After a recent reboot, my server is unable to connect via http, but not all the time.
I have an accept rule for port 80, here is my iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
I can't connect via cURL, but traceroute seems to work just fine.
$ curl www.google.com
curl: (7) couldn't connect to host
traceroute to www.google.com (74.125.20.104), 30 hops max, 40 byte packets
1 pe-in-f104.1e100.net (74.125.20.104) 0.042 ms 0.020 ms 0.019 ms
The server sends a lot of outgoing http requests, some of them are getting through while others are failing.
I'm not really sure where else to look for this. Any help would be appreciated.
EDIT:
I restarted iptables service and the problem went away, but that was also about the time a lot of http jobs finished. I tried running the jobs again, but I didn't see the problem reoccur. I'll switch to wget instead of cURL if I see the problem again.
Best Answer
Ask your hosting provider/ISP if they have imposed any filtering on their side. Maybe someone was trying to dDoS your server hitting hard at port 80. Other ideas would be: check routing and your DNS resolver configuration.
Do some test runs between this server and another machine. Check port 80 with tcpdump on both machines. With tcpdump you should see traffic incoming/outgoing even if your own machine's firewall is discarding it.