Find the answer to your Linux question:
Results 1 to 3 of 3
Dear All, I am a newbie to linux of 4 weeks. I set up my first web server and it works flawlessly - when accessed from external network or from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5

    Cannot access the web server from the computer running apache


    Dear All,

    I am a newbie to linux of 4 weeks. I set up my first web server and it works flawlessly - when accessed from external network or from other computers on my lan. However, I cannot access it from the computer where the server is run on. I have found numerous people with similar problems but the flavour I am experiencing is somewhat different and no solutions I have found apply to it.

    I have two network interfaces on my server, eth0 (public static IP connected to internet directly) and eth1 connected to LAN 192.168.1.0/24 range. The server is 192.168.1.1. It is connected directly to the internet and serves as a SNAT for other comps on the lan.

    I added "192.168.1.1 www_server_com" to the /etc/hosts on the server and also on the other machines on the LAN. All the other machines can open website without any problem.

    HOwever, the server itself only opens website if the address is localhost. Internal IP, i.e. 192.168.1.1. gets a time out and so does www_server_com ( I cant use dots as I do not have more than 15 posts on the forum )

    Here is the firewall script I am using.

    #!/bin/sh
    #
    # Example Firewall Script

    ################################################## #############
    ### Define interfaces here
    EXT_DEV=eth0
    INT_DEV=eth1
    INT_NET=192.168.1.0/24

    ### Remove all previous rules, and delete any user defined chains
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X

    ### Set the default policies to drop
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    ### Loopback device OK
    iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
    iptables -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

    ### Allow all ICMP Traffic (optional) - IN, OUT and THROUGH.
    iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
    iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT
    iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT

    ### Allow all Internal traffic to Server
    iptables -A INPUT -i $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
    iptables -A OUTPUT -o $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT

    ################################################## #############
    ### OUTBOUND Rule: Allow ALL packets out the external device
    iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
    iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT

    ################################################## #############
    ### SNAT forwarding
    iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j SNAT --to-source XX.XX.XX.XX


    ################################################## #############
    ### INBOUND Rule: Allow ALL EXT packets if a connection already exists (See "NEW" Inbound Rules)
    iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT


    #
    ### INBOUND Rules: Allow ONLY NEW packets on these ports.
    #

    # New INBOUND Connection: Samba from eth1
    iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 139 -j ACCEPT
    iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 445 -j ACCEPT
    iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
    iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT

    # New INBOUND Connection: SMTP and SMTPS (over TLS/SSL)
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT

    # New INBOUND Connection: POP3 (port 110) or POP3S (port 995)
    #iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 110 -j ACCEPT
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 995 -j ACCEPT

    # New INBOUND Connection: IMAP (port 143) or IMAPS (port 993)
    #iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 143 -j ACCEPT
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 993 -j ACCEPT

    # New INBOUND Connection: HTTP (Plain and SSL)
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
    iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT

    Also my ifconfig
    eth0 Link encap:Ethernet HWaddr 00:19:66:44:52:7C
    inet addr:XX.XX.XX.XX Bcast:78.86.19.255 Mask:255.255.252.0
    inet6 addr: fe80::219:66ff:fe44:527c/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:940457 errors:0 dropped:0 overruns:0 frame:0
    TX packets:541291 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1169028965 (1.0 GiB) TX bytes:45205637 (43.1 MiB)
    Interrupt:19 Base address:0xc000

    eth1 Link encap:Ethernet HWaddr 00:22:756:B8:F1
    inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::222:75ff:fed6:b8f1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:527091 errors:3 dropped:0 overruns:0 frame:3
    TX packets:921701 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:37146646 (35.4 MiB) TX bytes:1159517489 (1.0 GiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:161 errors:0 dropped:0 overruns:0 frame:0
    TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:23162 (22.6 KiB) TX bytes:23162 (22.6 KiB)



    I do not understand why the record in etc/hosts doesn't point it in the right direction. It seems that when I open address 192.168.1.1 it still gets routed to the external network. I have seen using DNAT to deal with the problem but it didn't work in my case (maybe I didn't do it correctly). I have spent whole evening/night trying to sort it out, it's 4AM now, going to bed frustrated and angry (at myself hahaha). Still like linux very much, won't be going to windows anymore. Please help

  2. #2
    Just Joined!
    Join Date
    May 2008
    Location
    Bangalore, India
    Posts
    24
    you need to put the iptables rule for port 80 and 443 for localhost.

    also put for local ip, to accept request.

  3. #3
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    Hello Sanjeevt,

    Thanks for your reply. I added these lines to iptables.

    iptables -A INPUT -i 192.168.1.1 -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
    iptables -A INPUT -i 192.168.1.1 -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT
    iptables -A INPUT -i 127.0.0.1 -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
    iptables -A INPUT -i 127.0.0.1 -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT


    I think they will be repetitive as there is already a setting to accept the traffic from my internal network device. Unfortunately, they do not make any difference and I cant see my website.
    However, when I turn off the iptables everything is working. So there has to be some problem with the way it is set. Please help.

    REgards,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •