Issues with CURL

pspravin · 04-28-2017, 02:08 PM

I have curl installed on Linux VM1: 129.146.22.160. I have nginx installed on linux VM2: 129.146.34.164. I am able to SSH from VM1 to VM2. I am able to ping from VM1 to VM2. I have CURL installed on VM1. When I try "curl -verbose 129.146.34.164", I get connection timeout. Below is the console output:
_____
[opc@vm04 ansible]$ curl -verbose 129.146.34.164
* About to connect() to 129.146.34.164 port 80 (#0)
* Trying 129.146.34.164...
* Connection timed out
* Failed connect to 129.146.34.164:80; Connection timed out
* Closing connection 0
curl: (7) Failed connect to 129.146.34.164:80; Connection timed out
[opc@vm04 ansible]$
_____
I am expecting to see the nginx welcome home page when I run curl from VM1.
I see the nginx homepage when I run "curl localhost" on VM2.

Please suggest.

hydrurga · 04-28-2017, 02:20 PM

Have you checked your firewall settings on VM2 to see if port 80 is blocked externally?

pspravin · 04-28-2017, 02:23 PM

How to check that, sorry I am new to Linux...

Here is what I tried on VM2: and looks like the port is fine:
[opc@lb01 ~]$ netstat -an | grep 80 | grep -i listen
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 25801 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 25804 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 25807 private/bounce
[opc@lb01 ~]$
Using username "opc".
Authenticating with public key "rsa-key-20170424"
Last login: Fri Apr 28 18:58:09 2017 from 67.124.172.254
[opc@lb01 ~]$ lsof -ni tcp:80
[opc@lb01 ~]$ netstat -nat | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
[opc@lb01 ~]$

AwesomeMachine · 04-28-2017, 02:53 PM

Well, use

Code:

$ sudo iptables -L

and check for http input. The machine can be listening on 80, but it can still be blocked.

pspravin · 04-28-2017, 02:59 PM

Thanks, I tried this command on VM2 and I dont see "http input". here is the output on VM2: https://gist.github.com/pspravin/5ec...76c0e553e1dae4

I also tried a command I found via google and the output is:

on VM1:
[opc@vm04 ansible]$ </dev/tcp/129.146.34.164/80 && echo Port is open || echo Port is closed

on VM2:
[opc@lb01 ~]$ </dev/tcp/localhost/80 && echo Port is open || echo Port is closed
Port is open

Does that mean I need to open port 80 so it can connect from VM1? If yes, how to do it?

hydrurga · 04-28-2017, 03:11 PM

On VM1, try:

Code:

sudo nmap -p 80 129.146.34.164

This will show if port 80 on VM2 is open in the eyes of VM1 (although I imagine that it will show it isn't, as per the original curl command).

pspravin · 04-28-2017, 03:14 PM

[opc@vm04 ansible]$ sudo nmap -p 80 129.146.34.164

Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-28 20:16 GMT
Nmap scan report for 129.146.34.164
Host is up (0.00034s latency).
PORT STATE SERVICE
80/tcp filtered http

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

How can I open port 80 on VM2, so that VM1 can see it?

hydrurga · 04-28-2017, 03:22 PM

Ok, back to first principles.

Which virtualisation package are you using? VMWare? VirtualBox? Another?

Which distros (and versions) are you running for VM1 and VM2?

Do you have selinux installed on either VM (run sestatus to find out).

pspravin · 04-28-2017, 03:31 PM

Virtual Machines:
Red Hat Enterprise Linux Server release 7.3 (Maipo)

[opc@db01 ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 29

hydrurga · 04-28-2017, 03:49 PM

Ok, thanks.

This guy here - http://stackoverflow.com/questions/3...nd-curl-doesnt - resolved a similar problem by disabling selinux and iptable_filter. It seems a bit over the top, but you could do that and then work backwards to see what is actually preventing the communication.

Given that you're using Red Hat, I assume that you have a licence with them - have you contacted them about this problem?

pspravin · 04-28-2017, 03:51 PM

Actually, we are currently piloting Ansible and devops. For that we have pilot cloud instance for few weeks and there is no support involved.

hydrurga · 04-28-2017, 03:52 PM

Quote:

Originally Posted by pspravin

Actually, we are currently piloting Ansible and devops. For that we have pilot cloud instance for few weeks and there is no support involved.

Ok, do you know how to disable selinux? If so, do that for both VMs (to be extra sure), and then try the curl again.

AwesomeMachine · 04-28-2017, 06:22 PM

Port 80 is not blocked by iptables. So, it must be selinux.

pspravin · 05-01-2017, 12:34 AM

selinux seems to be related to security of Linux. Is there any other impact if I turn this off? though this is a test instance, I am trying to be cautious, please suggest.

Jjanel · 05-02-2017, 03:59 PM

https://access.redhat.com/documentat...g_SELinux.html
https://major.io/2013/04/15/seriousl...abling-selinux
https://www.reddit.com/r/linux/comme...abling_selinux
&lots more links from: disable selinux rhel advice good|bad idea implications

Welcome to LQ; here's my current favorite post on LQ "how-to".
I enjoy learning on LQ, so looking forward to your future questions.

Let us know what you find as a solution (note ThreadTools at top).