4

I can't access to my local sites on a fedora machine from ubuntu. In firefox I get this error:

The connection has timed out

In fedora iptables I added this line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Also disabled selinux, but still can't connect. Why?

Output of netstat -tpln:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:631                 0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      -                   
tcp        0      0 :::139                      :::*                        LISTEN      -                   
tcp        0      0 :::80                       :::*                        LISTEN      -                   
tcp        0      0 :::631                      :::*                        LISTEN      -                   
tcp        0      0 :::445                      :::*                        LISTEN      -

Output of iptables -L -n -v:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 9982 1956K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0 reject-with icmp-host-prohibited
    0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 reject-with icmp-host-prohibited
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  139  9168 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   20 16824 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          state NEW udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:631
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:631
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:631
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:137
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:138
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:139
    5   355 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:445
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:80
   87  4524 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 14997 packets, 16M bytes)
 pkts bytes target     prot opt in     out     source               destination
Improve this question
10
  • On the Fedora host, have you started the httpd server? service httpd start. To make the server start when the system boots, chkconfig httpd on
    – George M
    Commented May 23, 2012 at 12:33
  • Yes. apache server is running and I have no problem on host
    – NPK
    Commented May 23, 2012 at 12:45
  • can you please provide the output of iptables -L -n -v?
    – Ulrich Dangel
    Commented May 23, 2012 at 12:54
  • @UlrichDangel: Please see the edited post
    – NPK
    Commented May 23, 2012 at 12:56
  • 1
    Can you connect locally (using localhost)? Also can you connect from the other machine through any other protocol/port (ping, ssh, telnet, etc)?
    – ghm1014
    Commented Mar 19, 2013 at 20:53

3 Answers 3

Reset to default
2

I needed to open port 80 in the firewall configuration:

firewall-cmd --permanent --add-service=http
Improve this answer
0

Netstat ouput shows that you're only accepting connections using IPv6. You must configure your server to also bind to port 80 on address 0.0.0.0.

Fedora come with a tool that you can use to configure the firewall. Avoid messing with iptables directly.

Improve this answer
1
  • 4
    That is not necessarily true, it is possible for an AF_INET6 socket to be able to accept IPv4 connections for backwards-compatibility. It would only fail if net.ipv6.bindv6only was set or the socket was openend with the IPV6_V6ONLY option. See: tools.ietf.org/html/rfc3493#page-22
    – Cedric
    Commented Aug 11, 2012 at 20:28
-1

Your http server is running over port 80 on IPv6 only. This may be a reason why you can't connect using localhost.

Add "localhost" host name correspond to "::" IP address in "/etc/hosts"

sudo vim /etc/hosts
:: localhost

Now your firefox shall connect as IPv6 is preferred method of connection if detected.

Alternatively, you can enable your http server listening over both IPv4 and IPv6.

Improve this answer
1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .