Cannot access the web server from the computer running apache
Dear All,
I am a newbie to linux of 4 weeks. I set up my first web server and it works flawlessly - when accessed from external network or from other computers on my lan. However, I cannot access it from the computer where the server is run on. I have found numerous people with similar problems but the flavour I am experiencing is somewhat different and no solutions I have found apply to it.
I have two network interfaces on my server, eth0 (public static IP connected to internet directly) and eth1 connected to LAN 192.168.1.0/24 range. The server is 192.168.1.1. It is connected directly to the internet and serves as a SNAT for other comps on the lan.
I added "192.168.1.1 www_server_com" to the /etc/hosts on the server and also on the other machines on the LAN. All the other machines can open website without any problem.
HOwever, the server itself only opens website if the address is localhost. Internal IP, i.e. 192.168.1.1. gets a time out and so does www_server_com ( I cant use dots as I do not have more than 15 posts on the forum :-))
Here is the firewall script I am using.
#!/bin/sh
#
# Example Firewall Script
################################################## #############
### Define interfaces here
EXT_DEV=eth0
INT_DEV=eth1
INT_NET=192.168.1.0/24
### Remove all previous rules, and delete any user defined chains
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
### Set the default policies to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
### Loopback device OK
iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
### Allow all ICMP Traffic (optional) - IN, OUT and THROUGH.
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT
### Allow all Internal traffic to Server
iptables -A INPUT -i $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
iptables -A OUTPUT -o $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
################################################## #############
### OUTBOUND Rule: Allow ALL packets out the external device
iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT
################################################## #############
### SNAT forwarding
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j SNAT --to-source XX.XX.XX.XX
################################################## #############
### INBOUND Rule: Allow ALL EXT packets if a connection already exists (See "NEW" Inbound Rules)
iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
#
### INBOUND Rules: Allow ONLY NEW packets on these ports.
#
# New INBOUND Connection: Samba from eth1
iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 139 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 445 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
iptables -A INPUT -i $INT_DEV -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
# New INBOUND Connection: SMTP and SMTPS (over TLS/SSL)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT
# New INBOUND Connection: POP3 (port 110) or POP3S (port 995)
#iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 110 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 995 -j ACCEPT
# New INBOUND Connection: IMAP (port 143) or IMAPS (port 993)
#iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 143 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 993 -j ACCEPT
# New INBOUND Connection: HTTP (Plain and SSL)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT
Also my ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:66:44:52:7C
inet addr:XX.XX.XX.XX Bcast:78.86.19.255 Mask:255.255.252.0
inet6 addr: fe80::219:66ff:fe44:527c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:940457 errors:0 dropped:0 overruns:0 frame:0
TX packets:541291 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1169028965 (1.0 GiB) TX bytes:45205637 (43.1 MiB)
Interrupt:19 Base address:0xc000
eth1 Link encap:Ethernet HWaddr 00:22:75:D6:B8:F1
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::222:75ff:fed6:b8f1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:527091 errors:3 dropped:0 overruns:0 frame:3
TX packets:921701 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37146646 (35.4 MiB) TX bytes:1159517489 (1.0 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:161 errors:0 dropped:0 overruns:0 frame:0
TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:23162 (22.6 KiB) TX bytes:23162 (22.6 KiB)
I do not understand why the record in etc/hosts doesn't point it in the right direction. It seems that when I open address 192.168.1.1 it still gets routed to the external network. I have seen using DNAT to deal with the problem but it didn't work in my case (maybe I didn't do it correctly). I have spent whole evening/night trying to sort it out, it's 4AM now, going to bed frustrated and angry (at myself hahaha). Still like linux very much, won't be going to windows anymore. Please help
