dswitch
asked on
Can't connect to Linux Apache server from other computers on network
In the building I have a router plugged into a switch, five computers plugged into the switch sharing internet. The IP address for the router is 192.168.1.1, and I can access its control panel from any computer on the network.
I have a Linux server running Fedora Core 9 with Apache installed and the httpd service running. What I want to do is be able to use this server as a testing server for a website that will be developed locally on another computer on the network.
The Linux's address is 192.168.1.109
I can access the Apache test page from Linux by typing http://localhost/ or http://192.168.1.109/ just fine
I can ping 192.168.1.109 from the other Windows computers on the network just fine, so it's seeing the Linux computer
I can SSH into root@192.168.1.109 with Putty just fine from other computers on the network
The only problem, it seems, is that none of the other computers on the network can type http://192.168.1.109/ into their browser address bar and get the Apache test page. It just says "Unable to connect" in Firefox.
I went into the router's configuration and it looks like this:
Port Range Forwarding
Start End Protocol To IP Address
HTTP 80 80 Both 192.168.1.109
I think that should be set up right, but I'm not sure.
Any suggestions? It's probably a silly fix somewhere but I've never done this kind of setup before.
Thanks.
I have a Linux server running Fedora Core 9 with Apache installed and the httpd service running. What I want to do is be able to use this server as a testing server for a website that will be developed locally on another computer on the network.
The Linux's address is 192.168.1.109
I can access the Apache test page from Linux by typing http://localhost/ or http://192.168.1.109/ just fine
I can ping 192.168.1.109 from the other Windows computers on the network just fine, so it's seeing the Linux computer
I can SSH into root@192.168.1.109 with Putty just fine from other computers on the network
The only problem, it seems, is that none of the other computers on the network can type http://192.168.1.109/ into their browser address bar and get the Apache test page. It just says "Unable to connect" in Firefox.
I went into the router's configuration and it looks like this:
Port Range Forwarding
Start End Protocol To IP Address
HTTP 80 80 Both 192.168.1.109
I think that should be set up right, but I'm not sure.
Any suggestions? It's probably a silly fix somewhere but I've never done this kind of setup before.
Thanks.
If you have Fedora installed, I think it enabled SE Linux by default. Check whether SE linux is enabled and if so, make sure requests on port 80 are passed through.
ASKER
Output of "netstat -an | grep ":80"
tcp 0 0 :::80 :::* LISTEN
--------------------------
SELinux is enabled...but I don't know how it works. I opened up the "Network Port" tab, found Port 80, and it "Properties," and it says
SELinux Type http_port_t
MLS/MCS Level s0
tcp 0 0 :::80 :::* LISTEN
--------------------------
SELinux is enabled...but I don't know how it works. I opened up the "Network Port" tab, found Port 80, and it "Properties," and it says
SELinux Type http_port_t
MLS/MCS Level s0
execute
setenforce 0
and then
getenforce
it should say permissive.
setenforce 0
and then
getenforce
it should say permissive.
ASKER
I did, and it did.
Tried http://192.168.1.109 again on the development computer and it still "Can't establish connection"
Tried http://192.168.1.109 again on the development computer and it still "Can't establish connection"
what about the firewall
print out
iptables -nL
print out
iptables -nL
ASKER
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
You have mail in /var/spool/mail/root
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
You have mail in /var/spool/mail/root
I do not have Fedora. But somewhere in your menu, there is something like SELinux or Firewall. When you open that Goto SELinux tab and uncheck http checkbox. Take a look at this image
http://www.weiqigao.com/blog/images/disable-selinux.png
http://www.weiqigao.com/blog/images/disable-selinux.png
You can try what sanjooz mentioned but if SELinux is permissive I dont think it should make any difference.
ASKER
I can't really find a way to do what sanjooz asked...I attempted the command "setsebool -P httpd-disable-trans 1" but it failed:
libsemanage.dbase_llist_se
libsemanage.dbase_llist_se
Could not change boolean httpd_disable_trans
Could not change policy booleans
Grr. I can't understand why I can access this computer in every way except through the Apache server.
libsemanage.dbase_llist_se
libsemanage.dbase_llist_se
Could not change boolean httpd_disable_trans
Could not change policy booleans
Grr. I can't understand why I can access this computer in every way except through the Apache server.
ASKER
UPDATE:
I mentioned that I could access the server through putty.
I was using the following settings:
root@192.168.1.109 port 22 connection type: ssh
I can't get through with putty on port 80. It just hangs up. Tried all connection types.
I mentioned that I could access the server through putty.
I was using the following settings:
root@192.168.1.109 port 22 connection type: ssh
I can't get through with putty on port 80. It just hangs up. Tried all connection types.
Just a stab in the dark.
You mentioned that you have port forwarding set up on the router. That is not necessary for internal traffic. That statement would allow public addresses to access port 80 of the Linux Server from outside or you could be routing from one private network to another. I do not see how that could affect internal traffic but I do not have complete knowledge of your setup. Maybe it is somehow intercepting the internal traffic and using NAT to confuse the communication layer.
Not very scientific so I guess it is a WAG instead of a SWAG. Anyway something to keep you busy until someone comes up with the real solution!
You mentioned that you have port forwarding set up on the router. That is not necessary for internal traffic. That statement would allow public addresses to access port 80 of the Linux Server from outside or you could be routing from one private network to another. I do not see how that could affect internal traffic but I do not have complete knowledge of your setup. Maybe it is somehow intercepting the internal traffic and using NAT to confuse the communication layer.
Not very scientific so I guess it is a WAG instead of a SWAG. Anyway something to keep you busy until someone comes up with the real solution!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try to use
telnet 192.168.1.109 80
write somethig, you shoulg get from apache error page.
