LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-23-2010, 11:21 PM   #1
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Iptables Not allowing access to Apache in my Internal Network


I am setting up apache and trying to access from Internal network.It works fine while accessing from the Server itself.(No matter iptables are running or not)

Working fine while accessing from another Linux box from the internal network.(service iptables stop)


Problem:

Not Working while firewall is running.

Network setup

DSL MODEM ---->Linux Router--->WAP--->|APCHE and Linux BOX/MY LAPTOP


I am trying to access Apache from my laptop (IP 172.16.0.4)

1. via firefox (http://172.16.0.100)

Error
Firefox can't establish a connection to the server at 172.16.0.100.

2. Via Telnet

$telnet 172.16.0.100
Trying 172.16.0.100...
telnet: connect to address 172.16.0.100: No route to host


The give below is fire wall running on my apache


Code:
 iptables  -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
I have tried lot of things to change firewall.I could not successful. Any hint please..

Thanks

Last edited by KinnowGrower; 01-24-2010 at 11:15 AM. Reason: Solved
 
Old 01-24-2010, 03:12 AM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
your network config and iptables configs are required in order someone can help you.
"No route to host" are you sure all interfaces up and everything is routed as should? Check your routes first.
 
Old 01-24-2010, 09:00 AM   #3
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Original Poster
Rep: Reputation: 34
hi web thanks for reply

The main thing is

1.Ping works fine (Even the firewall is on/running)
2.I can access apache if firewall is not running.

So what i think, there must be something wrong with the firewall. Because it works fine while there is no firewall running. Is this understanding if mine is not correct?

Interface is up.here is the output
Code:
$ifconfig
eth0      Link encap:Ethernet  HWaddr 00:13:D3:FB:66:90  
          inet addr:172.16.0.100  Bcast:172.16.255.255  Mask:255.255.0.0
          inet6 addr: fe80::213:d3ff:fefb:6690/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6954 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4489 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:665247 (649.6 KiB)  TX bytes:587824 (574.0 KiB)
          Interrupt:17 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:82 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6820 (6.6 KiB)  TX bytes:6820 (6.6 KiB)
Even the ping works fine.

It will be great help if you can tell me which output/file i should show here for network/iptables configuration

The iptables are shown on the first post.

Thanks. please reply
 
Old 01-24-2010, 10:22 AM   #4
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS6
Posts: 267

Rep: Reputation: 57
Code:
 iptables  -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
The INPUT chain of iptables is processed sequentially and you have "REJECT all xxx " ahead of "ACCEPT tcp dpt:80". I would not expect the accept statement to be used.
 
Old 01-24-2010, 10:52 AM   #5
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Original Poster
Rep: Reputation: 34
Thanks for reply. I tried already to remove it.Ok . Here is firewall while i removed the rule for reject.

Code:
[root@ns ~]# iptables -D INPUT 7
[root@ns ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

The output for telnet is now changed from "No route to host" to "connection refused"

Code:
[varinder@station11 ~]$ telnet 172.16.0.100
Trying 172.16.0.100...
telnet: connect to address 172.16.0.100: Connection refused
any hint please
 
Old 01-24-2010, 11:09 AM   #6
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Original Poster
Rep: Reputation: 34
[Solved] Iptables Not allowing access to Apache in my Internal Network Edit Post

hi guys

It works now,

my mistake..

David you are right. I tired the same thing before. Means removed the 'Rejected rule'. But . i was not testing right. I was testing with...

$telnet 172.16.0.100

I was wrong

I was not testing.
telnet 172.16.0.100 80

Now when you told me .. i tried again and tested again same way.. I just clicked.. i should try the second command means with port..
It works

and with elink 172.16.0.100... Finally works

Great..

thanks for help

Last edited by KinnowGrower; 01-24-2010 at 11:12 AM. Reason: Solved
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing Internal Servers to access internet Swakoo Linux - Networking 6 04-20-2007 10:23 PM
Apache: Allowing IP Access and NameVirtualHost concurrently Swakoo Linux - General 4 08-27-2006 10:46 PM
Cannot access Apache webserver from internal network, but I can from outside... cj_thomas Linux - Networking 8 10-18-2004 01:18 AM
IPtables - cannot access internal webserver tantric Linux - Security 3 03-17-2004 02:20 AM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM


All times are GMT -5. The time now is 09:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration