Find the answer to your Linux question:
Results 1 to 5 of 5
Installed Fedora 15's webserver option with Apache. Works great from local host, I can see my index.html by entering "localhost" into URL. I can also ssh to the machine on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2012
    Posts
    40

    Question APACHE - can only see ?/html by "localhost", how to access by remote?


    Installed Fedora 15's webserver option with Apache.
    Works great from local host, I can see my index.html
    by entering "localhost" into URL.

    I can also ssh to the machine on my local network by
    typing I.P. address assigned by my cablemodem/hub/router,
    however website (10.0.0. is online but isn't responding to connection attempts is message from my explorer from same machine I telnet from. No attempt at access has appeared on my apache webserver within the logs. Some forums suggested client side windows firewall may be the problem, so I also turned that off. no avail. httpd.conf seems to be set for allow all.

    ************************************
    ------->>>> How to I veiw my website from my remote workstation on my local network by ip address?
    *************************************


    (secondary question, would be neat to access the website from it's fedora hotspot setting, but hotspot doesn't appear to broadcast when I turn it on)

  2. #2
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    173
    I split my time between Fedora and Ubuntu desktops, so I have a somewhat similar system to reference. But I'm using Fedora 17 at this point and 15 was pretty long ago for me. So I don't remember what firewall software was included and whether or not it was enable by default. Before you worry about that though, here's how I suggest you verify that the Apache server is actually doing what you want. Check to see what IP's have processes listening for connections on port 80.

    Code:
    netstat -an | awk '/^Proto.*Local/ || $NF == "LISTEN"'
    Check for lines where the "Local Address" value ends in ":80" and those are your active webservers. If the IP address is "0.0.0.0:80" then you're all set. If all you see is "127.0.0.1:80" then the Apache server is only listening for connections on the loopback interface. If you don't see the results you want, then your Apache configuration needs to be changed.

    Assuming you do see a "0.0.0.0:80" line, then I suggest checking to see if you have a firewall that's blocking the connections. Here's where I have to note that your FC15 system might be different from my FC17 one... But try this anyway and see if it works. Either "su" to use "sudo" to run this command to list the configured firewall rules on your system.

    Code:
    iptables -v --list
    If it does list a bunch of rules, you're looking for one that has "state NEW tcp dpt:http", meaning it applied to new connections received trying connect to your "http" service. If the "target" for that rule is "ACCEPT" then your firewall will allow the connection. Otherwise it will be blocked unless there's some wide-open rule that applies.

    Now you might get an error of some kind since your system might be using a different firewall (I believe Fedora comes with another, newer, option then "iptables"). Or you may not have any firewall enabled at all. But if you have a webserver that's listening on all IP addresses and you're not seeing anything in the logs other then localhost requests, then something is blocking the requests.

    You can also try hitting the webserver from the Fedora system on the non-loopback address with "curl" or even a browser. Just find the IP address (using "ifconfig -a" or some other command), then go to "http://192.168.XX.XX" (whatever the IP address is) and see what happens. That will rule out any external factors.

  3. #3
    Just Joined!
    Join Date
    Nov 2012
    Posts
    40
    I had edited the LISTEN in httpd.conf to listen to 10.0.0.8:80 so ->


    [root@rd conf]# netstat -an | awk '/^Proto.*Local/ || $NF == "LISTEN"'
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
    tcp 0 0 10.0.0.8:80 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:41524 0.0.0.0:* LISTEN
    tcp 0 0 10.42.0.1:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp6 0 0 :::59663 :::* LISTEN
    tcp6 0 0 :::111 :::* LISTEN
    tcp6 0 0 :::22 :::* LISTEN
    tcp6 0 0 :::443 :::* LISTEN


    [root@rd conf]# iptables -v --list
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:bootps
    0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:bootps
    0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:domain
    0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:domain
    28M 40G ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
    0 0 ACCEPT icmp -- any any anywhere anywhere
    2582 187K ACCEPT all -- lo any anywhere anywhere
    7 1520 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
    11504 944K REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- any wlan0 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- wlan0 any 10.42.0.0/24 anywhere
    0 0 ACCEPT all -- wlan0 wlan0 anywhere anywhere
    0 0 REJECT all -- any wlan0 anywhere anywhere reject-with icmp-port-unreachable
    0 0 REJECT all -- wlan0 any anywhere anywhere reject-with icmp-port-unreachable
    3 984 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited



    THEN I WENT IN AN CHANGED IT BACK TO 0.0.0.0:80 (in httpd.conf)
    (NOTE COMMANDS SUCH AS “systemctl httpd restart” or “apachectl restart” have no effect,
    “httpd -k restart” does work however)

    Now nestat does return a 0.0.0.0:80 tcp. If I’m reading the iptables everything is allowed?” however I don’t see http specifically listed, I do see ssh which I am using to connect to the linix box from my workstation. Suppose I need to add http specifically? Thinking that my APACHE install might be off or need tweaked?

    [root@rd conf]#
    [root@rd conf]#
    [root@rd conf]#
    [root@rd conf]# systemctl httpd restart
    Unknown operation httpd
    [root@rd conf]# apachectl status
    ELinks: Connection refused
    [root@rd conf]# systemctl httpd restart
    Unknown operation httpd
    [root@rd conf]# httpd -k restart

    httpd not running, trying to start
    [root@rd conf]#
    [root@rd conf]# netstat -an | awk '/^Proto.*Local/ || $NF == "LISTEN"'
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:41524 0.0.0.0:* LISTEN
    tcp 0 0 10.42.0.1:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp6 0 0 :::59663 :::* LISTEN
    tcp6 0 0 :::111 :::* LISTEN
    tcp6 0 0 :::22 :::* LISTEN
    tcp6 0 0 :::443 :::* LISTEN
    [root@rd conf]# ifconfig -a
    em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.0.0.8 netmask 255.255.255.0 broadcast 10.0.0.255
    inet6 fe80::ee9a:74ff:fefb:fe3d prefixlen 64 scopeid 0x20<link>
    ether ec:9a:74:fb:fe:3d txqueuelen 1000 (Ethernet)
    RX packets 28269994 bytes 40793822418 (37.9 GiB)
    RX errors 0 dropped 1631 overruns 0 frame 0
    TX packets 13492050 bytes 1043697196 (995.3 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
    inet 127.0.0.1 netmask 255.0.0.0
    loop txqueuelen 0 (Local Loopback)
    RX packets 5808 bytes 491103 (479.5 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 5808 bytes 491103 (479.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.42.0.1 netmask 255.255.255.0 broadcast 10.42.0.255
    inet6 fe80::e6d5:3dff:fe69:a8d4 prefixlen 64 scopeid 0x20<link>
    ether e4:d5:3d:69:a8:d4 txqueuelen 1000 (Ethernet)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 48 bytes 8138 (7.9 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    [root@rd conf]# ls
    httpd.conf magic
    [root@rd conf]#

    [root@rd conf]#
    [root@rd conf]# ifconfig -a
    em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.0.0.8 netmask 255.255.255.0 broadcast 10.0.0.255
    inet6 fe80::ee9a:74ff:fefb:fe3d prefixlen 64 scopeid 0x20<link>
    ether ec:9a:74:fb:fe:3d txqueuelen 1000 (Ethernet)
    RX packets 28278655 bytes 40806454429 (38.0 GiB)
    RX errors 0 dropped 1631 overruns 0 frame 0
    TX packets 13496163 bytes 1044078907 (995.7 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
    inet 127.0.0.1 netmask 255.0.0.0
    loop txqueuelen 0 (Local Loopback)
    RX packets 5808 bytes 491103 (479.5 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 5808 bytes 491103 (479.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.42.0.1 netmask 255.255.255.0 broadcast 10.42.0.255
    inet6 fe80::e6d5:3dff:fe69:a8d4 prefixlen 64 scopeid 0x20<link>
    ether e4:d5:3d:69:a8:d4 txqueuelen 1000 (Ethernet)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 48 bytes 8138 (7.9 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    [root@rd conf]#


    SO!!! If I’m reading it all right, says all good (besides missing the specific reference in the netstat allow. Guess question is how to I specifically add the allow or open the http and https ports? (would be easy for me to reinstall 17 and do all over, but I’m thinking WOW would be awesome for us to know how to do this.

    Great advice so far btw!!!!

  4. #4
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    173
    Looks like you figured out the Apache config part, so congrats on that piece...

    The output from "iptables" can be a little confusing at first but it's pretty simple once you know how to interpret all the fields. From what you've listed it looks like incoming HTTP requests are blocked. There are a couple of rules in the output that might appear to be very broad at first glance, like this one.

    Code:
      28M   40G ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    And does mean the system will accept packet of "any" protocol from any source/destination pair. But the bit at the end means the rule only applies to established connections and connections "related" to other connections, for protocols like FTP that start secondary connections be design. So it doesn't mean incoming HTTP requests are allowed.

    You can add a rule to allow incoming requests to that port to let the requests pass through the firewall with the "iptables" command. I'm probably being too OCD about this, but I would add it before the last rule in the INPUT chain. That's easy enough with the "--insert" option of the "iptables" command once you have the "rule number" of the last entry. To get that you can either count the lines in the output yourself or just run this command.

    Code:
    iptables -n -v --list-rules --line-numbers
    From that, remember the rule number listed next to the last one in the INPUT chain (meaning the "if none of the above, then REJECT" rule). For the sake or argument let's say that's rule #9. So I'll use that in the command to insert a new rule, so change it if you get another rule number.

    To add a rule that allows new connections to port 80, at least on my Fedora system, this would be the command syntax.

    Code:
    iptables -v --insert INPUT 9 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    If you get an error, then your "iptables" might use different syntax. If so run "iptables --list-rules" to see the exactly command arguments needed to recreate your current rules. And then check "man iptables" and plow through the info. It's dense and lengthy but there's good info in there.
    Last edited by cnamejj; 11-09-2012 at 12:02 AM. Reason: English grammar challenge failed, corrected for the win!

  5. #5
    Just Joined!
    Join Date
    Nov 2012
    Posts
    40
    Beautiful cnamejj!!! Works Great, oh well no more excuses of not working on it. Heehee!!!! YEAH now I have to do some Perl programming, my last job was spoiled by having network administrators, must be like 15 years since I’ve done this kinda stuff. AWESOME THANKS, RESOLVED!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •