Hi all
The situation is this, i have one of those router cable/wifi.
So i have the main pc plugged to the router, the router give local ip for all my network (the others computers connects via wi-fi).
Main pc starts up apache under Fedora 12, http://localhost.. works, http://127.0.0.1.. works, http://192.168.0.13 (my local ip) works.
But when i try to connect to http://192.168.0.13 from another pc of my local network, it doesnt work.
The others pcs are running windows vista.
I go another computers ping 192.168.0.13, responds!
From the main computer ping 192.168.0.14, responds!

So, there are comunication between the machines, but i cant get to work under apache... i tried opening port 80 with iptables, i tried changing apache's port to another.

Any help?

Thanks!

You could (temporarily!) disable iptables just to see whether this is causing the problem (as root):
service iptables stopIf this doesn't fix the problem, remember to turn on again!
service iptables startApache itself can control who can access it - check /etc/httpd/conf/httpd.conf:
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from allIf I remember, by default, Fedora's distribution of Apache limitis everything to "localhost / 127.0.0.1" out-of-the-box. I am using phpMyAdmin, so have turned on access to both the server and Directories to enable from other machines on my network.

SteveGYBE thanks for your answer. But i've already tried disabling iptables and always the same problem. Also tried with httpd.conf, but the declaration says Allow from all.

I've been testing another stuff too, and i think the problem is my router.

I installed xampp on the PC which uses Windows Vista, and when i try to connect the main computer (fedora 12) with the server apache of Windows Vista, i got the same... and the error says connection timeout, i mean, browser can finds the url, but the server doesnt responds.

Also tried with virtual machines on virtualbox, setted the network device on bridge. Tried with fedora core 6, and windows xp, and the error is ALWAYS the same... ping from everyone to everyone, always responds, but cannot connect to anyone's server.
Im pretty sure the problem is that my router dont allow direct connection between users. but i couldnt solve it yet.
So, any advice is welcome!

/usr/bin/system-config-selinux
Boolean section.

Something in there might be restricting your access if you have SELinux set to on (The default.)

Thanks,
Tony

Thanks Zanpactou for your reply, I've already disabled SELinux from the beginning.

Thanks anyway dude!

Thanks Zanpactou for your reply, I've already disabled SELinux from the beginning.

Thanks anyway dude!
Damn, worth a try.

So I'm understanding right that you have a machine which has two network connections, one is a connection to the router and you use that for the world wide web and the other connection is a local one which you are trying to use as an intranet to connect to another machine which is not connected to the world wide web?

Can you access your apache web page using a different computer over http which is not connected to your intranet or router?
Which machine is taking care of the routing for the intranet?
At a guess, you might want to try setting up a vpn. It certainly seems to me that the issue could be related to routing, which machine is doing it and which one is setting the default route.

Thanks,
Zanpactou

Have you tried "telnet <server> 80" from an outside system - This will verify that
port 80 is available. If you get a "connection refused", check the "Listen" parameter
in the /etc/httpd/conf/httpd.conf

You may have an entry "Listen 127.0.0.1:80" in there that causes apache to listen
only on the local host.

Let's see!


Damn, worth a try.

So I'm understanding right that you have a machine which has two network connections, one is a connection to the router and you use that for the world wide web and the other connection is a local one which you are trying to use as an intranet to connect to another machine which is not connected to the world wide web?

I have two machines, both of them are connected to the same router, and both to the world wide web. It's just that my router takes internet signal, and allow you to connect one wired, and the others devices wireless. But, anyway it gives local ip address for everyone, even to the one that is wired, all have IP like (192.168.0.x).
Besides, i mention above that i've tried to with virtual machines... i setup this vm with network card as Bridge, thats mean that they connect directly to the router too, taking a IP from my local network too (they took 192.168.0.x, instead of 10.0.x.x).


Can you access your apache web page using a different computer over http which is not connected to your intranet or router?
Which machine is taking care of the routing for the intranet?
At a guess, you might want to try setting up a vpn. It certainly seems to me that the issue could be related to routing, which machine is doing it and which one is setting the default route.

No, i cant, and i dont want to! haha
I just need that other devices from my local network to access.
Thanks again!


Have you tried "telnet <server> 80" from an outside system - This will verify that
port 80 is available. If you get a "connection refused", check the "Listen" parameter
in the /etc/httpd/conf/httpd.conf

You may have an entry "Listen 127.0.0.1:80" in there that causes apache to listen
only on the local host.

I've been checking the httpd.conf already, and found nothing wrong...

BUT! after many tests, i just restarted the router configuration to zero, and now seems to allow me connect, but only if i disable iptables. So... i need a hand here :P
How do i open port 80 only for my local network?

--------------

My iptables status right now is this:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
I tried adding this lines, but it wont work.

iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

any suggestions?

Mine has (/etc/sysconfig/iptables):



-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


This was configured using the GUI firewall configuration utility which lists
httpd as a service. I didn't even need to know the port number.

Mine has (/etc/sysconfig/iptables):



-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


This was configured using the GUI firewall configuration utility which lists
httpd as a service. I didn't even need to know the port number.

Hi jpollard thanks again, i've added that line, but still wont work... can you give me more details about your iptables config?

------------------------------------------------------------------------------------------------------------------------------------------
Sorry, you we're right jpollard, your iptables lines was exactly with i needed, the problem was this line:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
The line opening port 80 must be BEFORE that one.

Thanks to all you guys, i've finally solved the problem!

Ahh... There you go

you ran


iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
and so on


iptables -A option will append the new rule to the end of existing rule. This means, this new rule will get appended to the end of existing rules ie,



REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited


which never gets processed..

use iptables -I option and not iptables -A.
Run like this...


iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and so on





That must work.