I was hoping someone else would respond to your post, it could be a looonng discussion! :) I run a very similar setup, RH Fedora/Apache 2 serving a lan behind a firewall/router, serving to 2 W2K maxchines. (Caution: I'm far from an expert but my setup works!)

My approach was to get Apache serving pages locally to my RH box, then to add other systems on the lan.

First, realize that Virtual Hosts are used to serve multiple domain names from one IP. Since you have no domain names and will operate locally, restore these setting to their defaults and leave them alone.

Next, insure that your Hosts file contains "127.0.0.1 localhost" which maps the name "localhost" to the "loopback" port. RH normally sets this to "127.0.0.1 localhost.localdomain localhost", if so, there is no need to change it.

Now insert (or revise) these in your hosts.allow file (note: substitute your local (RH box) IP for the XXXs in my examples):
ALL: 127.0.0.1 192.168.XXX.XXX
ALL: localhost

Change the webmaster email address to yourusername@localhost.

Here are the key settings I'm using for Apache:

Listen 192.168.XXX.XXX:80
Listen 127.0.0.1:80

ServerName 192.168.XXX.XXX:80

<Directory "/">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride All
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

<Directory "/var/www/html/phpMyAdmin">
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride None
Order allow,deny
Allow from 127.0.0.1
Allow from localhost
</Directory>

<Directory "/var/www/manual">
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

<Directory "/var/www/cgi-bin">
Options +ExecCGI
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

You may not have all of these directories depending on what RH options you've installed and so you may not need to define them all as I've shown. Also, your "Options" and "AllowOveride" directives may need to be tuned depending on how you use your server.

On your RH box, try surfing to localhost and you should see a page. From your XP box, try surfing to the IP of the RH box, in other words, [192.168.XXX.XXX...] and you should see a page.

Good luck!

Ok... thanks!
I'll try that right away.
:D

YES YES YES!
It works!
I owe you deeply man.. ;)

I put all the info in the /etc/httpd/conf/httpd.conf file.
Then I tried surfing to it, but it didn't work. After a lot of tries I realised that my httpd service had been shut of somehow. I've turned it on now and it works fine from the localhost. Now I'm going to let the other computers on the network have access.

Thanks again!
//Tommy

Good work!

REMEMBER, after changing httpd.conf, you will need to restart Apache to force it to reread your revised config file and load your configuration changes. If I had a dollar for every time I've forgotten to restart... ;)

Hmmm... Like is said, I got it working on the localhost. Now I added my XP Ipadress and hostname to hosts.allow and the httpd.conf. But when I surf to [192.168.****.xxx...] I only get an Apache test-page (In the /var/www/html/ folder, i've put a file called index.html). If I try to click on any of the links on the testpage, I get "Access denied" error 403. How do I fix this little problem? (I guess I somehow haven't given access to the localhost from my xp pc.)

//Tommy

Restore httpd.conf to exactly what I provided. Notice the "Allow from 192.168.XXX" lines. This will permit Apache to serve to any IP in the range from 192.168.XXX.0 to 192.168.XXX.255.

hosts.allow controls access to all Internet services on your RH box including Apache. You can read about what Red Hat calls TCP Wrappers for some background. Simply add the IPs you want to access your server to your hosts.allow. For example, I use:
ALL: 127.0.0.1 192.168.AAA.AA?
so IPs in the range 192.168.AAA.AA0 to 192.168.AAA.AA9 can access my Internet services.

You could simply change yours to:
ALL: 127.0.0.1 192.168.XXX.YYY 192.168.XXX.ZZZ
where Y=the last 3 digits of your RH box and Z=the last 3 digits of your XP box. This limits access to just 2 IPs, and that's good from a security point of view.

I edited httpd.conf so that it says like you said it should: 192.168.****
Then I edited hosts.allow:
ALL: 127.0.0.1 192.168.xxx.xxx 192.168.xxx.xxx 192.168.xxx.xxx 192.168.xxx.xxx (and so on for all the pc's in my network to have access, including the server)
ALL: localhost

Then, when I restart the httpd service, I get an error message about the listen ports... So i start deleting the listen ports that the service is complaining, which leaves me with... nothing! It still complains!
That did I do wrong?

Perhaps you made a typo but 192.168.**** is NOT the same as 192.168.XXX

Go back and set up EVERYTHING EXACTLY as detailed in message 2.

