Ubuntu Linux - Cannot Access from local host after enable firewall
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ubuntu Linux - Cannot Access from local host after enable firewall
Hi,
I am a newbie in Linux. I am using Ubuntu Linux 18.04.
I just setup an apache server running at port 80.
I try to access from local machine and from other machines within the same network and it works fine.
Then I try to enable the firewall and it block all the incoming port, so I cannot access from the local machine and from other machines within the network.
Then I add a new rule using ufw to allow from anywhere to access port 80 and check with ufw status.
The new rule is displayed correctly, but it does not work.
Then I add a new rule using iptables:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
After adding the new rule using iptables, I am able to access from other machine within the same network, but I still CANNOT access the port 80 from my local machine.
from the local machine how do you address the web site?
If using localhost then that usually goes to 127.0.0.1:80 and not the network IP. If the web site is not listening on the loopback address it will fail.
Also, are you using only http or also using https? If only http then port 80 is adequate, but if https as well then you need to add port 443 to the firewall rules.
UFW is a front-end for IPtables. So if you are using UFW, stick with that and ignore iptables. And if you are using iptables stick with that and, uninstall UFW. Try something like,
Code:
sudo ufw show added
See "man ufw" for the details and other options.
Myself, since iptables is deprecated, I've moved to nftables. It is far easier than iptables yet more flexible and with more options. Supposedly it is more efficient under the hood, too. So if you are just starting out, I would give serious consideration to taking a step back and begining with nftables instead. Failing that, stick with UFW. Either way, avoid iptables.
I am using http (just for testing) and the new rule I put in was:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
which is actually from anywhere and should the 127.0.0.1 is included?
Yes, & No.
That means the firewall should not block it. However, the config for httpd defines what interfaces it listens to. If it is only listening on the network interface then the loopback interface (127.0.0.1) is ignored.
Check the settings in /etc/httpd/conf/httpd.conf to see what interfaces it listens on.
Code:
$ grep -i listen /etc/httpd/conf/httpd.conf
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 80
As you can see I have not bound the httpd daemon to a single interface so it will be listening on all available interfaces.
Running both the commands given by @ferarri gives me
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.