LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-28-2017, 02:08 PM   #1
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Rep: Reputation: Disabled
Issues with CURL


I have curl installed on Linux VM1: 129.146.22.160. I have nginx installed on linux VM2: 129.146.34.164. I am able to SSH from VM1 to VM2. I am able to ping from VM1 to VM2. I have CURL installed on VM1. When I try "curl -verbose 129.146.34.164", I get connection timeout. Below is the console output:
_____
[opc@vm04 ansible]$ curl -verbose 129.146.34.164
* About to connect() to 129.146.34.164 port 80 (#0)
* Trying 129.146.34.164...
* Connection timed out
* Failed connect to 129.146.34.164:80; Connection timed out
* Closing connection 0
curl: (7) Failed connect to 129.146.34.164:80; Connection timed out
[opc@vm04 ansible]$
_____
I am expecting to see the nginx welcome home page when I run curl from VM1.
I see the nginx homepage when I run "curl localhost" on VM2.

Please suggest.
 
Old 04-28-2017, 02:20 PM   #2
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
Have you checked your firewall settings on VM2 to see if port 80 is blocked externally?
 
Old 04-28-2017, 02:23 PM   #3
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
How to check that, sorry I am new to Linux...

Here is what I tried on VM2: and looks like the port is fine:
[opc@lb01 ~]$ netstat -an | grep 80 | grep -i listen
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 25801 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 25804 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 25807 private/bounce
[opc@lb01 ~]$
Using username "opc".
Authenticating with public key "rsa-key-20170424"
Last login: Fri Apr 28 18:58:09 2017 from 67.124.172.254
[opc@lb01 ~]$ lsof -ni tcp:80
[opc@lb01 ~]$ netstat -nat | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
[opc@lb01 ~]$

Last edited by pspravin; 04-28-2017 at 02:25 PM.
 
Old 04-28-2017, 02:53 PM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Well, use
Code:
$ sudo iptables -L
and check for http input. The machine can be listening on 80, but it can still be blocked.
 
Old 04-28-2017, 02:59 PM   #5
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks, I tried this command on VM2 and I dont see "http input". here is the output on VM2: https://gist.github.com/pspravin/5ec...76c0e553e1dae4

I also tried a command I found via google and the output is:

on VM1:
[opc@vm04 ansible]$ </dev/tcp/129.146.34.164/80 && echo Port is open || echo Port is closed

on VM2:
[opc@lb01 ~]$ </dev/tcp/localhost/80 && echo Port is open || echo Port is closed
Port is open

Does that mean I need to open port 80 so it can connect from VM1? If yes, how to do it?
 
Old 04-28-2017, 03:11 PM   #6
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
On VM1, try:

Code:
sudo nmap -p 80 129.146.34.164
This will show if port 80 on VM2 is open in the eyes of VM1 (although I imagine that it will show it isn't, as per the original curl command).
 
Old 04-28-2017, 03:14 PM   #7
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
[opc@vm04 ansible]$ sudo nmap -p 80 129.146.34.164

Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-28 20:16 GMT
Nmap scan report for 129.146.34.164
Host is up (0.00034s latency).
PORT STATE SERVICE
80/tcp filtered http

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds



How can I open port 80 on VM2, so that VM1 can see it?

Last edited by pspravin; 04-28-2017 at 03:16 PM.
 
Old 04-28-2017, 03:22 PM   #8
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
Ok, back to first principles.

Which virtualisation package are you using? VMWare? VirtualBox? Another?

Which distros (and versions) are you running for VM1 and VM2?

Do you have selinux installed on either VM (run sestatus to find out).
 
Old 04-28-2017, 03:31 PM   #9
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
Virtual Machines:
Red Hat Enterprise Linux Server release 7.3 (Maipo)

[opc@db01 ~]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 29
 
Old 04-28-2017, 03:49 PM   #10
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
Ok, thanks.

This guy here - http://stackoverflow.com/questions/3...nd-curl-doesnt - resolved a similar problem by disabling selinux and iptable_filter. It seems a bit over the top, but you could do that and then work backwards to see what is actually preventing the communication.

Given that you're using Red Hat, I assume that you have a licence with them - have you contacted them about this problem?
 
Old 04-28-2017, 03:51 PM   #11
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
Actually, we are currently piloting Ansible and devops. For that we have pilot cloud instance for few weeks and there is no support involved.
 
Old 04-28-2017, 03:52 PM   #12
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 20 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
Quote:
Originally Posted by pspravin View Post
Actually, we are currently piloting Ansible and devops. For that we have pilot cloud instance for few weeks and there is no support involved.
Ok, do you know how to disable selinux? If so, do that for both VMs (to be extra sure), and then try the curl again.
 
Old 04-28-2017, 06:22 PM   #13
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Port 80 is not blocked by iptables. So, it must be selinux.
 
Old 05-01-2017, 12:34 AM   #14
pspravin
LQ Newbie
 
Registered: Apr 2017
Posts: 7

Original Poster
Rep: Reputation: Disabled
selinux seems to be related to security of Linux. Is there any other impact if I turn this off? though this is a test instance, I am trying to be cautious, please suggest.
 
Old 05-02-2017, 03:59 PM   #15
Jjanel
Member
 
Registered: Jun 2016
Distribution: any&all, in VBox; Ol'UnixCLI; NO GUI resources
Posts: 999
Blog Entries: 12

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
https://access.redhat.com/documentat...g_SELinux.html
https://major.io/2013/04/15/seriousl...abling-selinux
https://www.reddit.com/r/linux/comme...abling_selinux
&lots more links from: disable selinux rhel advice good|bad idea implications

Welcome to LQ; here's my current favorite post on LQ "how-to".
I enjoy learning on LQ, so looking forward to your future questions.

Let us know what you find as a solution (note ThreadTools at top).

Last edited by Jjanel; 05-02-2017 at 04:58 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Curl shipped with 14.1 has security issues and bugs! akschu Slackware 8 02-16-2014 04:03 PM
Fedora 15: File size issues with FTP/Curl/Perl cheddarcheese Linux - Software 10 08-21-2011 01:10 PM
CURL issues in bash iniuria Programming 1 03-08-2010 03:39 AM
curl dependency issues in testing/sid almatic Debian 1 06-27-2007 10:54 PM
centos /apache issues...no gd / imap / curl I_AM Linux - General 2 06-06-2005 02:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration