Configure Fedora 15 Linux to allow access via port 80 from other computers

3

3

I am trying to make my home server accessible to the whole web. I have installed Nginx on my Fedora 15 64-bit Linux machine, and it works with localhost but it doesn't work online or allow other computers on the network to access it via the IP address. It keeps coming back with:

Could not connect

I have port forwarding. I have even tried different ports but they all seem to be blocked. What could be wrong? I have a netgear router.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-    prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-    prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Qasim

Posted 2011-08-06T14:18:38.050

Reputation: 193

What model Netgear router EXACTLY? – KCotreau – 2011-08-06T14:22:10.667

Its a N600 Wireless Dual Band Router, Model WNDR3400, and my web server is Nginx 0.8.54 – Qasim – 2011-08-06T14:24:30.760

Can you access it from your internal network from another computer using the IP address? How are you determining your external IP address? Do you have a static IP or DDNS? – KCotreau – 2011-08-06T14:25:00.913

I have a dynamic IP address, but I can put it to static if I need to. I can access using localhost (my machine ip is 172.16.0.15) but it doesnt work if I try to access it from my netbook using that machine IP. – Qasim – 2011-08-06T14:26:19.213

Still not sure how you are trying to access it. From the netbook, you put in http://172.16.0.15 not http://localhost right? If you try http://172.16.0.15 and you cannot get to it, then it is probably some kind of local firewall in the way. When I said Static or DDNS, I meant your external IP address, not your internal. Ultimately, if you do want to access it from the outside, you will probably want to give it a static IP as that is easier to port forward to, although some newer routers can also map DHCP changes and correctly forward.

– KCotreau – 2011-08-06T14:34:24.117

Yes I put in 172.16.0.15 with no luck on other devices connected to the same network. I'm not sure of any firewalls, what kind of firewall but block it? – Qasim – 2011-08-06T14:40:04.397

1There has to be some kind of firewall on your Linux box that is blocking you. At first, I thought it was a general how-to question, but now we have a specific, and frankly, I am not qualified to answer it. I would ask another question, like "My Fedora 15 Linux machine seems to be blocking port 80. How do I configure this to allow port 80 access from other computers?" After that, you can try to move on, and maybe come back to this question. – KCotreau – 2011-08-06T14:45:14.327

1In broad strokes, you need to get your home firewall/router to allow incoming connections on http (i.e. port 80) and you need it to send traffic it receives on port 80 on to your home server. Specifically, how to do that is highly dependent upon the brand and model of your home router. – golliher – 2011-08-06T12:17:25.870

Please add the output of iptables -L to your question (from the server running nginx), also, have you got nginx correctly configured to listen on port 80 on all interfaces, not just localhost? – EightBitTony – 2011-08-06T14:51:44.530

Before you go any further you need to post the output of this command: netstat -ln | grep 80. This will tell you on which interfaces your server is listening. This is check number 1 in the whole process, because you need to make sure it listens to your public interface, and not just to the local loopback interface. – Casper – 2011-08-06T15:23:48.840

if I am not mistaken, port forwarding is needed only for access from the internet. I don't think you need to forward ports to grant access to computers on a local network. I might be wrong. – Baha – 2011-08-06T15:53:10.713

Answers

5

Fedora's default firewall configuration blocks port 80. The easiest way to unblock it is using the system-config-firewall tool, provided in default Fedora installations.

To use it in a graphical environment, locate the Firewall option in your desktop's application menu (it's usually in the Administration category) or run system-config-firewall via a terminal or by pressing ALT+F2. Then check the checkbox next to WWW (HTTP) 80/tcp:

system-config-firewall with WWW highlighted

If you need HTTPS/SSL, also select Secure WWW (HTTPS) 443/tcp. Finally, click Apply to make the changes take effect.

To use it from a console, run system-config-firewall-tui. Press the TAB key until Customize is highlighted and press Enter. Press the Down Arrow until you arrive at WWW (HTTPD) and press Enter to select it:

system-config-firewall-tui with WWW highlighted

(Don't forget HTTPS if you need that too.) Now select Close, and then OK to save your new firewall configuration.

Patches

Posted 2011-08-06T14:18:38.050

Reputation: 14 078

1

Please add the output of iptables -L from the machine running nginx to your question.

As in the comments above, it sounds like your Linux server is blocking port 80 from non-local connections.

Also, have you set nginx to listen on all interfaces, not just 127.0.0.1? It'll be in the nginx config file (like listen 80; or similar).

EightBitTony

Posted 2011-08-06T14:18:38.050

Reputation: 3 741

How do I set it to listen on all interfaces? I have it as listen 80; – Qasim – 2011-08-06T14:53:07.787

Output:http://pastebin.com/mFr1rsAC

– Qasim – 2011-08-06T14:53:34.230

listen 80; server_name _; – Qasim – 2011-08-06T14:56:18.127

0

  1. Verify that the different device can access your server (ping).
  2. Verify that the different device can access another service on your server (ssh).
  3. Verify that you do not have a local firewall on your server (iptables -L).
  4. Verify that your web server is listening on the interface 172.16.0.15 or on * (netstat -al).
  5. Verify that your web server allow the client to connect in its configuration file.
  6. From your different device, do a telnet 172.16.0.15 80 to see if you have a connection timeout, a connection refused or a connection close (1st case would be a firewall, 2nd would be your web server is not listening or down, 3rd would be a web server configuration issue).

jfg956

Posted 2011-08-06T14:18:38.050

Reputation: 1 021

Sorry I am really new to this and I dont really understand most of the points you asked me to verify – Qasim – 2011-08-06T15:36:33.473

#1 im not sure how to do it, same with #2, Here is what I get from #3:http://pastebin.com/mFr1rsAC, #4 it is listening indeed on 172.16.0.5, #5 here is my config file (im pretty sure its allowing):http://pastebin.com/hTcSvcMH, #6 It says this: connect to address 172.16.0.15: No route to host

– Qasim – 2011-08-06T15:47:54.290

The result from #6 is suspect. You should have about the same result from #1 doing ping 172.16.0.5. Basically, the device from where you try to access your server does not know how to access the server. How are your client and server connected ? What is the ip address of the client ? – jfg956 – 2011-08-06T16:00:38.023

So far all I have done is this: Accessed my router settings, added port forwarding (port 80 HTTP, TCP, 172.16.0.15). When I ping from my netbook to 172.16.0.15, it just send Received * from * in *ms, doesnt stop doing that (loops or something). – Qasim – 2011-08-06T16:11:58.733

What is the ip address of your server: 172.16.0.5 or 172.16.0.15 ? You seam to have tried the telnet with 172.16.0.15, but if the server is 172.16.0.5, you should try telnet 172.16.0.5 80. For me, the 2 results from you netbook doing ping <server ip address> and telnet <server ip address> 80 are incoherent: you cannot receive reply to ping and a 'No route to host' from telnet on the same ip address at the same time. – jfg956 – 2011-08-06T16:29:38.343

That was a typo, my bad it is 172.16.0.15 – Qasim – 2011-08-06T16:30:59.823

It says this: PING 172.16.0.15 56(84) bytes of data. Then it continously says "64bytes from 172.16.0.15: icmpreq=* ttl=64 time=* ms". For the telnet, it says no route to host so Im puzzled. – Qasim – 2011-08-06T16:32:55.953

0

Try localtunnel. Similar services, at some cost, include showoff.io and Pagekite.

nlo

Posted 2011-08-06T14:18:38.050

Reputation: 101

Asked: 2011-08-06T14:18:38.050

Viewed: 4 633 times

Active: 2013-06-01T07:07:01.307