iptables fubared?

Bill Shirley bshirley at memphis.apirx.biz
Thu Oct 4 23:52:20 UTC 2012 

Check your listen statement in  /etc/httpd/conf/httpd.conf.  It should be:
Listen 8080

If that is correct, run tcpdump (ctrl+c to quit) and then try externally 
connecting :
tcpdump -n -i eth0 port 80 or port 8080

If you get traffic on port 8080 then you have an iptables problem.

Bill


On 10/4/2012 3:45 PM, Mark Space wrote:
> Hi all, I'm having a bit of trouble setting up a new web server. The 
> last time I set up up it went smoothly, but for some reason I can't 
> connect to the HTTP port on this one.
>
> Any clues what I'm missing?
>
> I can:
>
> 1. SSH into my server from an external workstation.
> 2. Ping my server by DNS name from an external workstation.
> 3. I can load the default web page when I'm SSH'd in, this works fine:
> |$ wget localhost
> --2012-10-04 17:44:35--  http://localhost/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 2432 (2.4K) [text/html]
> Saving to: âindex.html.1â
>   
> 100%[======================================>] 2,432       --.-K/s   in 0s
>   
> 2012-10-04 17:44:35 (183 MB/s) - âindex.html.1â
> |
>
> However, I cannot connect via HTTP externally, even using the  IP address:
>
> 4. Unable to connect Firefox can't establish a connection to the 
> server at 54.243.205.88.
>
> I'm not sure where I could have fubared this. I did try to redirect 
> the ports from 80 to 8080, perhaps that was done incorrectly?
>
> |[ec2-user at domU-12-31-39-0A-A0-29 ~]$ sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>   
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>   
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [ec2-user at domU-12-31-39-0A-A0-29 ~]$ sudo iptables -t nat -L -n -v
> Chain PREROUTING (policy ACCEPT 21 packets, 1608 bytes)
>   pkts bytes target     prot opt in     out     source               destination
>    150  7600 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
>   
> Chain INPUT (policy ACCEPT 171 packets, 9208 bytes)
>   pkts bytes target     prot opt in     out     source               destination
>   
> Chain OUTPUT (policy ACCEPT 45 packets, 3625 bytes)
>   pkts bytes target     prot opt in     out     source               destination
>      2   120 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 8080
>      0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            10.211.163.215       tcp dpt:80 redir ports 8080
>   
> Chain POSTROUTING (policy ACCEPT 47 packets, 3745 bytes)
>   pkts bytes target     prot opt in     out     source               destination
> |
>
>
> I thought this should be exactly the same as the last time I did it, 
> so I don't know why it wouldn't work.
> Here's the script I used to set up the iptables:
>
> iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT  
> --to-ports 8080
> iptables -t nat -A OUTPUT -d 10.211.163.215 -p tcp --dport 80 -j 
> REDIRECT  --to-ports 8080
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT 
> --to-ports 8080
> /etc/init.d/iptables save
> /etc/init.d/iptables restart
>
>
> I'm completely at a loss how to troubleshoot this further, any advice 
> is much appreciated.
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121004/821d6e52/attachment.html>

More information about the users mailing list