAN. In that case we need to setup a NAT entry in the AirPort

In case b) the cable modem acts like a router while the AirPort acts like a transparent hub. In this case we need to set up a NAT entry in the cable modem.

In case c) both the cable modem and the AirPort act like routers. In this case we need to set up NAT entries in *both* the cable modem and the AirPort

This situation can be further complicated by the fact that your IPS might block requests to certain ports - notably 21, 25, 80, 110 and other well known services. Usually, this will also be reflected in your Terms Of Service that will specify that you aren't allowed to set up any server.

This can be circumvented by using high numbers on the ports and specify these explicitly in the request - like [12.211.xx.x33:7000...] - just like you tried in the other thread.

Now, this is a command to do this on a Cisco 677:
set nat entry add 10.0.0.5 80 12.211.xx.x33 7000 tcp
When I mess around with my Cisco I use a Telnet program, but most of these kind of routers also come with a web-interface so that you can just point your browser at the IP-address of the router/modem, login, and modify the settings.

The fact that ShieldsUp show por 80 open is most certainly due to the fact that the cable modem does indeed *itself* contain a webserver that is used for accessing it when changing the settings of the cable modem. It's just like shopping at a web-store with the cable modem being the web-store.

What I would like you to do is to take the cat5 from the cable modem and attact it to one of your macs' ethernet port. Then open the Network Preference, and connect directly to the internet through the cable modem by-passing the AirPort.

Now, does a computer set up this way get a 12.211.xx.x33 address?

The computer got a new address like 12.211.4x.x63 where before(and after) it is 12.211.3x.x33. So I don't follow how this fits with the a, b, c scenarios. I got a router IP which is the same 12.211.3x.1

Wouldn't it be like this?

external address on cable modem
12.211.4x.x63
internal address on cable modem
12.211.3x.1
external address on airport
12.211.3x.x33
internal address on airport
10.0.1.1
address pet machine
10.0.1.201

I tried browsing 12.211.4x.x63 with no luck.

The IP-number that grc.com / ShieldsUp gives you is the externally available IP-number.

The most likely scenario now seems to be a)
The fact that the AirPort and the computer got two different IP-numbers can simply be due to the fact that you connected two different entities to the cable modem. So when you connected the computer to the cable modem it said: "Hey! I haven't seen you before! Here's an IP-number for you!" And the AirPort got the old number back because it was remembered by the AirPort and thus simply was welcomed back as an old friend.

The whole block of addresses 12.0.0.0 - 12.255.255.255 belong to your ISP and are each and everyone ever only used for external IP-numbers.

Internal IP-numbers on the LAN only ever belong to 10.0.0.0 - 10.255.255.255 ; 192.168.0.0 - 192.168.255.255 ; and a third shorter group that eg Rendezvouz uses.

But as to the AirPort you ought to be able to see how it is set up and probe the IP-numbers on all of the ports through the adminstrative program that Apple supplies. You can find it in the Utilities folder in the Applications.

Now, there are some ways to mess a litte bit around with things if you don't mind experimenting a bit :-) I'll need to know the following before i start instructiong you in ways to tamper:
1) Do you have BBEdit 7 installed?
2) Do you have TinkerTool installed?

I have BBEdit 7 installed.
No Tinker Tool But
I am fairly comfortable with the terminal and familiar with many basic Unix commands... plus some VIM plus a little Awk, some sed, a wee bit of C and even less C++. If there are Unix commands which can report the settings on the airport, I would love to try them.

OK :-)
This relies on you having accepted that BBEdit installed the commandline tool.
In you haven't done that you can do it from the BBEdit preferences under 'Tools'

Now, open a Terminal and type the following:
cd /etc/httpd
sudo cp httpd.conf httpd.conf.myrescue
sudo bbedit httpd.conf

Go to about line 175 in the file BBEdit opened and find the Listen directive.
Insert both a 'Listen 7000' and a 'Listen 80' line ; and save the file again

In Terminal type:
sudo apachectl stop
sudo apachectl start

Now have you friend and a telephone handy.
Connect your computer with the webserver directly to the cable modem.
Open the network preferences panel and set the ethernet to dhcp
Call your friend and report the ip-number the computer get - should be in the 12.xxx.xxx.xxx range, and ask him/her to enter [<ip-number>...] in the url-bar. If that doesn't work the try [<ip-number>:7000...]

If either of or both of these works then we'll try to tackle the AirPort next :-)

Ok that was fun... I usually use VIM but it is much nicer to use the bbedit this way.

Results...

browsing the <ip Address> worked perfectly
browsing the <ip Address:80> worked perfectly
browsing the <ip Address:7000> did not work at all it timed out

So I opened the /etc/httpd/httpd.conf and checked no problem.

The problem was in the firewall... opened up 7000 and it worked. I did this in SysPrefs>Network>Firewall>Add

Here is something interesting... I have 8888 opened up in the firewall but not mechanically added to the httpd.conf... testing it gives an error "can't connect to server"

So it seems that setting something up in NetworkPrefs, Firewall is necessary but not sufficient... the httpd.conf must me manually set?

Ok... ready for next step.

these two are actually equivalent:
-- browsing the <ip Address> worked perfectly
-- browsing the <ip Address:80> worked perfectly
which means that http-webserving isn't blocked by the ISP
so we can actually forget everything about port 7000

That port 8888 didn't work is because we didn't insert a 'Listen 8888' in httpd.conf.

So - now for the AirPort!

Set up your network as you normally do.

In the Utilities folder in the Applications folder you've got the application 'Airport Admin Utility'. Start it.
Also, start the Network System Preferences.

Now, when you start the 'Airport Admin Utility' your AirPort should show up. Click the configure button. This will bring up a window. In this window you'll se a line labelled 'Public (WAN) IP-address' this ought to be the external IP-address as supplied by the cable modem : 12.211.xx.x33 or something.

Click on the bottom left button labelled 'show all settings' (note: I'm on a danish system, and working on the basis of translations of the danish labelling of things, so I might be inaccurate, but you ought to get the drift even though I might be a bit off :-) ) (note: My AirPort is the SnowWhite 801.11b version - there might be differences to your AirPort Extreme, but they ought to be minor)

Click on the second tab labelled : Internet. Write down the two DNS-server numbers.

Change to the Network Preference Pane. Note all of the settings.
In the settings for AirPort you change the configuration from DHCP to Manual. Any settings that changed has to be manually re-entered and the DNS-server field must be filled with the two numbers previously written down.

Back to the 'Airport Admin Utility'. The fourth panel should be labelled 'Porttransfer'. Press the 'Add' button and enter '80' for the public port, fill out the private address to reflect the IP of your webserver, enter '80' for private port. press 'OK' and then the 'Update' button.

You have now mapped your external 12.211.xx.x33:80 to the internal 10.0.0.xxx:80, and your associates ought to be able to connect to your webserver without any problems :-)

If you want to learn more about the Apache webserver, there are three simple ways:
1) read the httpd.conf file from end to end. The comments in it are!great! :-)
2) enter [localhost...]
3) go to [macdevcenter.com...] . There's a whole section about Apache

Set up your network as you normally do.
check

In the Utilities folder in the Applications folder you've got the application 'Airport Admin Utility'. Start it.
Also, start the Network System Preferences.
check
Now, when you start the 'Airport Admin Utility' your AirPort should show up. Click the configure button. This will bring up a window. In this window you'll se a line labelled 'Public (WAN) IP-address' this ought to be the external IP-address as supplied by the cable modem : 12.211.xx.x33 or something.
check
Click on the second tab labelled : Internet. Write down the two DNS-server numbers.
check
Change to the Network Preference Pane. Note all of the settings.
In the settings for AirPort you change the configuration from DHCP to Manual. Any settings that changed has to be manually re-entered and the DNS-server field must be filled with the two numbers previously written down.
check no changes were needed
Back to the 'Airport Admin Utility'. The fourth panel should be labelled 'Porttransfer'. Press the 'Add' button and enter '80' for the public port, fill out the private address to reflect the IP of your webserver, enter '80' for private port. press 'OK' and then the 'Update' button.
check no changes were needed
You have now mapped your external 12.211.xx.x33:80 to the internal 10.0.0.xxx:80, and your associates ought to be able to connect to your webserver without any problems
It failed exactly as it did before. So to summarize: when airport is not involved I get a different URL each time and we are able to use it to browse to my server. With airport I get the static IP which cannot be reached from the WAN.
 

Then, I must say I'm almost completely stumped!?! :-( But not beaten yet!.!.!

Before posting this previous piece of advise I tried it on my own network and got it to work perfectly!

What happens if you disconnect the AirPort from everything ; power it down ; power it up again ; power it down ; connect it properly again - and then finally power it up again. Let each power cycle be at least 5 minutes - just to make sure *everything* has been reset :-) You might even consider a hardware-reset (the AirPort manual describes how to perform such one)

At present my only advise is to try to set the airport up to forward port 7000 and 8888 too and see what happens (remember to modify httpd.conf for port 8888 ; and you can safely remove the 'Listen 80' (it's covered by the Port parameter at around line 315); also each and every time you modify httpd.conf you need to re-start Apache as described). There should be no problem in having all of these active at the same time. You might also try
public <-> private
8888 <-> 80
7000 <-> 80
etc - which should give no problem provided things are set up correctly: your friends ought to be able to access your web-server with <public-IP>:<public port> as long as you map the public port to a port on which Apache is set up to answer. Using these kinds of 'tricks' I've been able to run several web-servers on a LAN through a common WAN-IP ; I've even had two different web-servers running on *the*same* computer - just using different ports.