Confirm that Apache serves pages to the localhost, on the RH box. When that is working properly, don't change it! The Apache is configured.

Then we'll begin allowing access from other systems, a little at a time. Let me know when you are ready to add a system.

[edited by: DaveAtIFG at 3:36 am (utc) on Jan. 2, 2004]

Be aware that Red Hat uses its own directory structure by default for its Apache installation. For example, the httpd.conf file is located in the /etc/httpd/conf directory.

I highly recommend that you Buy the book Linux Toys by Negus and Wolber. Chapter 12 goes into great detail about this.

:)

Well I type triple x, but this forum seems to change it into stars... hmmm....

Well I set everything EXACTLY as you told me in MSG 2... But I still get an error: httpd failed. The error was: Starting httpd: (99)Cannot assign requested adress: make_sock: could not bind to adress 192.168.****.xxx:80
no listening sockets available, shutting down. [FAILED]

Somethings wrong... but what?

//Tommy
//Happy new Year! =)

Could the IP address for your RH box have changed? If I remember correctly, ifconfig is the command to dump your box's current connection parameters.

If not, did you start configuring as described in message 2 from the original httpd.conf or from a file that may have had other changes made to it?

If neither of these is the problem, it must be something external to Apache blocking it's port access.

Ah! Alas, you were right again! :P
The IP-adress had changed... but I don't know why.
I'll change the files to fit the new IP and then post when I'm done and tested.

//Tommy

DHCP = Dynamic Host Control Protocol. "Dynamic" is the part that gets ya! ;)

Whenever I cycle power on my router, the IPs associated with it's ports often (but not always!) change...

It's up and started...
Now, to add access...

//Tommy

Okay! I've added access for the localhost!
How do I put in access for my other computers?

//Tommy

Revise your hosts.allow file. For now, add one IP that is on your LAN. For example:
ALL: 127.0.0.1 192.168.XXX.XXX

On Windows the command is ipconfig to check a system's IP address.

Insure that any firewall software on the RH machine AND the Win machine is disabled.

Surf to your server from the Win machine, for example:
[192.168.XXX.XXX...]

<added>I just read that hosts.allow and hosts.deny rules may fail unless a blank line is included after the last rule. Edit each file and add a couple blank lines.

Also, for our purposes, hosts.deny should contain:
ALL: ALL
blank line
</added>

Are you using your router as a DHCP server? If so, you may be able to log into it and tell it to always assign a certain computer (MAC address) a certain IP address.

My Netgear router (RP614) has that capability and now my web server always has the same address. It's under LAN IP Setup -> Address Reservation.

Hmm... I've tried setting a static IP, but my gateway hasn't got that function! =(
Okay, I've got it working on my XP computer. Now, I've got a gateway with the ip 192.168.XXX.XXX. I have forwarded the ports so that when people type my "external" IP (Given by ISP), they get forwarded to the server. So far, so good! When they are forwarded, they come to the "Testpage for Apache". I've set access for the gateway, and I hoped that would do the job. But apparently it didn't!

//Tommy

You might want to check to see if your ISP allows servers to be setup at home. Most do not and to set one up would violate your agreement with them.

For example, Cox does periodic port scans to see if their subscribers are setting up servers. If it finds one, they automatically block that port at the IP so that any requests coming in to your IP on , for example, port 80 would be stopped.

To get around this most people set up their web server, mail server, ssh, etc. on an unused, obscure port number. But to do so would require the visitors to know that port number ahead of time.

When you started this thread, you said you planned to serve to your LAN.

In order to serve to the world, you will need to add your gateway IP to each of the Directories you want to serve, in your httpd.conf, for example change:
<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride All
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
</Directory>

to:
<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride All
Order allow,deny
Allow from 192.168.XXX
Allow from 127.0.0.1
Allow from localhost
Allow from gateway IP here
</Directory>

Add the "allow line" for each directory you want to share with the world.

Also, you will need to add your gateway IP to your hosts.allow file.

As far as I'm concerned, you're now on your own since I've never made my server available beyond my LAN and don't plan to. You should be reasonably safe from having your server hacked in it's present state, but if you begin adding services such as FTP or Telnet, you're begging to be hacked.

Good luck.

Okay, thanks m8!
I'll try and experiment for a while.

//Tommy