Hi All,

I installed webmin on port 8080 and it is running great. I have fedora 3 on my linux box btw.

The strange thing is that I can access webmin from the server using lynx localhost:8080 but can't access it by typing in the ip address in Internet Explorer on my laptop thru my isp. I don't understand it. I've tried different ISP and still have the problem so my guess is firewall or port problem.

Here's what I get when I do a netstat of port 8080:

tcp 0 0 x.x.x.x:8080 0.0.0.0:* LISTEN

x = ip address

Any help?

Thanks in advance!

Do a port scan from the outside and see what it says?

Also did you configure webmin to only accept access from certain ip or ranges. Normal default is open to all.

After looking at your question some more need more info on your setup?
Network? Ex: Braodband, Wireless, Dailup
Firewall? Scripts
Router?
From where and what are you trying to access the machine?

If your are on the other side of a router, then the router needs to tell its ip to port forward that port to an internel machine and port.

Brian, thanks for the quick reply

I configured webmin to listen on all ip ranges and tried setting it on a specific ip to see if that was the issue.

Here is the more info:

The server is in a data warehouse for olm.net so it has a good connection. I am on a dialup connection on my laptop and have zonealarm installed. (turned it off and tried to access but that didn't help).

As for a server firewall I don't know. OLM installed fedora 3 and it is my understanding that fedora 3 comes with a firewall that runs.

I am on the other side of the router. :)

I did a port scan like you said from my laptop of port 8080 and it said, "Port 8080 Filtered".

Thanks

I see OLM is a web hosting service. So you have a server on thier side of the router. Is it your personal server? If so how do you normal access the services that will be running? Does it run web services or something. If you have a domain name to this machine then it could be possiable to use that as your name instaed of an ip. Ex www.mymachine.com:8080. If that does not work then I would say the hosting service needs to open a port for you to get to it. Another option could be is find out what ports you do have access to and if it is a service you are not using then kill that service and change webmin port to that port. If you have ftp access to the machine then disable ftp service and change webmin to port 21. There might be more to it but will require some tweaking.

Brian1

The serve is my personal dedicated server. I have full access to everything. I have root access and can set up whatever I want. It is currently being set up (by me) to run webmin and to host a few websites and a message board. I don't have the dns server set up yet ( was going to wait till webmin was working to make it easier on me). I have full access to iptables. From the research I have been doing I'm guessing that the fedora firewall is to blame. I just can't figure out how to stop it from blocking.

Thanks

the "fedora firewall" is iptables. What does iptables -L look like on the server?

You can run system-config-securitylevel or install firestarter as an easy to use front end to iptables.

This is a copy of my IPTABLES using iptables -L . I can't install firestarter since it's run from the desktop and I don't have access to that since I connect remotely via ssh. I would enable remote desktop but I think that's above me right now since I can't even get webmin to work.



Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
pfilter all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
pfilter all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain pfilter (2 references)
target prot opt source destination
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere subdomain.domain.com state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere subdomain.domain.com state NEW icmp echo-reply
ACCEPT icmp -- anywhere subdomain.domain.com state NEW icmp echo-request
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Thanks for the help

Okay... I've fixed a few things that were in miniserv.error and still can't get webmin to work. I'm @ a total loss on this and any help would be appreciated. Here is a copy of my miniserv.conf file and a copy of netstat -l from the server.


Here is a copy of my miniserv.conf:

port=10000
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=/usr/bin/perl5.8.5
ssl=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=0
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
session=1
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4

I can't think of anything else that is wrong. Here is a copy of netstat -l:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e
tcp 0 0 *:32768 *:* LIST
EN
tcp 0 0 *:sunrpc *:* LIST
EN
tcp 0 0 *:10000 *:* LIST
EN
tcp 0 0 *:ipp *:* LIST
EN
tcp 0 0 *:smtp *:* LIST
EN
tcp 0 0 *:http *:* LIST
EN
tcp 0 0 *:ssh *:* LIST
EN
udp 0 0 *:32769 *:*
udp 0 0 *:10000 *:*
udp 0 0 *:740 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7725 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 8077 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 8161 /var/run/dbus/system_bus_socket


Any help would be appreciated as I am at a total loss!

Just to rule out iptables being the problem, why don´t you try this:

iptables -A INPUT -m state --state NEW -p TCP --dport 8080 -j ACCEPT

Or, accept all incomming traffic from a speciffic IP Address:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT

Try that and let us know what happens.

h4d - thanks for the suggestion. That didn't do it either. :(