LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 09-11-2010, 09:30 AM   #1
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Rep: Reputation: 0
Question Port 80 Blocked. Connects only from itself. Firewall and SELinux are off. Fedora 8


If I set any service to listen on port 80, nothing can connect to it except from itself.

1. IPtables is stopped and SELinux is disabled.
2. "lsof -w -n -i tcp:80" confirms the port is listening
3. Can telnet to 127.0.0.1 and private IP 10.0.0.1 on port 80 only from the host itself
4. Cannot telnet to private IP 10.0.0.1 from any other LAN machine or indeed from the public IP which is mapped to the server's private IP.
5. If I switch apache to listen on any other port, say 8888, it works fine from both LAN and WAN inbound connections. Also, all other normal services are working from external connection on their standard ports, SSH 22, FTP 20/21, MYSQL 3306, even HTTPS 443 works. Just anything on port 80 fails to connect.
6. If I modify the config files for SSH or FTP to listen on port 80, the same behaviour is observed - can only connect from the host. Setting them to an other port such as 8888 works as expected externally.
7. Rootkit Hunter plus OSSec Rootcheck report all clean.
8. This server has been running 24/7 for 1.5 years and working fine up until a few days ago..

Any suggestions as to what on earth is blocking the port? Corrupt network software?


I'm about to embark on upgrading Fedora 8 to 9, 10, 11, 12 then 13 as I've tried everything else.

Thank you from Mr. Baffled

Last edited by gumbojmg; 09-11-2010 at 09:40 AM.
 
Old 09-11-2010, 10:00 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,608

Rep: Reputation: 517Reputation: 517Reputation: 517Reputation: 517Reputation: 517Reputation: 517
Quote:
2. "lsof -w -n -i tcp:80" confirms the port is listening
What program is listening on which addresses? Post the whole output of your lsof command.

Anything in dmesg or /var/log/messages?
 
Old 09-11-2010, 10:07 AM   #3
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
wow, thanks for getting back so fast!

Currently I have Apache listening on 80:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 1575 root 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1704 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1705 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1706 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1707 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1708 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1709 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1710 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1711 apache 3u IPv4 3538 TCP *:http (LISTEN)


However, even if I stop Apache and change VSFTPD to listen on port 80, I still cannot connect. e.g.:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
vsftpd 4277 root 3u IPv4 18932 TCP *:http (LISTEN)


Nothing obvious in dmesg or /var/log/messages.
 
Old 09-11-2010, 11:07 AM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,608

Rep: Reputation: 517Reputation: 517Reputation: 517Reputation: 517Reputation: 517Reputation: 517
Ok, so that's fine.

Are these consumer-grade switches / routers? If business-grade, it might be worth asking the network admin.

What does "iptables --list" return?
 
Old 09-11-2010, 11:07 AM   #5
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
It's an amazon EC2 server so support is not available

upgraded to 9 - same problem. Currently upgrading to 10.. fingers crossed. If I get to 13 and it still not working I think I'll just rebuild a fresh EC2 image.

Will post iptable output once the upgrade has completed.

Thanks again for the input.

Last edited by gumbojmg; 09-11-2010 at 11:09 AM.
 
Old 09-12-2010, 04:00 AM   #6
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Just quick update. Fedora is running version 13 and still the same problem with port 80. I've raised a forum qustion with Amazon AWS as it must be a problem with the EC2 network infrastrucure rather than the actual server.
 
Old 09-12-2010, 06:12 AM   #7
aahiqmir
Member
 
Registered: Apr 2008
Posts: 54

Rep: Reputation: 15
Quote:
Originally Posted by gumbojmg View Post
If I set any service to listen on port 80, nothing can connect to it except from itself.

1. IPtables is stopped and SELinux is disabled.
2. "lsof -w -n -i tcp:80" confirms the port is listening
3. Can telnet to 127.0.0.1 and private IP 10.0.0.1 on port 80 only from the host itself
4. Cannot telnet to private IP 10.0.0.1 from any other LAN machine or indeed from the public IP which is mapped to the server's private IP.
5. If I switch apache to listen on any other port, say 8888, it works fine from both LAN and WAN inbound connections. Also, all other normal services are working from external connection on their standard ports, SSH 22, FTP 20/21, MYSQL 3306, even HTTPS 443 works. Just anything on port 80 fails to connect.
6. If I modify the config files for SSH or FTP to listen on port 80, the same behaviour is observed - can only connect from the host. Setting them to an other port such as 8888 works as expected externally.
7. Rootkit Hunter plus OSSec Rootcheck report all clean.
8. This server has been running 24/7 for 1.5 years and working fine up until a few days ago..

Any suggestions as to what on earth is blocking the port? Corrupt network software?


I'm about to embark on upgrading Fedora 8 to 9, 10, 11, 12 then 13 as I've tried everything else.

Thank you from Mr. Baffled
have u tried /etc/hosts.allow and /etc/hosts.deny?
add following in /etc/hosts.allow
httpd: <network ip u want to allow http for>
then save the file.
and try connecting again.
best of luck..
 
Old 09-12-2010, 08:12 AM   #8
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Good idea on the hosts.allow/deny - but no change I'm afraid. Throwing in the towel for now until Amazon get back to me. 99% sure it is something with their network.
 
Old 09-12-2010, 03:46 PM   #9
gumbojmg
LQ Newbie
 
Registered: Sep 2010
Posts: 7

Original Poster
Rep: Reputation: 0
It was Amazon blocking the port.

Sorry for the waste of time everyone
 
  


Reply

Tags
blocked, disabled, fedora, firewall, port, selinux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux has blocked my internet prashant.saraf Linux - Security 13 03-14-2009 04:49 AM
gsm connection keeps hanging: blocked by SELinux? Hairyloon Linux - Wireless Networking 1 10-15-2008 12:55 PM
SELinux AVC denial: Wireless drops instantly or never connects vprice Linux - Wireless Networking 8 05-04-2008 08:15 AM
fedora core 7 selinux / firewall problems akirafan Linux - Security 3 08-07-2007 02:38 AM
fetchmail is blocked by SELinux marozsas Fedora 4 05-16-2006 04:07 AM


All times are GMT -5. The time now is 05:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration