Avatar of dswitch
dswitch asked on

Can't connect to Linux Apache server from other computers on network

In the building I have a router plugged into a switch, five computers plugged into the switch sharing internet. The IP address for the router is 192.168.1.1, and I can access its control panel from any computer on the network.

I have a Linux server running Fedora Core 9 with Apache installed and the httpd service running. What I want to do is be able to use this server as a testing server for a website that will be developed locally on another computer on the network.

The Linux's address is 192.168.1.109

I can access the Apache test page from Linux by typing http://localhost/ or http://192.168.1.109/ just fine

I can ping 192.168.1.109 from the other Windows computers on the network just fine, so it's seeing the Linux computer

I can SSH into root@192.168.1.109 with Putty just fine from other computers on the network

The only problem, it seems, is that none of the other computers on the network can type http://192.168.1.109/ into their browser address bar and get the Apache test page. It just says "Unable to connect" in Firefox.

I went into the router's configuration and it looks like this:

Port Range Forwarding

          Start          End          Protocol          To IP Address
HTTP     80            80             Both               192.168.1.109

I think that should be set up right, but I'm not sure.

Any suggestions? It's probably a silly fix somewhere but I've never done this kind of setup before.

Thanks.
Linux DistributionsApache Web ServerRouters

Avatar of undefined
Last Comment
dswitch

8/22/2022 - Mon
http:// thevpn.guru

Edit httpd.conf and check the listen line and make sure it is

Listen 80

also do

netstat -an | grep ":80"

and print output
sanjooz

If you have Fedora installed, I think it enabled SE Linux by default. Check whether SE linux is enabled and if so, make sure requests on port 80 are passed through.
ASKER
dswitch

Output of "netstat -an | grep ":80"

tcp          0          0 :::80          :::*          LISTEN

--------------------------------------

SELinux is enabled...but I don't know how it works. I opened up the "Network Port" tab, found Port 80, and it "Properties," and it says

SELinux Type          http_port_t
MLS/MCS Level       s0
Your help has saved me hundreds of hours of internet surfing.
fblack61
http:// thevpn.guru

execute
setenforce 0

and then

getenforce

it should say permissive.
ASKER
dswitch

I did, and it did.

Tried http://192.168.1.109 again on the development computer and it still "Can't establish connection"
http:// thevpn.guru

what about the firewall

print out

iptables -nL
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
dswitch

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
You have mail in /var/spool/mail/root
sanjooz

I do not have Fedora. But somewhere in your menu, there is something like SELinux or Firewall. When you open that Goto SELinux tab and uncheck http checkbox. Take a look at this image

http://www.weiqigao.com/blog/images/disable-selinux.png
http:// thevpn.guru

You can try what sanjooz mentioned but if SELinux is permissive I dont think it should make any difference.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
dswitch

I can't really find a way to do what sanjooz asked...I attempted the command "setsebool -P httpd-disable-trans 1" but it failed:

libsemanage.dbase_llist_set: record not found in the database (No such file or directory).
libsemanage.dbase_llist_set: could not set record value (No such file or directory).
Could not change boolean httpd_disable_trans
Could not change policy booleans

Grr. I can't understand why I can access this computer in every way except through the Apache server.
ASKER
dswitch

UPDATE:

I mentioned that I could access the server through putty.

I was using the following settings:

root@192.168.1.109          port 22          connection type: ssh

I can't get through with putty on port 80. It just hangs up. Tried all connection types.
mokelly1

Just a stab in the dark.

You mentioned that you have port forwarding set up on the router.  That is not necessary for internal traffic.  That statement would allow public addresses to access port 80 of the Linux Server from outside or you could be routing from one private network to another.  I do not see how that could affect internal traffic but I do not have complete knowledge of your setup.  Maybe it is somehow intercepting the internal traffic and using NAT to confuse the communication layer.

Not very scientific so I guess it is a WAG instead of a SWAG.  Anyway something to keep you busy until someone comes up with the real solution!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
http:// thevpn.guru

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
IgorAL

try to use
telnet 192.168.1.109  80
write somethig, you shoulg get from apache error page.
If you have this, check your brouser connection options, may be proxy or smthig else
If not try to use tcpdump on your apache server  like
tcpdump -n host ipname_of_your_windows and port 80
If you have packets in in/out direction check your windows comps for firewalling your net router rules for filtering.

So write here results of telnet and tcpdum. Wold is too complex to make more assumptions.
ASKER
dswitch

IgorAL:

On my development computer running Windows XP and connected to the same ethernet switch as the Linux server, I typed into command prompt

telnet 192.168.1.109 80

and received the message

Could not open connection to host, on port 80: Connection failed

On my Linux server I ran the command

tcpdump -n host 192.168.1.106 and port 80

and it writes

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

and just sits there indefinitely.

------------------------------

Shakoush:

The output of

iptables -t nat -nL

is

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-------------------------------------------

mokelley1:

My setup is precisely as follows:

Router upstairs, at IP address 192.168.1.1

Ethernet cable attached through the wall to the router, running from the wall into an 8-port ethernet switch. A network of Windows XP computers attached to the ethernet switch, all in the same room, and one Linux computer also plugged into the same router, running a completely fresh installation of Fedora Core 9, with the httpd and mysqld services activated and running.

I can access from any of the computers the router's control center. I do not necessarily wish for the website development to be viewable from the outside world...I just want to use the Linux server as a testing server set up through Dreamweaver to test PHP/MySQL scripts locally without having to upload them to a remote server to test.

That's all I got...I can access the Apache test page from Linux computer by typing http://localhost/ or http://192.168.1.109/, and I can ping the IP address 192.168.1.109 from any of the other computers on the network and receive successful and prompt replies. But when I type http://192.168.1.109/ into a browser address bar on one of the Windows computers, it cannot establish a connection and does not show the Apache test page.

Thank you all for your help -- I hope you'll keep trying. It must be something pretty simple.

NOTE: I do have a firewall on the Windows development computer, but it is disabled to the extent of my knowledge.
ASKER
dswitch

UPDATE:

I was poking around SELinux, and there are a bunch of httpd booleans that are not active. I'll give the list and their statuses.

///////

httpd_builtin_scripting --> on
httpd_can_network_connect --> on
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> on
httpd_enable_homedirs --> on
httpd_ssi_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_nfs --> off

allow_httpd_anon_write --> off
allow_httpd_dbus_avahi --> on
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off

/////

Also, an edit from last post:

ALL computers are plugged into the same 8-port ethernet switch, and the switch is plugged into the router. My previous message said Linux server is plugged into router -- it's not. Wrong word. They're all plugged into the switch.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
dswitch

guitarist5377:

that was the problem exactly...i found it somewhere else on google a few days ago and never really posted back here. everything works with SELINUX on permissive and iptables saved and stopped.

thanks all for help.
ASKER
dswitch

thanks for the help guys.