LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-27-2008, 10:58 PM   #1
samohn
Member
 
Registered: Aug 2008
Posts: 55

Rep: Reputation: 15
Is there any Linux firewall setting which mayprevent apache from accepting connection


Hi, I have set up apache server on Fedora core 9 box. The connection to the server from the inside of the box is fine, but the apache can not receive connection from the outside of the box. I have worked very hard to find what causes the problem, but I could not. I eventually suspect that there may be some security setting such as firewall on the Fedora core 9 box, which blocks network connections to a web server (apache). I searched on google and found that system-config-securitylevel may be the tool to configure the firewall, but I could not find out how to do it. Or, maybe, there may be different reasons for the web server connection problem. I want to know what causes the problem and how to fix it. I will appreciate any suggestions and opinions.

Thank you in advance

P.S.

The below is the explanation of how I have tested the web server.

Currently I am testing the web server within a LAN. I tried to access the web server from one of a pc in the LAN which runs Windows XP pro.
The server can be found by ping from the PC, and also the PC can be found by ping from the server. There is apache running on the PC as well, and I can access the apache on the pc from the server.

I monitored packets to the server by tcpdump command. when I access the apache on the server from the pc, I could see the packets reached the server box, but the apache did not respond.

I also run telnet from the pc to access the web server on the server box, but the connection to the web server was failed although the packets could reach the web server box.
 
Old 08-27-2008, 11:09 PM   #2
mjmwired
Member
 
Registered: Apr 2004
Distribution: CentOS6, CentOS5, F16, F15, Ubuntu, OpenSuse
Posts: 620

Rep: Reputation: 39
Login as root, and run:
# /etc/init.d/iptables stop

Then test your webserver again.
 
Old 08-28-2008, 01:55 AM   #3
cmx08
Member
 
Registered: Aug 2008
Location: Malaysia
Distribution: Fedora Core
Posts: 35

Rep: Reputation: 15
service iptables status - see the firewall status
service iptables stop - stop firewall
 
Old 08-28-2008, 02:44 AM   #4
samohn
Member
 
Registered: Aug 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Hi thank you very much for your help. I did it and I could access the web server from the PC.
Now I know the firewall caused the problem, but how should I set up the firewall? I am going to search for how to do it, but if you can help me, please let me know it.


Sam
 
Old 08-28-2008, 03:39 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by samohn View Post
Hi thank you very much for your help. I did it and I could access the web server from the PC.
Now I know the firewall caused the problem, but how should I set up the firewall? I am going to search for how to do it, but if you can help me, please let me know it.
There's tons of iptables tutorials all over the Web. You basically just need to execute some iptables commands and then when you are happy with the configuration you do a "service iptables save" to make it stick. You might want to look into an iptables front-end while you are still learning iptables, though. Something like Shorewall perhaps.
 
Old 08-29-2008, 12:01 AM   #6
samohn
Member
 
Registered: Aug 2008
Posts: 55

Original Poster
Rep: Reputation: 15
I could find very good resources to learn iptables and tried following iptables commands,but I still have problem to access the web server from a pc on LAN if iptables is valid. Why the commands below did not help to allow www access to the firewall?


----------------------------------------
Below is what I did to set up iptables:

To set up iptables to Allow WWW and SSH access to the firewall I executed the following command (note: I do not use SSH at this point yet):
#---------------------------------------------------------------
# Allow previously established connections
# - Interface eth0 is the internet interface
#---------------------------------------------------------------

iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED \
-j ACCEPT

#---------------------------------------------------------------
# Allow port 80 (www) and 22 (SSH) connections to the firewall
#---------------------------------------------------------------

iptables -A INPUT -p tcp -i eth0 --dport 22 --sport 1024:65535 \
-m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 \
-m state --state NEW -j ACCEPT

I run the following command to save the changes on the iptables:

#service iptables save
 
Old 08-29-2008, 12:22 AM   #7
samohn
Member
 
Registered: Aug 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Thank you for the everybody who is helping me.

So far I tried to learn iptables and tried some iptables commands. Now I feel I am moving towards right direction, but have not succeeded yet. The commands I run did not help to set up the iptables correctly to allow www trafic from the out side of the server. I thought these iptables commands make sense and do not understand why they did not work as I expected...

Besides, I want to try shorewall.

Sam
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Accepting only external requests metallica1973 Linux - Server 4 08-12-2008 01:35 AM
Freshly installed Debian 4.0 only accepting ssh connection from PuTTY. Zombie13 Debian 12 07-23-2007 03:16 PM
setting-up an xserver connection with remote host through local firewall. schatoor Linux - Security 5 02-02-2006 11:11 AM
tcp/ip multithreaded server stops accepting connection debjyotidas Linux - Networking 2 07-23-2004 01:51 AM


All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration