I just finished installing ISPConfig on Fedora 9. The install went smooth, but for some reason I can't get access to port 80 or 81 outside the network. On my router I set my server IP as the DMZ host temporarily for all access, but that didn't work. I can SSH to the server however. If I change the DMZ to the other server's IP, it works just fine so it has to be a software issue. I tried to check to see if http is listening and this is what I got: Code: [root@ns1 html]# netstat -tap | grep http tcp 0 0 *:81 *:* LISTEN 2667/ispconfig_http tcp 0 0 *:http *:* LISTEN 2688/httpd tcp 0 0 *:https *:* LISTEN 2688/httpd I tried to check my firewall settings, but I am getting an error: Code: [root@ns1 html]# system-config-firewall Traceback (most recent call last): File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module> os.execv(argv[0], argv) OSError: [Errno 2] No such file or directory Now what? :-\
Please comment out the line for that includes proftpd_ispconfig.conf in proftpd.conf file and restart proftpd.
I commented it out and restarted it, but still no go. I'm not so much worried about FTP working just yet though. The web is what's important.
Like I said, if I go into my router and change the DMZ host to my other server's IP (which runs ISPConfig as well) everything is accessible. I've been running a server for about 6 years now.
Code: [root@ns1 bin]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
I know this seems pretty obvious but did you check the Firewall settings within ISPConfig? Management ->Server->Services->Firewall
Except for the firewall error I'm having the same problem. I cannot see the http or https web sites from outside computers but I can get to them on the localhost. I have no soho router connected and no firewall. All of my output is the same as the OP.
Have you no router set up on your network? If you have then you will need to open ports within your router (check www.portforward.com for instructions if you're not clear) to access ports from outside your LAN.
I'm in a Class B subnet at the University and there is no port blocking at our end whatsoever. I've made a couple of these LAMPS but with Fedora 6 and had no problems till now.
What are your website addresses? Have you tried to do a tracert to the domain and see where the connection is failing?
You are running a firewall on the computer which block the sites. Please open port 80 and 81 in the firewall. This is most likely not the ispconfig firewall as ISPConfig always leaves port 81 open, it must be another firewall that you installed on the server.
Is this toward me or the other guy? The only firewall I would have is what comes with FC9 and when I try to configure it, I have this issue: Code: [root@ns1 bin]# system-config-firewall Traceback (most recent call last): File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module> os.execv(argv[0], argv) OSError: [Errno 2] No such file or directory
After you said firewall I started playing with the Firewall GUI located pulling down SYSTEM => Administration => Firewall. The firewall was disabled as it should be so I enabled it and hit APPLY, looked around a little bit and Disabled it again and hit APPLY. Waited about 5 minutes and checked the web sites (80 & 81) and they're now visible. Glitch maybe? You know when the perfect install howto (after the initial Fedora 9 install completes and you have to remove the disc and reboot) explains what to do when the firewall (ugly dos looking gui) "After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:" I never got that tool popup. When I run Code: system-config-firewall I get the New and Improved(?) gui. I imagine that this portion of the HowTo might have been cut and pasted from previous versions of the howto from Fedora 6, 7 & 8 (to save time of course ) maybe? This may need looked at a little further. Thanks for the help. It's always appreciated!
The GUI is because you are running X and if so, it opens up the GUI version. Otherwise, you get the text version So, I managed to remove the firewall and reinstall "system-config-firewall-tui" and set it to disabled. Here is my output of "iptables -L" Code: [root@ns1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination Now, something different: httpd won't start, but ISPConfig's httpd does. Code: [root@ns1 ~]# netstat -tap | grep http tcp 0 0 *:81 *:* LISTEN 3175/ispconfig_http I can connect to port 81 now remotely without issues. httpd won't start though: Code: [root@ns1 ~]# /etc/init.d/httpd start Starting httpd: [FAILED]
Thanks for the explanation. I am a gui junkie. I also negotiated past the firewall that should not have been there and now my httpd [FAILED] also and I get this message: (98)Address already in use: make_sock: could not bind to address x.x.x.x:80 no listening sockets available, shutting down Unable to open logs
Well, I found this out. I tailed the error_log file while trying to start httpd and here is the output: Code: [root@ns1 logs]# tail -f error_log unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs unable to start piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d': Permission denied Unable to open logs
