Can't connect to web or ftp outside the network

I just finished installing ISPConfig on Fedora 9. The install went smooth, but for some reason I can't get access to port 80 or 81 outside the network. On my router I set my server IP as the DMZ host temporarily for all access, but that didn't work. I can SSH to the server however. If I change the DMZ to the other server's IP, it works just fine so it has to be a software issue.

I tried to check to see if http is listening and this is what I got:

Code:

[root@ns1 html]# netstat -tap | grep http
tcp        0      0 *:81                        *:*                         LISTEN      2667/ispconfig_http
tcp        0      0 *:http                      *:*                         LISTEN      2688/httpd
tcp        0      0 *:https                     *:*                         LISTEN      2688/httpd

I tried to check my firewall settings, but I am getting an error:

Code:

[root@ns1 html]# system-config-firewall
Traceback (most recent call last):
  File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module>
    os.execv(argv[0], argv)
OSError: [Errno 2] No such file or directory

Now what? :-\

 

I commented it out and restarted it, but still no go. I'm not so much worried about FTP working just yet though. The web is what's important.

 

Like I said, if I go into my router and change the DMZ host to my other server's IP (which runs ISPConfig as well) everything is accessible. I've been running a server for about 6 years now.

 

Code:

[root@ns1 bin]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

I know this seems pretty obvious but did you check the Firewall settings within ISPConfig? Management ->Server->Services->Firewall

 

I will check that later tonight. Right now I'm at work and I only can connect via SSH.

 

Except for the firewall error I'm having the same problem. I cannot see the http or https web sites from outside computers but I can get to them on the localhost. I have no soho router connected and no firewall. All of my output is the same as the OP.

 

Have you no router set up on your network? If you have then you will need to open ports within your router (check www.portforward.com for instructions if you're not clear) to access ports from outside your LAN.

 

I'm in a Class B subnet at the University and there is no port blocking at our end whatsoever. I've made a couple of these LAMPS but with Fedora 6 and had no problems till now.

 

What are your website addresses? Have you tried to do a tracert to the domain and see where the connection is failing?

 

Is this toward me or the other guy? The only firewall I would have is what comes with FC9 and when I try to configure it, I have this issue:

Code:

[root@ns1 bin]# system-config-firewall
Traceback (most recent call last):
  File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module>
    os.execv(argv[0], argv)
OSError: [Errno 2] No such file or directory

 

After you said firewall I started playing with the Firewall GUI located pulling down SYSTEM => Administration => Firewall. The firewall was disabled as it should be so I enabled it and hit APPLY, looked around a little bit and Disabled it again and hit APPLY. Waited about 5 minutes and checked the web sites (80 & 81) and they're now visible. Glitch maybe?

You know when the perfect install howto (after the initial Fedora 9 install completes and you have to remove the disc and reboot) explains what to do when the firewall (ugly dos looking gui) "After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:" I never got that tool popup. When I run

Code:

system-config-firewall

I get the New and Improved(?) gui.

I imagine that this portion of the HowTo might have been cut and pasted from previous versions of the howto from Fedora 6, 7 & 8 (to save time of course ) maybe? This may need looked at a little further.

Thanks for the help. It's always appreciated!

 

The GUI is because you are running X and if so, it opens up the GUI version. Otherwise, you get the text version

So, I managed to remove the firewall and reinstall "system-config-firewall-tui" and set it to disabled. Here is my output of "iptables -L"

Code:

[root@ns1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Now, something different: httpd won't start, but ISPConfig's httpd does.

Code:

[root@ns1 ~]# netstat -tap | grep http
tcp        0      0 *:81                        *:*                         LISTEN      3175/ispconfig_http

I can connect to port 81 now remotely without issues.

httpd won't start though:

Code:

[root@ns1 ~]# /etc/init.d/httpd start
Starting httpd:                                            [FAILED]

 

Thanks for the explanation. I am a gui junkie. I also negotiated past the firewall that should not have been there and now my httpd [FAILED] also and I get this message:

(98)Address already in use: make_sock: could not bind to address x.x.x.x:80
no listening sockets available, shutting down
Unable to open logs

 

Well, I found this out. I tailed the error_log file while trying to start httpd and here is the output:

Code:

[root@ns1 logs]# tail -f error_log
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs
unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied
Unable to open logs

 

I am pretty perplexed that httpd is not working because of this firewall issue.