-1

I have two VMs on CentOS 6.5, running Plesk 12, and the webserver is Apache 2.2. One is a clone of the other, and I inherited them setup by someone else. My problem is that I can access my sites hosted on the servers from any computer other than these servers themselves.

Say example.com points to one of my servers. If I am SSH'd into either of the servers and run wget example.com I will get back:

--2014-10-20 18:01:42--  http://example.com/ Resolving example.com... <ip address>
Connecting to example.com|<ip address>|:80... failed:
Connection timed out. Retrying.

The IP address it resolves to is correct. If I run wget on the servers using the IP address directly I have the same result negative result.

If I run wget to the same domain on a computer outside these VMs I resolve to the same correct IP, and I am connected. Using localhost on the VMs does work fine:

wget localhost
--2014-10-20 18:12:35--  http://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.

The problem seems to be that the servers don't know what to do when they get to the IP address, and I'm at the end of my knowledge in this area. Any direction on this is appreciated!

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Sean Fahey
  • 131
  • 8
  • 1
    Do the servers actually have their intended IP address? Why or why not? – Michael Hampton Oct 20 '14 at 23:53
  • Outside of these servers, I can use the IP addresses to properly connect to the server that I intended to connect to. Is that what you are asking? – Sean Fahey Oct 21 '14 at 00:11
  • 2
    No, he's indirectly asking if you're running into the Hairpin NAT problem and don't know how to describe it. – Chris S Oct 21 '14 at 00:13
  • 2
    are these servers configured with external (i.e. non-RFC1918) addresses on their interfaces, or internal ones with a NAT device translating external IPs? – theterribletrivium Oct 21 '14 at 00:33
  • Thanks, it does look like I could use this hairpin NAT fix. When I run `ifconfig` it shows `eth0`'s inet addr is an internal IP. Is there a way to do this without making a change to the router? – Sean Fahey Oct 21 '14 at 03:14
  • @MadHatter I would agree that it is a duplicate, I wish my earlier search had found your great answer! – Sean Fahey Oct 21 '14 at 15:12
  • No worries, and thank you for your kind words. You may wish to flag a moderator to ask him/her to close this question as a duplicate, then. – MadHatter Oct 21 '14 at 15:54

2 Answers2

3

You need a route which directs the traffic to your local interface, and you may have a firewall issue.

Add the output of netstat -an for routing. It's likely to be ipchains -L or iptables -L to list the firewall rules.

mc0e
  • 5,786
  • 17
  • 31
3

Everyone's comments helped me put it all together and gave me a lot to read up on, thanks. I found a good solution that didn't involve doing anything to the router running NAT. This article described my problem and has a good solution, going in the same direction I think mc0e was suggesting.

Here is the command I ran to get this routed:

iptables -t nat -A OUTPUT -d <external ip addr> -s <subnet range> -j DNAT --to-destination <internal ip addr>
Sean Fahey
  • 131
  • 8