apache not accepting incoming connections from outside of localhost

Question

I ve booted up a CentOS server on rackspace and executed yum install httpd d  Then services httpd start  So  just the barebones   I can access its IP address remotely over ssh  22  no problem  so there s no problem with the DNS or anything  I think      but when I try to connect on port 80  via a browser or something  I get connection refused    From localhost  however  I can use telnet  80   or even lynx on itself and get served with no problem  From outside  my house  my school  a local coffee shop  etc      telnet connects on 22  but not 80    I use netstat -tulpn   lt - I m not going to lie  I don t understand the -tulpn part  but that s what the internet told me to do     and see   tcp    0    0    80             LISTEN    -                      as I believe I should  The httpd conf says Listen 80    I have services httpd restart d many a time   Honestly I have no idea what to do  There is NO way that rackspace has a firewall on incoming port 80 requests  I feel like I m missing something stupid  but I ve booted up a barebones server twice now and have done the absolute minimum to get this functioning thinking I had mucked things up with my tinkering  but neither worked    Any help is greatly appreciated   And sorry for the long winded post      Edit I was asked to post the output of iptables -L  So here it is   Chain INPUT  policy ACCEPT  target     prot opt source               destination          ACCEPT     all  --  anywhere             anywhere            state RELATED ESTABLISHED  ACCEPT     icmp --  anywhere             anywhere             ACCEPT     all  --  anywhere             anywhere             ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt ssh  REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited   Chain FORWARD  policy ACCEPT  target     prot opt source               destination          REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited   Chain OUTPUT  policy ACCEPT  target     prot opt source               destination

User · Answer

Try with below setting in iptables config table   iptables -A INPUT -p tcp --dport 80 -j ACCEPT   Run the below command to restart the iptable service  service iptables restart   change the httpd config file to  Listen 192 170 2 1 80   re-start the apache   Try now

User · Answer

Try disabling iptables  service iptables stop  If this works  enable TCP port 80 to your firewall rules  run system-config-selinux from root  and enable TCP port 80  HTTP  on your firewall

User · Answer

In case not solved yet  Your iptables say      state RELATED ESTABLISHED   Which means that it lets pass only connections already established    that s established by you  not by remote machines  Then you can see exceptions to this in the next rules   state NEW tcp dpt ssh   Which counts only for ssh  so you should add a similar rule line for http  which you can do like this   state NEW tcp dpt 80   Which you can do like this   sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT    In this case I am choosing to add the new rule in the fourth line   Remember that after editing the file you should save it like this   sudo  etc init d iptables save

User · Answer

Disable SELinux     sudo setenforce 0

User · Answer

this would work  -- for REDHAT use   cat   etc sysconfig iptables    iptables -I  RH-Firewall-1-INPUT -s 192 168 1 3  -p tcp -m tcp --dport 80 -j ACCEPT   followed by   sudo  etc init d iptables save

User · Answer

CentOS 7 uses firewalld by default now  But all the answers focus on iptables  So I wanted to add an answer related to firewalld   Since firewalld is a  wrapper  for iptables  using antonio-fornie s answer still seems to work but I was unable to  save  that new rule  So I wasn t able to connect to my apache server as soon as a restart of the firewall happened  Luckily it is actually much more straightforward to make an equivalent change with firewalld commands  First check if firewalld is running   firewall-cmd --state   If it is running the response will simply be one line that says  running    To allow http  port 80  connections temporarily on the public zone   sudo firewall-cmd --zone public --add-service http   The above will not be  saved   next time the firewalld service is restarted it ll go back to default rules  You should use this temporary rule to test and make sure it solves your connection issue before moving on    To permanently allow http connections on the public zone   sudo firewall-cmd --zone public --permanent --add-service http   If you do the  permanent  command without doing the  temporary  command as well  you ll need to restart firewalld to get your new default rules  this might be different for non CentOS systems     sudo systemctl restart firewalld service   If this hasn t solved your connection issues it may be because your interface isn t in the  public zone   The following link is a great resource for learning about firewalld  It goes over in detail how to check  assign  and configure zones  https   www digitalocean com community tutorials how-to-set-up-a-firewall-using-firewalld-on-centos-7

User · Answer

SELinux prevents Apache  and therefore all Apache modules  from making remote connections by default     setsebool -P httpd can network connect 1

User · Answer

Search for LISTEN directive in the apache config files  httpd conf  apache2 conf  listen conf      and if you see localhost  or 127 0 0 1  then you need to overwrite with your public ip

User · Answer

this is what worked for us to get the apache accessible from outside   sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT sudo service iptables restart

User · Answer

If you are using RHEL CentOS 7  the OP was not  but I thought I d share the solution for my case   then you will need to use firewalld instead of the iptables service mentioned in other answers   firewall-cmd --zone public --add-port 80 tcp --permanent firewall-cmd --reload   And then check that it is running with   firewall-cmd --permanent --zone public --list-all   It should list 80 tcp under ports

User · Answer

Set apache to list to a specific interface and port something like below   Listen 192 170 2 1 80   Also check for Iptables and TCP Wrappers entries that might be interfering on the host with outside hosts accessing that port  Binding Docs For Apache

[linux] apache not accepting incoming connections from outside of localhost

Examples related to linux

Examples related to apache

Examples related to webserver

Examples related to centos