Ubuntu server cannot be accessed from eth0 address on same machine

Question

I have a Ubuntu 16.04 VM and when I run curl http://192.168.254.42 (the eth0 IP address) it quickly replies with connection refused. However, the server is definitely listening on 0.0.0.0 and can be accessed by other computers on the network using that same address in the browser. curl http://192.168.254.1 returns the html of my router admin page.

Of course this wouldn't normally be a blocker, but this also means that VPN clients connected to the server cannot access the server itself using the eth0 IP address (which clients on the network use). I've never run into this problem before, and Google brings up the obvious "listening on localhost", which isn't the case here.

I can ping the eth0 ip address from the terminal (i.e. ping itself) and it responds properly. A traceroute from a VPN client also looks correct. But accessing the http://192.168.254.42 immediately responds with connection refused.

Here is netstat -tulpn output.

$ netstat -tulpn | grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      5724/index-lib
$ netstat -tulpn | grep :85
tcp6       0      0 :::85                   :::*                    LISTEN      1212/server.js
$ netstat -tulpn | grep :81
tcp6       0      0 :::81                   :::*                    LISTEN      1515/apache2

Setting it to Port 86 works. And another NodeJS server is running on port 85 as well and can be accessed just fine. So it's not a problem with the NodeJS side of things.

Old info

The webserver is a single NodeJS v10.16.3 HTTP server instance listening on 0.0.0.0.

Listening on 192.168.254.42 does not work either.

More importantly, an Apache webservice listening on port 81 can be accessed just fine.

Chrome says ERR_CONNECTION_FAILED, but it does it almost instantly.

No iptables rules are set.

A NodeJS process is listening on Port 85 and can be accessed in the same manner.

Here is netstat -tulpn output.

$ netstat -tulpn | grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      5724/index-lib
$ netstat -tulpn | grep :85
tcp6       0      0 :::85                   :::*                    LISTEN      1212/server.js
$ netstat -tulpn | grep :81
tcp6       0      0 :::81                   :::*                    LISTEN      1515/apache2

The command I am using to check this is

$ curl http://192.168.254.42
curl: (7) Failed to connect to 192.168.254.42 port 80: Connection refused

Port 81 and 85 return expected HTML.

Setting it to listen on port 86 makes it accessible! So it's not on the NodeJS side, I don't think.

Since you're using RFC1939 IP's, please don't redact them. There's little point, and it may help others spot something you're overlooking. What is the IP of the physical host? And of the VM? Are you using NAT between the physical host and the VM? Is this a case where you're expecting to have "hairpin NAT" but your NAT daemon doesn't support it? Also, please supply evidence such as `netstat` output to support your assertion that "the server is definitely listening." Please [edit these omitted details into your post](https://serverfault.com/posts/989338/edit), not in comments. — Jim L., Oct 24 '19 at 22:56
It looks like the `netstat` output is all IPv6 listening ports. Perhaps you need to tweak your setup to get it to listen on IPv4? Exclude IPv6 from netstat with the command `netstat -4tulpn` and post that command output, please. — Jim L., Oct 24 '19 at 23:17
It works fine on port 86 and 85 listening on IPv6, but doesn't work on Port 80. — Arlen Beiler, Oct 24 '19 at 23:36
But only calling eth0 IP from the same machine doesn't work. It works fine across the network. — Arlen Beiler, Oct 24 '19 at 23:37

score 1 · Answer 1 · answered Oct 24 '19 at 22:59

1

I don't have the rep to post a comment asking for clarification so I'm just going to take a punt at the answer. You're talking about what IP address your node app is listening on however I've never had to configure this in any of my node apps. I'm guessing you have code that looks something like this:

var http = require('http');
http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.write('Hello World!');
  res.end();
}).listen(8080, 0.0.0.0);

Both the port and ip here are optional so if you want to listen on port 80 then just ditch both of them. If you're listening on a different port ditch the IP and let Node figure it out.

You mentioned an Apache server on 81, I'm presuming that you are attempting to connect to Node directly and you're not going through Apache to get to Node.

If the above doesn't help post the relevant code from your node app, cat /etc/hosts, and sudo netstat -tulpn. If you're going via Apache then post the relevant Apache configs as well (i.e. the virtual host entry in /etc/apache2/sites-enabled/).

answered Oct 24 '19 at 22:59

Enicli

43
7

Nope, not going through apache. The netstat is in the question. `/etc/hosts` just lists loopback addresses. – Arlen Beiler Oct 24 '19 at 23:12
I was passing in an empty string for host and now I'm passing in undefined. – Arlen Beiler Oct 24 '19 at 23:15
Listening on port 86 actually works fine. But not listening on port 80. – Arlen Beiler Oct 24 '19 at 23:18
So Node is listening on port 85 but you're doing a curl on port 80... what's index-lib? (sorry if that's a dumb question) – Enicli Oct 24 '19 at 23:18
index-lib and server.js are two Node applications. In NodeJS the .js extension is optional for the script name. – Arlen Beiler Oct 24 '19 at 23:20

score 0 · Accepted Answer · answered Oct 30 '19 at 17:05

I found this line in /etc/rc.local.

iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080

Problem found!

This answer says why the rule did not show up in iptables -L: https://serverfault.com/a/685948/32875.

There are 5 tables (filter,nat,mangle,raw,security). You call iptables -L -t table for each.

Ubuntu server cannot be accessed from eth0 address on same machine

Old info

2 Answers2