Have CentOS
installed with httpd
. Can connect with lynx
both to http://localhost
and to http://10.20.30.40
(the real IP) from inside the machine. Can't connect from outside. Here is an excerpt from the /etc/httpd/conf/httpd.conf
:
Listen 0.0.0.0:80
<VirtualHost 10.20.30.40:80>
DocumentRoot /var/www/vhost1
ErrorLog logs/vhost1-error_log
CustomLog logs/vhost1-access_log common
</VirtualHost>
I am trying to connect from the machine that resides on the same subnet (as far as I know about it).
Nothing suspicious in the log files. Any advises please?
Update: while running iptables -L
I've got the following line (maybe it's related): REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
.
Update N2: iptables -vnL
output:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
1576K 1643M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 354K packets, 58M bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
922 823K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
19 1412 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
159K 28M ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
2869 640K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
1239K 1589M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 1064 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
175K 25M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Best Answer
Try this to see if it helps:
If you use the following beforehand then you can easily revert back:
If you want to completely turn off iptables (although better to configure it appropriately) then use:
Otherwise, make the rule persist save it to /etc/sysconfig/iptables:
On CentOS 7 or above
On CentOS 7 and RHEL 7 you would probably use the
firewall-cmd
to allow HTTP traffic.