Failed remote web connections
I'm trying to start a webserver (rails) on Ubuntu 14.04 LTS. It starts fine and responds fine to local wget/curl requests, but no remote requests (curl or browser). No error code - just failed connection. To eliminate variables, I'm using just the IP address (no DNS) over port 80, though I was ultimately planning to run on normal dev ports of 3000 or 8080.
As I'm not 100% confident in the firewall settings, I first tried to temporarily disable/flush the rules with "sudo iptables -F", but still getting failure to connect in remote curl or browser.
netstat -ltn shows:
b:~$ netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
iptables -L shows:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:3000
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Thanks in advance for your help.
2 Replies
@brogers:
netstat -ltn shows:
b:~$ netstat -ltn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN
Your server (the port 80 line above) is only listening on your localhost (127.0.0.1) address, thus it's impossible to contact it from the outside (firewall or not). It's probably a default "safe" setting in whatever setup you're using. You want that port 80 line to look more like your ssh (port 22) line below it "0.0.0.0" as the local address (or alternatively an explicit local address of your public IP).
You need to adjust your configuration (either the rails app itself if its serving the port directly, or your front-end web server if not) to let it listen on either all of your addresses, or explicitly a selected public address, in addition to localhost. There's probably a configuration item somewhere for listen or local address to bind to.
– David
For future reference for anyone else searching, the binding in rails is 'rvmsudo rails s -p80 –binding=0.0.0.0