Now, the only other thing I can suggest is to test things completely locally by simulating a WAN setup. If you disconnect the AirPort from the WAN and restart it, it should get an IP-address like 169.254.159.xxx. Now connect another computer through ethernet to the AirPort WAN and manually give this computer an IP-number in the 169.254.159.xxx range. Then try to connect to the webserver from the test-computer using the AirPort WAN IP-address. You might need a crossed ethernet cable for this to work (just like in the old times when connecting two computers directly to each other through the modem-ports or the printer-ports :-) )

If all of this fails, them I think I must accept defeat :-( :-D

Don't give up yet!

There is news. I had a different helper check things for me this morning and I have different results to report.

The WAN address listed on the Airport Util Summary worked perfectly when typed into the browser like so
[12.211.3x.x33...] and also
[12.211.3x.x33...]

Oddly, what is not working is
[12.211.3x.x33:7000...] or
[12.211.3x.x33:8888...]

This is the content of the portmapping panel
Pub port >>> Private IP >>> Private Port
80 >>>>>>10.0.1.201 >>>>> 80
7000 >>>>>10.0.1.201>>>>> 80

In sys pref Network the IP is set manually to 10.0.1.201

In /etc/httpd.conf
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
#Listen 3000
#Listen 12.34.56.78:80
Listen 80
Listen 7000

and further down is this which I had not noticed before... could it be I need to add Port 7000 here as well?

# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 80

Great progress has been made. Persistance pays off! THANKS SO MUCH!

To clarify things :

The 'Listen' directive defines *additional* ports
The 'Port' directive defines the standard port

As far as I know you can only have one 'Port' directive, while you can have many 'Listen' directives, so adding 'Port 7000' is definitely an error. You can try it :-) If Apache doesn't like what you've done to httpd.conf it simply refuses to start.

The 'Listen 80' is superflous when you have 'Port 80', so 'Listen 80' can be removed from httpd.conf

Now :
1) 8888 doesn't work because
1a) it's not set up in the AirPort routing table
1b) there's no 'Listen 8888' directive in httpd.conf (see message #19)

2) did you remember to restart Apache after having modified httpd.conf?
That's the most common error people do - See message #17 for instructions.
httpd.conf is only ever read when Apache starts.

I probably should not have mentioned 8888... I knew it was not set up. But 7000 is set up and we cannot browse to [12.211.3x.x33:7000...] and this is what I do not understand.

Apache has been gracefully restarted 3 or 4 times since adding the Listen 7000 because I was in playing around later that day with allowing includes and SSI... All of those things are working nicely... and browsing to the IP is working but the special port 7000 is not working this am.

Now, you've gotten it to work on [12.211.3x.x33:80...]
This person that got things to work I assume was at his/her own home?

You might try the following in Terminal:
sudo netstat -an -p tcp ¦ grep LISTEN
(the ¦ is what you get when you type [alt/option]i and in Terminal it's unbroken)
If Apache is listening on port 7000 you'll have a line like this:
tcp4 0 0 *.7000 *.* LISTEN

Now, to maybe get port 7000 to work first try :
Start by making sure you've removed 'Listen 80' in httpd.conf
Apache might be choking on having both a Listen and Port directive
Restart Apache and test from WAN

If that didn't work try changing the settings in the AirPort :
Pub port >>> Private IP >>> Private Port
add : 7000 >>> 10.0.1.201 >>> 7000
remove : 7000 >>> 10.0.1.201 >>> 80

Can you send me a sticky with your complete WAN IP-address (that's allowed by the TOS :-) )? There are some things I'ld like to try from my end, like using telnet to probe your ports :-)

Also to just pick up on msg #18: If you have the firewall set up you'll have to explicitly allow every service and port. With your setup having an AirPort between your LAN and the internet, firewalls aren't necessary on the LAN - unless that is you don't trust the other persons on the LAN - as the AirPort functions like a de facto firewall, So, even though you allow a port to pass through the AirPort and tell Apache to accept traffic on that port, if the firewall doesn't allow it you still get no connection.

Now, just to make absolutely sure: the IP-address you get from grc.com and ShildsUp is the same as the AirPort reports on the WAN side?