Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-19-2012, 03:26 PM
|
#1
|
Member
Registered: Aug 2012
Posts: 34
Rep:
|
The connection has timed out The server at <ip address> is taking too long to respond
Dear Linux Users,
I installed a software program called Galaxy on my server.
I started up the Galaxy server process.
When I open FIrefox on the server and type in the following into the address bar the program starts successfully.
http://<ip address>:8080
However, when I open up Firefox on my PC and type in the exact same address, i get the following error
"The connection has timed out The server at <ip address> is taking too long to respond"
I contacted the Galaxy people and they said there is nothing wrong with their software, it is a server issue.
From my PC, I can ping the server and I can access my webpage.
I'm sure it is something simple.
Any advice would be greatly appreciated.
|
|
|
08-19-2012, 04:21 PM
|
#2
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
Which webpage? Is this running on the same server?
Alex Brinister
|
|
|
08-19-2012, 04:52 PM
|
#3
|
Member
Registered: Aug 2012
Posts: 34
Original Poster
Rep:
|
Yes, my webpage is on the same server as the Galaxy software and I can access the webpage from any PC.
Here is the webpage: http://shenlab.sols.unlv.edu/shenlab/
I can only run the Galaxy software when I am in the server room and logged directly onto the server.
|
|
|
08-19-2012, 05:43 PM
|
#4
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,398
|
Sounds like a firewall issue.
Can you try
Code:
# show us your distro+ver
cat /etc/*release*
#show firewall
iptables -nvL
|
|
|
08-20-2012, 10:00 AM
|
#5
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
I can't believe I didn't ask this earlier, but what distro are you running? Posting the output of "/etc/*release*", as chrism suggested, would help in that.
Are you running even running a firewall?
Alex Brinister
|
|
|
08-20-2012, 01:16 PM
|
#6
|
Member
Registered: Aug 2012
Posts: 34
Original Poster
Rep:
|
I did a "cat /etc/*release*" and below is the output
Fedora release 13 (Goddard)
Fedora release 13 (Goddard)
Fedora release 13 (Goddard)
cpe:/o:/fedoraproject:fedora:13
I did a "ls *release*" and there were 4 files
fedora-release
redhat-release
system-release
system-release-cpe
I type "sudo iptables -nvL" and below is the output (I apologize for typos, I manually typed the output)
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
447K 129M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
44 2878 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
309 18540 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
24 1292 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1107 61900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
380K 50M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
I hope this helps
|
|
|
08-20-2012, 01:48 PM
|
#7
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
Have you looked here? Your setup seems kinda similar...
Alex Brinister
|
|
|
08-20-2012, 03:10 PM
|
#8
|
Member
Registered: Aug 2012
Posts: 34
Original Poster
Rep:
|
I issued the following command to add an entry into the IP tables.
sudo /sbin/iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
Now when I issue the command "sudo iptables -nvL" the following line appears:
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
I restarted the Galaxy process and I am still getting the same errors when I try accessing Galaxy from my PC.
|
|
|
08-20-2012, 06:33 PM
|
#9
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
What happens when you disable iptables completely? Does Galaxy work?
Alex Brinister
|
|
|
08-20-2012, 07:47 PM
|
#10
|
Member
Registered: Aug 2012
Posts: 34
Original Poster
Rep:
|
WHOOOOT!!!!
Now we are getting somewhere.
I entered the following commands to turn off the firewall
$ sudo /etc/init.d/iptables save
$ sudo /etc/init.d/iptables stop
Then voila!!! I can access the server from my PC.
Then when I entered the following command to turn the firewall back on
$ sudo /etc/init.d/iptables start
the shirt hit the fan and I got the "Connection has timed out" error.
So how do I set the firewall to allow access to the server?
|
|
|
08-20-2012, 08:01 PM
|
#11
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
Code:
iptables -I INPUT -i <interface> -p <tcp or udp> --dport <your port> -j ACCEPT
I found that here.
Alex Brinister
|
|
|
08-20-2012, 08:02 PM
|
#12
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,398
|
The firewall rules are stored in /etc/sysconfig/iptables.
You should back that up, then edit it.
The problem I think you have is that you used -A = append to the input chain, but this rule
Code:
380K 50M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
would precede it and its REJECTing all(!) protocols.
Actually, I prefer to use the fail secure method of setting the INPUT chain Policy of DROP instead; that way any pkt not specifically matched by a rule is DROPped.
See these links http://www.linuxhomenetworking.com/w...Using_iptables
http://www.cyberciti.biz/tips/linux-...-examples.html
http://www.linuxtopia.org/online_boo...-iptables.html
PS: F13 is well out of date; currently F17 is the go
Last edited by chrism01; 08-20-2012 at 08:10 PM.
|
|
|
08-20-2012, 08:14 PM
|
#13
|
Member
Registered: Dec 2010
Location: Boston, MA, USA
Distribution: Arch Linux
Posts: 460
Rep:
|
That's a good call, chrism, especially since the command I gave him put an already existing rule into his iptables policy .
Alex Brinister
|
|
|
08-20-2012, 08:22 PM
|
#14
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,398
|
Yeah, trying to Append/Insert rules is do-able, but frankly a PITA.
Much easier/clearer to edit the real file; just need to be careful.
|
|
|
All times are GMT -5. The time now is 09:47 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|