4

I can't access to my local sites on a fedora machine from ubuntu. In firefox I get this error:

The connection has timed out

In fedora iptables I added this line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Also disabled selinux, but still can't connect. Why?

Output of netstat -tpln:

 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN - tcp 0 0 :::139 :::* LISTEN - tcp 0 0 :::80 :::* LISTEN - tcp 0 0 :::631 :::* LISTEN - tcp 0 0 :::445 :::* LISTEN -

Output of iptables -L -n -v:

 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 9982 1956K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0 reject-with icmp-host-prohibited 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 139 9168 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 20 16824 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 state NEW udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:631 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 5 355 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 87 4524 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 14997 packets, 16M bytes) pkts bytes target prot opt in out source destination
Improve this question
10
  • On the Fedora host, have you started the httpd server? service httpd start. To make the server start when the system boots, chkconfig httpd on Commented May 23, 2012 at 12:33
  • Yes. apache server is running and I have no problem on host Commented May 23, 2012 at 12:45
  • can you please provide the output of iptables -L -n -v? Commented May 23, 2012 at 12:54
  • @UlrichDangel: Please see the edited post Commented May 23, 2012 at 12:56
  • 1
    Can you connect locally (using localhost)? Also can you connect from the other machine through any other protocol/port (ping, ssh, telnet, etc)? Commented Mar 19, 2013 at 20:53

3 Answers 3

Reset to default
2

I needed to open port 80 in the firewall configuration:

firewall-cmd --permanent --add-service=http
Improve this answer
1
  • So it seems your Fedora's firewalld was apparently using nftables instead of classic iptables, and that explains why iptables -L -n -v did not list any rules created by firewalld. To list nftables rules, the command is nft list ruleset. Commented Sep 9, 2024 at 5:24
0

Netstat ouput shows that you're only accepting connections using IPv6. You must configure your server to also bind to port 80 on address 0.0.0.0.

Fedora come with a tool that you can use to configure the firewall. Avoid messing with iptables directly.

Improve this answer
1
  • 4
    That is not necessarily true, it is possible for an AF_INET6 socket to be able to accept IPv4 connections for backwards-compatibility. It would only fail if net.ipv6.bindv6only was set or the socket was openend with the IPV6_V6ONLY option. See: tools.ietf.org/html/rfc3493#page-22 Commented Aug 11, 2012 at 20:28
-1

Your http server is running over port 80 on IPv6 only. This may be a reason why you can't connect using localhost.

Add "localhost" host name correspond to "::" IP address in "/etc/hosts"

sudo vim /etc/hosts :: localhost

Now your firefox shall connect as IPv6 is preferred method of connection if detected.

Alternatively, you can enable your http server listening over both IPv4 and IPv6.

Improve this answer
1

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.