Apache not working on external IP on CentOS

Question

I have a newly installed CentOS 5.6 machine and can access httpd locally via elinks. But it does not work from other IPs. I can ping the IP, but I get no route to host if I connect to port 80. I assume some firewall rules is preventing access to Port 80 and have check iptables and it seems fine.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Please post your /etc/sysconfig/iptables file. – Andrew Case Nov 08 '11 at 22:02 — Andrew Case, Nov 08 '11 at 22:02

user9517 · Answer 1 · 2011-11-08T17:09:12.460

You don't appear to have a rule to allow traffic on port 80 try this

/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

if that works then save you firewall configuration with

/sbin/service iptables save

Another thing to check is that Apache is actually configured to listen on your external IP address. Check the Listen directive in your /etc/httpd/conf/httpd.conf file. It should be something like

Listen 80

to listen on all available addresses.

score 1 · Answer 2 · answered Nov 08 '11 at 18:44

If SELinux enabled - first of all check all the apache related SELinux boolean values:

[root@localhost ~]# getsebool -a | grep httpd
       . . . . . . 
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
     . . . . . . . .

if httpd_can_network_connect --> off disable SELinux restriction on httpd:

[root@localhost ~]# setsebool -P httpd_can_network_connect on

Or use system-config-selinux, also known as the SELinux Administration graphical tool, to control the Boolean values of specific daemons.

He can test if it's a SELinux issue by temporarily putting it into permissive mode. `setenforce Permissive; [run tests]; setenforce Enforcing` — Andrew Case, Nov 08 '11 at 22:03

Apache not working on external IP on CentOS

2 Answers2