instead of the desired webpages I get timeouts. If I try to get a page with wget on the server itself it works fine, but if I want to connect with a browser I get a timeout.
s15312615:/etc/apache2 # netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdom:smtp *:* LISTEN
tcp 0 0 *:www-http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:snpp *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8857 private/verify
unix 2 [ ACC ] STREAM LISTENING 8863 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8866 private/smtp
unix 2 [ ACC ] STREAM LISTENING 8869 private/relay
unix 2 [ ACC ] STREAM LISTENING 8875 private/error
unix 2 [ ACC ] STREAM LISTENING 6037 @/var/run/hald/dbus-aXRNnAXQQw
unix 2 [ ACC ] STREAM LISTENING 5897 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 8034 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 8018 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 8019 /var/run/.nscd_socket
unix 2 [ ACC ] STREAM LISTENING 8878 private/discard
unix 2 [ ACC ] STREAM LISTENING 8881 private/local
unix 2 [ ACC ] STREAM LISTENING 8884 private/virtual
unix 2 [ ACC ] STREAM LISTENING 8887 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 5991 @/var/run/hald/dbus-98LA968QdN
unix 2 [ ACC ] STREAM LISTENING 8890 private/anvil
unix 2 [ ACC ] STREAM LISTENING 8893 private/scache
unix 2 [ ACC ] STREAM LISTENING 8896 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 8845 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8899 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 8848 private/bounce
unix 2 [ ACC ] STREAM LISTENING 8902 private/uucp
unix 2 [ ACC ] STREAM LISTENING 8851 private/defer
unix 2 [ ACC ] STREAM LISTENING 8905 private/ifmail
unix 2 [ ACC ] STREAM LISTENING 8854 private/trace
unix 2 [ ACC ] STREAM LISTENING 8908 private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 8911 private/procmail
unix 2 [ ACC ] STREAM LISTENING 8914 private/retry
unix 2 [ ACC ] STREAM LISTENING 8917 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 8840 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8860 public/flush
unix 2 [ ACC ] STREAM LISTENING 8872 public/showq
unix 2 [ ACC ] STREAM LISTENING 5964 /var/run/dbus/system_bus_socket
Output from iptables:
s15312615:/etc/apache2 # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext- DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere
Chain reject_func (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
How can I solve this?
///EDIT
httpd.conf
### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.
# run under this user/group id
Include /etc/apache2/uid.conf
# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log
# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf
# IP addresses / ports to listen on
Include /etc/apache2/listen.conf
# predefined logging formats
Include /etc/apache2/mod_log_config.conf
# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf
# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf
# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf
# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf
# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf
# set up (customizable) error responses
Include /etc/apache2/errors.conf
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# List of resources to look for when the client requests a directory
DirectoryIndex index.php index.html index.htm index.html.var
### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#Include /etc/apache2/default-server.conf
# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
#Include /etc/apache2/vhosts.d/*.conf
Include /etc/apache2/vhosts.d/_vhost-master.conf
# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)
AddOutputFilter INCLUDES .shtml
AddType text/html .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 3008 ACCEPT all -- lo any anywhere anywhere
13599 889K ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
2900 537K input_ext all -- eth0 any anywhere anywhere
0 0 input_ext all -- any any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
0 0 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 3008 ACCEPT all -- any lo anywhere anywhere
13313 5996K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (2 references)
pkts bytes target prot opt in out source destination
1280 452K DROP all -- any any anywhere anywhere PKTTYPE = broadcast
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
10 461 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
7 392 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
8 452 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 DROP all -- any any anywhere anywhere PKTTYPE = multicast
0 0 DROP all -- any any anywhere anywhere PKTTYPE = broadcast
1288 67240 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
1 438 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
1602 84345 DROP all -- any any anywhere anywhere
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-proto-unreachable
///EDIT2
uname -a
Linux s15312615 2.6.34.8-0.2-default #1 SMP 2011-04-06 18:11:26 +0200 x86_64 x86_64 x86_64 GNU/Linux
If I try to open port 80 with
iptables -A INPUT -p tcp dport html -j ACCEPT
iptables -A OUTPUT -p tcp sport html -j ACCEPT
I get
Bad argument `dport'
Try `iptables -h' or 'iptables --help' for more information.
With
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
the command gets accepted but it changes nothing.
Best Answer
It doesn't look like you are allowing incoming connections on port 80 in your iptables settings, but it's hard to tell without seeing output from
iptables -L -v. Allow incoming port 80 to your firewall rules and it will likely work.