If I set any service to listen on port 80, nothing can connect to it except from itself.

1. IPtables is stopped and SELinux is disabled.
2. "lsof -w -n -i tcp:80" confirms the port is listening
3. Can telnet to 127.0.0.1 and private IP 10.0.0.1 on port 80 only from the host itself
4. Cannot telnet to private IP 10.0.0.1 from any other LAN machine or indeed from the public IP which is mapped to the server's private IP.
5. If I switch apache to listen on any other port, say 8888, it works fine from both LAN and WAN inbound connections. Also, all other normal services are working from external connection on their standard ports, SSH 22, FTP 20/21, MYSQL 3306, even HTTPS 443 works. Just anything on port 80 fails to connect.
6. If I modify the config files for SSH or FTP to listen on port 80, the same behaviour is observed - can only connect from the host. Setting them to an other port such as 8888 works as expected externally.
7. Rootkit Hunter plus OSSec Rootcheck report all clean.
8. This server has been running 24/7 for 1.5 years and working fine up until a few days ago..

Any suggestions as to what on earth is blocking the port? Corrupt network software?


I'm about to embark on upgrading Fedora 8 to 9, 10, 11, 12 then 13 as I've tried everything else.

Thank you from Mr. Baffled

What program is listening on which addresses? Post the whole output of your lsof command.

Anything in dmesg or /var/log/messages?

wow, thanks for getting back so fast!

Currently I have Apache listening on 80:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 1575 root 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1704 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1705 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1706 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1707 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1708 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1709 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1710 apache 3u IPv4 3538 TCP *:http (LISTEN)
httpd 1711 apache 3u IPv4 3538 TCP *:http (LISTEN)


However, even if I stop Apache and change VSFTPD to listen on port 80, I still cannot connect. e.g.:

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
vsftpd 4277 root 3u IPv4 18932 TCP *:http (LISTEN)


Nothing obvious in dmesg or /var/log/messages.

Ok, so that's fine.

Are these consumer-grade switches / routers? If business-grade, it might be worth asking the network admin.

What does "iptables --list" return?

It's an amazon EC2 server so support is not available

upgraded to 9 - same problem. Currently upgrading to 10.. fingers crossed. If I get to 13 and it still not working I think I'll just rebuild a fresh EC2 image.

Will post iptable output once the upgrade has completed.

Thanks again for the input.

Just quick update. Fedora is running version 13 and still the same problem with port 80. I've raised a forum qustion with Amazon AWS as it must be a problem with the EC2 network infrastrucure rather than the actual server.

have u tried /etc/hosts.allow and /etc/hosts.deny?
add following in /etc/hosts.allow
httpd: <network ip u want to allow http for>
then save the file.
and try connecting again.
best of luck..

Good idea on the hosts.allow/deny - but no change I'm afraid. Throwing in the towel for now until Amazon get back to me. 99% sure it is something with their network.

It was Amazon blocking the port.

Sorry for the waste of time everyone