Cannot access to web server, but can ssh to it
I have a Ubuntu server but there are some weird things I can't understand.
I cannot ping to the server via IP address, but I can ssh to it. I can access to apache server inside the server via command line, but I cannot acccess in my Windows's browser.
What kind of setting I need to check now?
ubuntu networking apache-httpd ping
add a comment |
I have a Ubuntu server but there are some weird things I can't understand.
I cannot ping to the server via IP address, but I can ssh to it. I can access to apache server inside the server via command line, but I cannot acccess in my Windows's browser.
What kind of setting I need to check now?
ubuntu networking apache-httpd ping
2
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59
add a comment |
I have a Ubuntu server but there are some weird things I can't understand.
I cannot ping to the server via IP address, but I can ssh to it. I can access to apache server inside the server via command line, but I cannot acccess in my Windows's browser.
What kind of setting I need to check now?
ubuntu networking apache-httpd ping
I have a Ubuntu server but there are some weird things I can't understand.
I cannot ping to the server via IP address, but I can ssh to it. I can access to apache server inside the server via command line, but I cannot acccess in my Windows's browser.
What kind of setting I need to check now?
ubuntu networking apache-httpd ping
ubuntu networking apache-httpd ping
edited May 13 '16 at 17:17
Jeff Schaller
39.9k1054126
39.9k1054126
asked Mar 16 '13 at 12:18
hungneoxhungneox
131114
131114
2
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59
add a comment |
2
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59
2
2
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59
add a comment |
4 Answers
4
active
oldest
votes
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.
Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
add a comment |
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
add a comment |
I'm having this issue too. Here are some outputs from the above commands
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP Tables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
add a comment |
You may need to allow certain ports or services like http by using firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68150%2fcannot-access-to-web-server-but-can-ssh-to-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.
Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
add a comment |
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.
Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
add a comment |
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.
Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.
Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
answered Mar 16 '13 at 21:28
pradeepchhetripradeepchhetri
6,28593456
6,28593456
add a comment |
add a comment |
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
add a comment |
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
add a comment |
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
answered Mar 16 '13 at 18:13
janosjanos
7,13222347
7,13222347
add a comment |
add a comment |
I'm having this issue too. Here are some outputs from the above commands
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP Tables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
add a comment |
I'm having this issue too. Here are some outputs from the above commands
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP Tables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
add a comment |
I'm having this issue too. Here are some outputs from the above commands
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP Tables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
I'm having this issue too. Here are some outputs from the above commands
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP Tables output:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
edited Jul 20 '16 at 7:07
Kusalananda
126k16239393
126k16239393
answered Jul 20 '16 at 5:49
nevillescollopnevillescollop
1
1
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
add a comment |
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
Welcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
– Tejas
Jul 20 '16 at 6:27
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
no it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)
– nevillescollop
Jul 22 '16 at 12:17
add a comment |
You may need to allow certain ports or services like http by using firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
New contributor
add a comment |
You may need to allow certain ports or services like http by using firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
New contributor
add a comment |
You may need to allow certain ports or services like http by using firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
New contributor
You may need to allow certain ports or services like http by using firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
New contributor
New contributor
answered 2 mins ago
vyeluri5vyeluri5
1
1
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68150%2fcannot-access-to-web-server-but-can-ssh-to-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Check your iptables firewall rules, you might be blocking port 80/443, as well as ICMP ping, but allowing ssh. If you don't have a firewall running, it might be your routing table, but that doesn't explain everything.
– jsbillings
Mar 16 '13 at 12:35
One other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
– depquid
Mar 16 '13 at 17:08
@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
– vonbrand
Mar 16 '13 at 22:13
Some cloud providers block ICMP (for example, Amazon Web Services does by default).
– Olathe
Mar 17 '16 at 3:59