Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RedHat from 4 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux, and lots of raspberry pi
Posts: 142
Rep:
Apache2 broken after updates - not responding
Hi
I have had apache2, php and mysql running nicely on an Ubuntu 5.04 server. When I set it up, I setup all of the above before doing the critical updates. It worked fine. I am running moregroupware - it was behaving fine. Then I applied the critical updates and it has stopped functioning.
ps -e shows apache2 is running, as is mysqld. Problem is that nothing connects to port 80 - either another PC or the server itself.
netstat -an shows the following:
tcp6 0 0 :::80 :::* LISTEN
Sadly I have no idea if this is right or not as I never needed to look at it before.
The server is internal facing only, has no direct internet connection and so had no firewall running. I have subsequently put one on in case it was a "patch" that blocked port 80, but it still is not functional.
***Just tried http://127.0.0.1 and it works. It will not work for the ip address (192,168.0.100). Still unsure where it has gone wrong, but at least apache is working (as is mysql and php).
Distribution: RedHat from 4 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux, and lots of raspberry pi
Posts: 142
Original Poster
Rep:
Oddly, there aren't any error messages! If I check the apache.log or the error.log there's nothing.
apache.log shows that I have accesses via 127.0.0.1
There was no firewall originally before it stopped, so I thought the update might have closed some ports. I put a firewall in place and opened the ports - I even tried with no firewall running.
I added additional lines to ports.conf (Listen 8000). Still didn't work!
Apache, php and mysql are all working ok via localhost, but no response on port 80 at all.
iptables -nL (only refs to port 80)
state RELATED, ESTABLISHED
ACCEPT all .. 10.0.0.0 0.0.0.0/0
ACCEPT tcp .. 10.0.0.0 0.0.0.0/0 tcp dpt:80
ACCEPT upd .. 10.0.0.0 0.0.0.0/0 upd dpt:80
LS al .. 0.0.0.0/0 0.0.0.0/0
I have changed the above also to give http access to all:
state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
LS all -- 0.0.0.0/0 0.0.0.0/0
Distribution: RedHat from 4 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux, and lots of raspberry pi
Posts: 142
Original Poster
Rep:
David
I might have found the problem - but I'm not sure why/how it happened and how to sort it out.
route gives me:
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
default 10.0.0.4 0.0.0.0 UG 0 0 0 eth0
10.0.0.4 is our own internal squid proxy on another server. There is absolutely no mention in the route table of the apache server's ip (10.0.1.1) unless localnet includes that address.
I think it should be in there as a 10.0.0.0 entry - as it's not, I guess that's why even on the apache server I cannot connect to 10.0.1.1
I have now managed to get the browser on the server to access 10.0.1.1 and that works to as well as 127.0.0.1 Still nothing available to any other pc. I have removed iptables and re-installed it. Open ports 80 to all -and still nothing.
I cannot ssh into the box either. It has to be some routing issue or firewall. I can't see how it could be firewall if I totally removed it (as in the package itself).
Still very much scratching my head on this one.
You wanted the firewall rules. Here they are:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.0.0.4 0.0.0.0/0 tcp flags:!0x16/0x02
ACCEPT udp -- 10.0.0.4 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
NR all -- !10.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 10.0.0.255
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
LS all -f 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
INBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown '
Chain NR (1 references)
