Unable to access CentOS web server externally
 

Hello guys,

I am having issue accessing server over the internet from my company's network. It works great on LAN, but when I try going through Internet, it doesn't work. We have public ip address which is configured on static NAT for the linux server, which has the private IP address. I am not sure what am I doing wrong, but here is the configuration below for iptables and http virtual host:

VirtualHost:

NameVirtualHost 192.168.10.20
NameVirtualHost 76.8.138.254
<VirtualHost 192.168.10.20 76.8.138.254>
DocumentRoot /var/www/cacti
ServerName 76.8.138.254
</VirtualHost>


IPtables:

[root@whatsup cacti]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT tcp -- 0.0.0.0/0 192.168.10.20 tcp dpt:80

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
18 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.10.20

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Any suggestions would be appreciated :)

anyone?
 

anyone?

I ran into a similar problem. It turned out to be a routing issue at the web server. I use two gateway routers to the internet for load balancing. The default route was set to use a different gateway than the NAT router. My fix was to set the default gateway to the NAT router. I found the problem by using tshark to monitor the internet side of the NAT router's network traffic on port 80.

Well let me get into details. Yesterday, I allowed all the TCP ports from the cisco router, but unfortunately it only lets me have access to server through SSH. I don't see port 80 open from external network. Only ports I see open is 110 and 22. I don't know if this is the server issue or router issue, because internally I can access web server without any hesitation and I can see port 80, 110, and 22 open when I do port scan.

if you don't have port 80 (http) forwarded at your router to your server internal IP (I presume 192.168.10.20) then it won't work. So make settings at your router port 80 forward to your IP.