If you have this, check your brouser connection options, may be proxy or smthig else
If not try to use tcpdump on your apache server like
tcpdump -n host ipname_of_your_windows and port 80
If you have packets in in/out direction check your windows comps for firewalling your net router rules for filtering.
So write here results of telnet and tcpdum. Wold is too complex to make more assumptions.
telnet 192.168.1.109 80
write somethig, you shoulg get from apache error page.
If you have this, check your brouser connection options, may be proxy or smthig else
If not try to use tcpdump on your apache server like
tcpdump -n host ipname_of_your_windows and port 80
If you have packets in in/out direction check your windows comps for firewalling your net router rules for filtering.
So write here results of telnet and tcpdum. Wold is too complex to make more assumptions.
ASKER
IgorAL:
On my development computer running Windows XP and connected to the same ethernet switch as the Linux server, I typed into command prompt
telnet 192.168.1.109 80
and received the message
Could not open connection to host, on port 80: Connection failed
On my Linux server I ran the command
tcpdump -n host 192.168.1.106 and port 80
and it writes
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
and just sits there indefinitely.
--------------------------
Shakoush:
The output of
iptables -t nat -nL
is
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------
mokelley1:
My setup is precisely as follows:
Router upstairs, at IP address 192.168.1.1
Ethernet cable attached through the wall to the router, running from the wall into an 8-port ethernet switch. A network of Windows XP computers attached to the ethernet switch, all in the same room, and one Linux computer also plugged into the same router, running a completely fresh installation of Fedora Core 9, with the httpd and mysqld services activated and running.
I can access from any of the computers the router's control center. I do not necessarily wish for the website development to be viewable from the outside world...I just want to use the Linux server as a testing server set up through Dreamweaver to test PHP/MySQL scripts locally without having to upload them to a remote server to test.
That's all I got...I can access the Apache test page from Linux computer by typing http://localhost/ or http://192.168.1.109/, and I can ping the IP address 192.168.1.109 from any of the other computers on the network and receive successful and prompt replies. But when I type http://192.168.1.109/ into a browser address bar on one of the Windows computers, it cannot establish a connection and does not show the Apache test page.
Thank you all for your help -- I hope you'll keep trying. It must be something pretty simple.
NOTE: I do have a firewall on the Windows development computer, but it is disabled to the extent of my knowledge.
On my development computer running Windows XP and connected to the same ethernet switch as the Linux server, I typed into command prompt
telnet 192.168.1.109 80
and received the message
Could not open connection to host, on port 80: Connection failed
On my Linux server I ran the command
tcpdump -n host 192.168.1.106 and port 80
and it writes
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
and just sits there indefinitely.
--------------------------
Shakoush:
The output of
iptables -t nat -nL
is
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------
mokelley1:
My setup is precisely as follows:
Router upstairs, at IP address 192.168.1.1
Ethernet cable attached through the wall to the router, running from the wall into an 8-port ethernet switch. A network of Windows XP computers attached to the ethernet switch, all in the same room, and one Linux computer also plugged into the same router, running a completely fresh installation of Fedora Core 9, with the httpd and mysqld services activated and running.
I can access from any of the computers the router's control center. I do not necessarily wish for the website development to be viewable from the outside world...I just want to use the Linux server as a testing server set up through Dreamweaver to test PHP/MySQL scripts locally without having to upload them to a remote server to test.
That's all I got...I can access the Apache test page from Linux computer by typing http://localhost/ or http://192.168.1.109/, and I can ping the IP address 192.168.1.109 from any of the other computers on the network and receive successful and prompt replies. But when I type http://192.168.1.109/ into a browser address bar on one of the Windows computers, it cannot establish a connection and does not show the Apache test page.
Thank you all for your help -- I hope you'll keep trying. It must be something pretty simple.
NOTE: I do have a firewall on the Windows development computer, but it is disabled to the extent of my knowledge.
ASKER
UPDATE:
I was poking around SELinux, and there are a bunch of httpd booleans that are not active. I'll give the list and their statuses.
///////
httpd_builtin_scripting --> on
httpd_can_network_connect --> on
httpd_can_network_connect_
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> on
httpd_enable_homedirs --> on
httpd_ssi_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_nfs --> off
allow_httpd_anon_write --> off
allow_httpd_dbus_avahi --> on
allow_httpd_mod_auth_ntlm_
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_ano
/////
Also, an edit from last post:
ALL computers are plugged into the same 8-port ethernet switch, and the switch is plugged into the router. My previous message said Linux server is plugged into router -- it's not. Wrong word. They're all plugged into the switch.
I was poking around SELinux, and there are a bunch of httpd booleans that are not active. I'll give the list and their statuses.
///////
httpd_builtin_scripting --> on
httpd_can_network_connect --> on
httpd_can_network_connect_
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> on
httpd_enable_homedirs --> on
httpd_ssi_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_nfs --> off
allow_httpd_anon_write --> off
allow_httpd_dbus_avahi --> on
allow_httpd_mod_auth_ntlm_
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_ano
/////
Also, an edit from last post:
ALL computers are plugged into the same 8-port ethernet switch, and the switch is plugged into the router. My previous message said Linux server is plugged into router -- it's not. Wrong word. They're all plugged into the switch.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
guitarist5377:
that was the problem exactly...i found it somewhere else on google a few days ago and never really posted back here. everything works with SELINUX on permissive and iptables saved and stopped.
thanks all for help.
that was the problem exactly...i found it somewhere else on google a few days ago and never really posted back here. everything works with SELINUX on permissive and iptables saved and stopped.
thanks all for help.
ASKER
thanks for the help guys.
Listen 80
also do
netstat -an | grep ":80"
and print output