Linux – some outgoing http connections fail

centoshttpiptableslinuxnetworking

After a recent reboot, my server is unable to connect via http, but not all the time.

I have an accept rule for port 80, here is my iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

I can't connect via cURL, but traceroute seems to work just fine.

$ curl www.google.com
curl: (7) couldn't connect to host

traceroute to www.google.com (74.125.20.104), 30 hops max, 40 byte packets
1  pe-in-f104.1e100.net (74.125.20.104)  0.042 ms  0.020 ms  0.019 ms

The server sends a lot of outgoing http requests, some of them are getting through while others are failing.

I'm not really sure where else to look for this. Any help would be appreciated.

EDIT:
I restarted iptables service and the problem went away, but that was also about the time a lot of http jobs finished. I tried running the jobs again, but I didn't see the problem reoccur. I'll switch to wget instead of cURL if I see the problem again.

Best Answer

Ask your hosting provider/ISP if they have imposed any filtering on their side. Maybe someone was trying to dDoS your server hitting hard at port 80. Other ideas would be: check routing and your DNS resolver configuration.

Do some test runs between this server and another machine. Check port 80 with tcpdump on both machines. With tcpdump you should see traffic incoming/outgoing even if your own machine's firewall is discarding it.

Related Topic