Phildo Phildo - 5 months ago 23
Linux Question

apache not accepting incoming connections from outside of localhost

I've booted up a CentOS server on rackspace and executed

yum install httpd
'd. Then
services httpd start
. So, just the barebones.

I can access its IP address remotely over ssh (22) no problem, so there's no problem with the DNS or anything (I think...), but when I try to connect on port 80 (via a browser or something) I get connection refused.

From localhost, however, I can use telnet (80), or even lynx on itself and get served with no problem. From outside (my house, my school, a local coffee shop, etc...), telnet connects on 22, but not 80.

I use
netstat -tulpn
(<- I'm not going to lie, I don't understand the
-tulpn
part, but that's what the internet told me to do...) and see

tcp 0 0 :::80 :::* LISTEN -


as I believe I should. The
httpd.conf
says
Listen 80
.

I have
services httpd restart
'd many a time.

Honestly I have no idea what to do. There is NO way that rackspace has a firewall on incoming port 80 requests. I feel like I'm missing something stupid, but I've booted up a barebones server twice now and have done the absolute minimum to get this functioning thinking I had mucked things up with my tinkering, but neither worked.

Any help is greatly appreciated! (And sorry for the long winded post...)

Edit
I was asked to post the output of
iptables -L
. So here it is:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Answer

In case not solved yet. Your iptables say:

state RELATED,ESTABLISHED

Which means that it lets pass only connections already established... that's established by you, not by remote machines. Then you can see exceptions to this in the next rules:

state NEW tcp dpt:ssh

Which counts only for ssh, so you should add a similar rule/line for http, which you can do like this:

state NEW tcp dpt:80

Which you can do like this:

sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

(In this case I am choosing to add the new rule in the fourth line)

Remember that after editing the file you should save it like this:

sudo /etc/init.d/iptables save