iptables fubared?
Bill Shirley
bshirley at memphis.apirx.biz
Thu Oct 4 23:52:20 UTC 2012
Check your listen statement in /etc/httpd/conf/httpd.conf. It should be:
Listen 8080
If that is correct, run tcpdump (ctrl+c to quit) and then try externally
connecting :
tcpdump -n -i eth0 port 80 or port 8080
If you get traffic on port 8080 then you have an iptables problem.
Bill
On 10/4/2012 3:45 PM, Mark Space wrote:
> Hi all, I'm having a bit of trouble setting up a new web server. The
> last time I set up up it went smoothly, but for some reason I can't
> connect to the HTTP port on this one.
>
> Any clues what I'm missing?
>
> I can:
>
> 1. SSH into my server from an external workstation.
> 2. Ping my server by DNS name from an external workstation.
> 3. I can load the default web page when I'm SSH'd in, this works fine:
> |$ wget localhost
> --2012-10-04 17:44:35-- http://localhost/
> Resolving localhost... 127.0.0.1
> Connecting to localhost|127.0.0.1|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 2432 (2.4K) [text/html]
> Saving to: âindex.html.1â
>
> 100%[======================================>] 2,432 --.-K/s in 0s
>
> 2012-10-04 17:44:35 (183 MB/s) - âindex.html.1â
> |
>
> However, I cannot connect via HTTP externally, even using the IP address:
>
> 4. Unable to connect Firefox can't establish a connection to the
> server at 54.243.205.88.
>
> I'm not sure where I could have fubared this. I did try to redirect
> the ports from 80 to 8080, perhaps that was done incorrectly?
>
> |[ec2-user at domU-12-31-39-0A-A0-29 ~]$ sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> [ec2-user at domU-12-31-39-0A-A0-29 ~]$ sudo iptables -t nat -L -n -v
> Chain PREROUTING (policy ACCEPT 21 packets, 1608 bytes)
> pkts bytes target prot opt in out source destination
> 150 7600 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
>
> Chain INPUT (policy ACCEPT 171 packets, 9208 bytes)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 45 packets, 3625 bytes)
> pkts bytes target prot opt in out source destination
> 2 120 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 8080
> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 10.211.163.215 tcp dpt:80 redir ports 8080
>
> Chain POSTROUTING (policy ACCEPT 47 packets, 3745 bytes)
> pkts bytes target prot opt in out source destination
> |
>
>
> I thought this should be exactly the same as the last time I did it,
> so I don't know why it wouldn't work.
> Here's the script I used to set up the iptables:
>
> iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT
> --to-ports 8080
> iptables -t nat -A OUTPUT -d 10.211.163.215 -p tcp --dport 80 -j
> REDIRECT --to-ports 8080
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-ports 8080
> /etc/init.d/iptables save
> /etc/init.d/iptables restart
>
>
> I'm completely at a loss how to troubleshoot this further, any advice
> is much appreciated.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121004/821d6e52/attachment.html>
More information about the users
mailing list