5

I've having trouble connecting to my Ruby on Rails development server:

When I type in 192.168.0.10:3000 into a web browser on a different the connection just times out.

I suspect the problem is with my firewall configuration, but I've tried to open everything and that doesn't seem to work.

The server is on my local network, with a static IP and is configured correctly - I can SSH into the box, and it can connect to the internet for updates. It's running CentOS 6.3, and I installed rails following these instructions: http://itekblog.com/ruby-on-rails-on-centos-6-3-is-easy/

The server is running: I can download the "Welcome Aboard" page with wget localhost:3000

I think it should be listening on all interfaces:

[sandy@pops testproject4]$ rails server
=> Booting WEBrick
=> Rails 3.2.8 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2012-08-18 18:29:04] INFO  WEBrick 1.3.1
[2012-08-18 18:29:04] INFO  ruby 1.8.7 (2011-06-30) [i386-linux]
[2012-08-18 18:29:04] INFO  WEBrick::HTTPServer#start: pid=9881 port=3000

and I think I have opened all ports

[sandy@pops testproject4]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    

Any help fixing this would be very much appreciated

Sandy

sandyscott
  • 203
  • 3
  • 7
  • If this is not production server, you can try flushing all iptables rules and see if it works better (iptable -F). –  Aug 18 '12 at 16:59
  • There's a difference between thinking it's listening on all interfaces and knowing it is. What's netstat say? – Magellan Aug 18 '12 at 17:17

1 Answers1

8

It looks like the problem is caused because when you added your open all line you used iptables -A INPUT ... which has dutifully added it to the end of the INPUT chain right after the REJECT all rule.

As iptables works on first match wins your accept all rule is never matched so port 3000 is blocked.

You should use iptables -I... to insert rules into a particular place in the chain or the beginning so something like

iptables -I INPUT -p tcp --dport 3000 -j ACCEPT

should do what you want.

If you want rules saved so after reboot all will be ok, do:

service iptables save
FelikZ
  • 335
  • 4
  • 12
user9517
  • 114,104
  • 20
  • 206
  • 289