LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (http://www.linuxquestions.org/questions/fedora-35/)
-   -   Port 80 Blocked. Connects only from itself. Firewall and SELinux are off. Fedora 8 (http://www.linuxquestions.org/questions/fedora-35/port-80-blocked-connects-only-from-itself-firewall-and-selinux-are-off-fedora-8-a-831551/)

gumbojmg 09-11-2010 09:30 AM

Port 80 Blocked. Connects only from itself. Firewall and SELinux are off. Fedora 8
 
If I set any service to listen on port 80, nothing can connect to it except from itself.

1. IPtables is stopped and SELinux is disabled.
2. "lsof -w -n -i tcp:80" confirms the port is listening
3. Can telnet to 127.0.0.1 and private IP 10.0.0.1 on port 80 only from the host itself
4. Cannot telnet to private IP 10.0.0.1 from any other LAN machine or indeed from the public IP which is mapped to the server's private IP.
5. If I switch apache to listen on any other port, say 8888, it works fine from both LAN and WAN inbound connections. Also, all other normal services are working from external connection on their standard ports, SSH 22, FTP 20/21, MYSQL 3306, even HTTPS 443 works. Just anything on port 80 fails to connect.
6. If I modify the config files for SSH or FTP to listen on port 80, the same behaviour is observed - can only connect from the host. Setting them to an other port such as 8888 works as expected externally.
7. Rootkit Hunter plus OSSec Rootcheck report all clean.
8. This server has been running 24/7 for 1.5 years and working fine up until a few days ago..

Any suggestions as to what on earth is blocking the port? Corrupt network software?


I'm about to embark on upgrading Fedora 8 to 9, 10, 11, 12 then 13 as I've tried everything else.

Thank you from Mr. Baffled :)

AlucardZero 09-11-2010 10:00 AM

Quote:

2. "lsof -w -n -i tcp:80" confirms the port is listening
What program is listening on which addresses? Post the whole output of your lsof command.

Anything in dmesg or /var/log/messages?

gumbojmg 09-11-2010 10:07 AM

wow, thanks for getting back so fast!

Currently I have Apache listening on 80:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 1575 root 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1704 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1705 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1706 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1707 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1708 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1709 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1710 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1711 apache 3u IPv4 3538 TCP *:http (LISTEN)


However, even if I stop Apache and change VSFTPD to listen on port 80, I still cannot connect. e.g.:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
vsftpd 4277 root 3u IPv4 18932 TCP *:http (LISTEN)


Nothing obvious in dmesg or /var/log/messages.

AlucardZero 09-11-2010 11:07 AM

Ok, so that's fine.

Are these consumer-grade switches / routers? If business-grade, it might be worth asking the network admin.

What does "iptables --list" return?

gumbojmg 09-11-2010 11:07 AM

It's an amazon EC2 server so support is not available :)

upgraded to 9 - same problem. Currently upgrading to 10.. fingers crossed. If I get to 13 and it still not working I think I'll just rebuild a fresh EC2 image.

Will post iptable output once the upgrade has completed.

Thanks again for the input.

gumbojmg 09-12-2010 04:00 AM

Just quick update. Fedora is running version 13 and still the same problem with port 80. I've raised a forum qustion with Amazon AWS as it must be a problem with the EC2 network infrastrucure rather than the actual server.

aahiqmir 09-12-2010 06:12 AM

Quote:

Originally Posted by gumbojmg (Post 4094347)
If I set any service to listen on port 80, nothing can connect to it except from itself.

1. IPtables is stopped and SELinux is disabled.
2. "lsof -w -n -i tcp:80" confirms the port is listening
3. Can telnet to 127.0.0.1 and private IP 10.0.0.1 on port 80 only from the host itself
4. Cannot telnet to private IP 10.0.0.1 from any other LAN machine or indeed from the public IP which is mapped to the server's private IP.
5. If I switch apache to listen on any other port, say 8888, it works fine from both LAN and WAN inbound connections. Also, all other normal services are working from external connection on their standard ports, SSH 22, FTP 20/21, MYSQL 3306, even HTTPS 443 works. Just anything on port 80 fails to connect.
6. If I modify the config files for SSH or FTP to listen on port 80, the same behaviour is observed - can only connect from the host. Setting them to an other port such as 8888 works as expected externally.
7. Rootkit Hunter plus OSSec Rootcheck report all clean.
8. This server has been running 24/7 for 1.5 years and working fine up until a few days ago..

Any suggestions as to what on earth is blocking the port? Corrupt network software?


I'm about to embark on upgrading Fedora 8 to 9, 10, 11, 12 then 13 as I've tried everything else.

Thank you from Mr. Baffled :)

have u tried /etc/hosts.allow and /etc/hosts.deny?
add following in /etc/hosts.allow
httpd: <network ip u want to allow http for>
then save the file.
and try connecting again.
best of luck..

gumbojmg 09-12-2010 08:12 AM

Good idea on the hosts.allow/deny - but no change I'm afraid. Throwing in the towel for now until Amazon get back to me. 99% sure it is something with their network.

gumbojmg 09-12-2010 03:46 PM

It was Amazon blocking the port.

Sorry for the waste of time everyone :(


All times are GMT -5. The time now is 05:02 PM.