Can ping and SSH, no http, ftp, etc

Discussion in 'Server Operation' started by rbartz, Dec 5, 2006.

  1. rbartz

    rbartz Member

    I just finished setting up a new dedicated server at 69.64.78.167 from a basic Fedora Core 4 start. Nothing else was on the server...

    I can ping and connect with SSH, but if I try to connect to any other services I get "no route to host". :(

    For example:
    [[email protected] /]# telnet 69.64.78.167 110
    Trying 69.64.78.167...
    telnet: connect to address 69.64.78.167: No route to host
    telnet: Unable to connect to remote host: No route to host

    I can telnet all services locally with SSH:
    [[email protected] ~]# telnet localhost 110
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    +OK POP3 localhost.localdomain 2004.89 server ready

    All normal services are running - http, ftp, smtp, ipop3, etc., but cannot be accessed from outside other than the ping and SSH.

    Any ideas?

    Richard
     
  2. sjau

    sjau Local Meanie Moderator

    Does FC come with a firewall that by default prevent access to telnet and apache and and ftp ports by default?
     
  3. rbartz

    rbartz Member

    Firewall?

    I am not sure... here is what is running at boot:

    [[email protected] ~]# ps -A
    PID TTY TIME CMD
    1 ? 00:00:00 init
    2 ? 00:00:00 migration/0
    3 ? 00:00:00 ksoftirqd/0
    4 ? 00:00:00 watchdog/0
    5 ? 00:00:00 events/0
    6 ? 00:00:00 khelper
    7 ? 00:00:00 kthread
    11 ? 00:00:00 kblockd/0
    12 ? 00:00:00 kacpid
    223 ? 00:00:00 khubd
    227 ? 00:00:00 kseriod
    285 ? 00:00:00 pdflush
    286 ? 00:00:00 pdflush
    287 ? 00:00:00 kswapd0
    288 ? 00:00:00 aio/0
    447 ? 00:00:00 kpsmoused
    461 ? 00:00:00 kjournald
    650 ? 00:00:00 udevd
    1098 ? 00:00:00 kauditd
    1182 ? 00:00:00 kjournald
    1474 ? 00:00:00 syslogd
    1476 ? 00:00:00 klogd
    1493 ? 00:00:00 named
    1612 ? 00:00:00 automount
    1623 ? 00:00:00 acpid
    1635 ? 00:00:00 cupsd
    1668 ? 00:00:00 sshd
    1676 ? 00:00:00 xinetd
    1736 ? 00:00:00 mysqld_safe
    1769 ? 00:00:00 mysqld
    1836 ? 00:00:00 master
    1843 ? 00:00:00 pickup
    1844 ? 00:00:00 qmgr
    1845 ? 00:00:00 proftpd
    1853 ? 00:00:00 httpd
    1860 ? 00:00:00 crond
    1871 ? 00:00:00 httpd
    1872 ? 00:00:00 httpd
    1873 ? 00:00:00 httpd
    1874 ? 00:00:00 httpd
    1875 ? 00:00:00 httpd
    1876 ? 00:00:00 httpd
    1877 ? 00:00:00 httpd
    1878 ? 00:00:00 httpd
    1887 ? 00:00:00 xfs
    1901 ? 00:00:00 atd
    1908 ? 00:00:00 saslauthd
    1915 ? 00:00:00 saslauthd
    1916 ? 00:00:00 saslauthd
    1917 ? 00:00:00 saslauthd
    1918 ? 00:00:00 saslauthd
    1919 ? 00:00:00 dbus-daemon
    1927 ? 00:00:00 miniserv.pl
    1944 tty1 00:00:00 mingetty
    1949 tty2 00:00:00 mingetty
    1950 tty3 00:00:00 mingetty
    1951 tty4 00:00:00 mingetty
    1952 tty5 00:00:00 mingetty
    1953 tty6 00:00:00 mingetty
    2182 ? 00:00:00 sshd
    2185 pts/0 00:00:00 bash
    2432 ? 00:00:00 crond
    2433 ? 00:00:00 run-parts
    2796 ? 00:00:00 tlsmgr
    3029 ? 00:00:00 yum.cron
    3030 ? 00:00:00 awk
    3031 ? 00:00:00 yum
    3163 pts/0 00:00:00 ps

    Richard
     
  4. rbartz

    rbartz Member

    I think it is IPTables problem

    Apparently the only accepted port at this point is 22:

    [[email protected] ~]# iptables -L -nvx
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    262 29872 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 156 packets, 27766 bytes)
    pkts bytes target prot opt in out source destination

    Chain RH-Firewall-1-INPUT (2 references)
    pkts bytes target prot opt in out source destination
    2 200 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
    0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
    168 15420 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    88 13952 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    What is the best way to change the setup? My guess is to go ahead with ispconfig installation which changes the firewall?

    Thanks for your advice,

    Richard
     
  5. rbartz

    rbartz Member

    That was the problem...

    I installed ispconfig (had to install gcc-c++!) and, manually opened port 81 in iptables, logged into ispconfig, set the Firewall on, saved, and all the ports opened.

    Cheers!

    Richard
     
    Last edited: Dec 5, 2006

Share This Page