LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   accessing apache from lan (https://www.linuxquestions.org/questions/linux-newbie-8/accessing-apache-from-lan-649865/)

mizos13 06-17-2008 06:48 AM
accessing apache from lan
 
i am having problems accessing web pages on my fedora 9 machine. I can access it by going to localhost from the fedora machine, but i can not do so by the entering the ip address in a browser address bar on a client machine; ex: going to 192.168.166.112 (ip of fedora). I sense that it's something system wide not specific to apache, since i have a tomcat web application that uses port 8080 and i am experiencing the same behavior; i can access the pages locally, but not from a client machine. Note that i can ping the machine from other machines on the lan.

linuxlover.chaitanya 06-17-2008 06:51 AM
Is the apache on fedora running? And what port is it running if it is?

pinniped 06-17-2008 06:53 AM
Did you check to see what interface you're binding to? If you're only binding to the local loopback device, remote machines will not get a response when they attempt an http connection.

farslayer 06-17-2008 07:12 AM
might also want to look at firewall rules..

#iptables -L

mizos13 06-17-2008 07:40 AM
access from lan
 
apache is running on fedora 9 on port 80. pinneped, how do u check interface binding?

here is the result of iptables -L

[root@webserver ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT ah -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:radius
ACCEPT udp -- anywhere anywhere state NEW udp dpt:radius-acct
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

farslayer 06-17-2008 11:29 AM
Apache docs on Binding

mizos13 06-18-2008 12:17 PM
i read the apache bind docs then commented the <virtualhost tag in httpd.conf and apache worked right away. but i have an installation for a software that uses tomcat, and it listens on port 8080. I can't get that to work, seems to be the same issue but i don't know how to handle this for tomcat, anyone? any clue?

farslayer 06-18-2008 12:55 PM
It looks like you do not have a firewall rule that allows a connection on port 8080 to start with... If you are connecting from an external machine to port 8080 then you need to address that issue first.

mizos13 06-18-2008 01:38 PM
i have the firewall and selinux disabled. it's a machine on the local network not exposed to the internet.

farslayer 06-18-2008 02:32 PM
so iptables -L no longer shows the output you posted above ? just verifying..

mizos13 06-18-2008 03:06 PM
the iptables command was ran after the firewall and selinux were disabled.

farslayer 06-18-2008 03:56 PM
a firewall showing that output doesn't appear to be disabled..

This is an empty/disabled firewall rule set..
Code:
it-etch:~# iptables -L

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
Notice how yours lists rules for specific protocols ? http, https, etc.. Your list has quite a few entries.. inclkuding a REJECT ALL at the bottom for anything that wasn't specifically allowed. ..

you may want to try iptables -F to flush the rule set for testing.. (provided there is an external firewall or NAT router between this box and the internet)

then try iptables -L again and your output should mirror what I have posted above..

if so try connecting to the box again on port 8080

mizos13 06-19-2008 06:38 AM
thanks
 
farslayer, thanx for your help i got it to work after i flushed iptables. why was this step needed though? shouldn't iptables be flushed right after i disable the firewall?


All times are GMT -5. The time now is 07:29 PM.