The connection has timed out The server at <ip address> is taking too long to respond

kwatts59 · 08-19-2012, 03:26 PM

Dear Linux Users,
I installed a software program called Galaxy on my server.
I started up the Galaxy server process.
When I open FIrefox on the server and type in the following into the address bar the program starts successfully.
http://<ip address>:8080
However, when I open up Firefox on my PC and type in the exact same address, i get the following error
"The connection has timed out The server at <ip address> is taking too long to respond"
I contacted the Galaxy people and they said there is nothing wrong with their software, it is a server issue.
From my PC, I can ping the server and I can access my webpage.
I'm sure it is something simple.
Any advice would be greatly appreciated.

abrinister · 08-19-2012, 04:21 PM

Quote:

my webpage.

Which webpage? Is this running on the same server?

Alex Brinister

kwatts59 · 08-19-2012, 04:52 PM

Yes, my webpage is on the same server as the Galaxy software and I can access the webpage from any PC.
Here is the webpage: http://shenlab.sols.unlv.edu/shenlab/

I can only run the Galaxy software when I am in the server room and logged directly onto the server.

chrism01 · 08-19-2012, 05:43 PM

Sounds like a firewall issue.
Can you try

Code:

# show us your distro+ver
cat /etc/*release*

#show firewall
iptables -nvL

abrinister · 08-20-2012, 10:00 AM

I can't believe I didn't ask this earlier, but what distro are you running? Posting the output of "/etc/*release*", as chrism suggested, would help in that.

Are you running even running a firewall?

Alex Brinister

kwatts59 · 08-20-2012, 01:16 PM

I did a "cat /etc/*release*" and below is the output

Fedora release 13 (Goddard)
Fedora release 13 (Goddard)
Fedora release 13 (Goddard)
cpe:/o:/fedoraproject:fedora:13

I did a "ls *release*" and there were 4 files
fedora-release
redhat-release
system-release
system-release-cpe

I type "sudo iptables -nvL" and below is the output (I apologize for typos, I manually typed the output)

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
447K 129M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
44 2878 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
309 18540 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
24 1292 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1107 61900 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
380K 50M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

I hope this helps

abrinister · 08-20-2012, 01:48 PM

Have you looked here? Your setup seems kinda similar...

Alex Brinister

kwatts59 · 08-20-2012, 03:10 PM

I issued the following command to add an entry into the IP tables.
sudo /sbin/iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Now when I issue the command "sudo iptables -nvL" the following line appears:

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080

I restarted the Galaxy process and I am still getting the same errors when I try accessing Galaxy from my PC.

abrinister · 08-20-2012, 06:33 PM

What happens when you disable iptables completely? Does Galaxy work?

Alex Brinister

kwatts59 · 08-20-2012, 07:47 PM

WHOOOOT!!!!

Now we are getting somewhere.
I entered the following commands to turn off the firewall
$ sudo /etc/init.d/iptables save
$ sudo /etc/init.d/iptables stop

Then voila!!! I can access the server from my PC.

Then when I entered the following command to turn the firewall back on
$ sudo /etc/init.d/iptables start

the shirt hit the fan and I got the "Connection has timed out" error.

So how do I set the firewall to allow access to the server?

abrinister · 08-20-2012, 08:01 PM

Code:

iptables -I INPUT -i <interface> -p <tcp or udp> --dport <your port> -j ACCEPT

I found that here.

Alex Brinister

chrism01 · 08-20-2012, 08:02 PM

The firewall rules are stored in /etc/sysconfig/iptables.
You should back that up, then edit it.
The problem I think you have is that you used -A = append to the input chain, but this rule

Code:

 380K 50M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

would precede it and its REJECTing all(!) protocols.

Actually, I prefer to use the fail secure method of setting the INPUT chain Policy of DROP instead; that way any pkt not specifically matched by a rule is DROPped.

See these links http://www.linuxhomenetworking.com/w...Using_iptables
http://www.cyberciti.biz/tips/linux-...-examples.html
http://www.linuxtopia.org/online_boo...-iptables.html

PS: F13 is well out of date; currently F17 is the go

abrinister · 08-20-2012, 08:14 PM

That's a good call, chrism, especially since the command I gave him put an already existing rule into his iptables policy

.

Alex Brinister

chrism01 · 08-20-2012, 08:22 PM

Yeah, trying to Append/Insert rules is do-able, but frankly a PITA.
Much easier/clearer to edit the real file; just need to be careful.