target prot opt source destination
LS all -- 0.0.0.0/8 10.0.0.0/8
LS all -- 1.0.0.0/8 10.0.0.0/8
LS all -- 2.0.0.0/8 10.0.0.0/8
LS all -- 5.0.0.0/8 10.0.0.0/8
LS all -- 7.0.0.0/8 10.0.0.0/8
LS all -- 10.0.0.0/8 10.0.0.0/8
LS all -- 23.0.0.0/8 10.0.0.0/8
LS all -- 27.0.0.0/8 10.0.0.0/8
LS all -- 31.0.0.0/8 10.0.0.0/8
LS all -- 36.0.0.0/8 10.0.0.0/8
LS all -- 37.0.0.0/8 10.0.0.0/8
LS all -- 39.0.0.0/8 10.0.0.0/8
LS all -- 41.0.0.0/8 10.0.0.0/8
LS all -- 42.0.0.0/8 10.0.0.0/8
LS all -- 49.0.0.0/8 10.0.0.0/8
LS all -- 50.0.0.0/8 10.0.0.0/8
LS all -- 71.0.0.0/8 10.0.0.0/8
LS all -- 72.0.0.0/8 10.0.0.0/8
LS all -- 73.0.0.0/8 10.0.0.0/8
LS all -- 74.0.0.0/8 10.0.0.0/8
LS all -- 75.0.0.0/8 10.0.0.0/8
LS all -- 76.0.0.0/8 10.0.0.0/8
LS all -- 77.0.0.0/8 10.0.0.0/8
LS all -- 78.0.0.0/8 10.0.0.0/8
LS all -- 79.0.0.0/8 10.0.0.0/8
LS all -- 89.0.0.0/8 10.0.0.0/8
LS all -- 90.0.0.0/8 10.0.0.0/8
LS all -- 91.0.0.0/8 10.0.0.0/8
LS all -- 92.0.0.0/8 10.0.0.0/8
LS all -- 93.0.0.0/8 10.0.0.0/8
LS all -- 94.0.0.0/8 10.0.0.0/8
LS all -- 95.0.0.0/8 10.0.0.0/8
LS all -- 96.0.0.0/8 10.0.0.0/8
LS all -- 97.0.0.0/8 10.0.0.0/8
LS all -- 98.0.0.0/8 10.0.0.0/8
LS all -- 99.0.0.0/8 10.0.0.0/8
LS all -- 100.0.0.0/8 10.0.0.0/8
LS all -- 101.0.0.0/8 10.0.0.0/8
LS all -- 102.0.0.0/8 10.0.0.0/8
LS all -- 103.0.0.0/8 10.0.0.0/8
LS all -- 104.0.0.0/8 10.0.0.0/8
LS all -- 105.0.0.0/8 10.0.0.0/8
LS all -- 106.0.0.0/8 10.0.0.0/8
LS all -- 107.0.0.0/8 10.0.0.0/8
LS all -- 108.0.0.0/8 10.0.0.0/8
LS all -- 109.0.0.0/8 10.0.0.0/8
LS all -- 110.0.0.0/8 10.0.0.0/8
LS all -- 111.0.0.0/8 10.0.0.0/8
LS all -- 112.0.0.0/8 10.0.0.0/8
LS all -- 113.0.0.0/8 10.0.0.0/8
LS all -- 114.0.0.0/8 10.0.0.0/8
LS all -- 115.0.0.0/8 10.0.0.0/8
LS all -- 116.0.0.0/8 10.0.0.0/8
LS all -- 117.0.0.0/8 10.0.0.0/8
LS all -- 118.0.0.0/8 10.0.0.0/8
LS all -- 119.0.0.0/8 10.0.0.0/8
LS all -- 120.0.0.0/8 10.0.0.0/8
LS all -- 121.0.0.0/8 10.0.0.0/8
LS all -- 122.0.0.0/8 10.0.0.0/8
LS all -- 123.0.0.0/8 10.0.0.0/8
LS all -- 124.0.0.0/8 10.0.0.0/8
LS all -- 125.0.0.0/8 10.0.0.0/8
LS all -- 126.0.0.0/8 10.0.0.0/8
LS all -- 127.0.0.0/8 10.0.0.0/8
LS all -- 169.254.0.0/16 10.0.0.0/8
LS all -- 172.16.0.0/12 10.0.0.0/8
LS all -- 173.0.0.0/8 10.0.0.0/8
LS all -- 174.0.0.0/8 10.0.0.0/8
LS all -- 175.0.0.0/8 10.0.0.0/8
LS all -- 176.0.0.0/8 10.0.0.0/8
LS all -- 177.0.0.0/8 10.0.0.0/8
LS all -- 178.0.0.0/8 10.0.0.0/8
LS all -- 179.0.0.0/8 10.0.0.0/8
LS all -- 180.0.0.0/8 10.0.0.0/8
LS all -- 181.0.0.0/8 10.0.0.0/8
LS all -- 182.0.0.0/8 10.0.0.0/8
LS all -- 183.0.0.0/8 10.0.0.0/8
LS all -- 184.0.0.0/8 10.0.0.0/8
LS all -- 185.0.0.0/8 10.0.0.0/8
LS all -- 186.0.0.0/8 10.0.0.0/8
LS all -- 187.0.0.0/8 10.0.0.0/8
LS all -- 189.0.0.0/8 10.0.0.0/8
LS all -- 190.0.0.0/8 10.0.0.0/8
LS all -- 192.0.2.0/24 10.0.0.0/8
LS all -- 192.168.0.0/16 10.0.0.0/8
LS all -- 197.0.0.0/8 10.0.0.0/8
LS all -- 198.18.0.0/15 10.0.0.0/8
LS all -- 223.0.0.0/8 10.0.0.0/8
LS all -- 224.0.0.0/3 10.0.0.0/8
You should see the numeric version of route if you add a "-n" argument. I'm surprised the loopback address works though as it doesn't show in the routing table.
Your firewall ruleset looks rather complex and doesn't make sense in some places like the OUTPUT chain where you accept all for everywhere then drop all for everwhere later on.
Have you tried completely flushing the rules to accept all connections in order to eliminate it as a possibility:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
Distribution: RedHat from 4 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux, and lots of raspberry pi
Posts: 142
Original Poster
Rep:
Sorted!
The rules must have been doing something wrong. Flushed them - it works. For the timebeing I will leave the firewall off, but then manually config later.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
