Trying to set up Apache on remote virtual machine. Can't access from my machine

Question

So I have set up httpd and iptables on a centos 7 virtual machine that I don't have physical access to. If I run curl http://localhost I get a bunch of html, but if I type the ip address of the vm (that I used to ssh into it) into chrome, the request times out. I left the httpd.conf file as is in the example, but I modified my /etc/sysconfig/iptables file to be:

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

To try to accommodate for an ftp server and httpd. Where should I be looking for my server?

Also, I have removed firewalld so that shouldn't create an issue.

Edit: iptables -nvL produced:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2019  143K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 1368 packets, 1118K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1368 1118K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

I could switch to firewalld if that would help, but I don't know exactly how any of this works. — iHowell, Sep 28 '16 at 02:39

score 1 · Answer 1 · answered Sep 28 '16 at 02:39

1

It looks like you actually are using firewalld. In this case /etc/sysconfig/iptables is ignored, and firewalld is configured using firewall-cmd.

Just telling firewalld to add the services you want should be sufficient.

firewall-cmd --add-service=http --add-service=https --add-service=ftp

If you are happy with the results, you can save them:

firewall-cmd --runtime-to-permanent

You can learn more about how to use firewalld in the Red Hat documentation.

answered Sep 28 '16 at 02:39

Michael Hampton

244,070
43
506
972

Unfortunately that didn't work, but it might be due to some other reason. Is there some way to disable the firewalls and test if I can access the server without anything up? – iHowell Sep 28 '16 at 02:44
You could try to stop firewalld. But you might have some trouble with this if you somehow uninstalled it and it's still running (which shouldn't happen). Whatever you did, your system is in a pretty bad state right now. – Michael Hampton Sep 28 '16 at 02:47
Yah...I will try it. Good thing I can restart because it's a brand new VM that can be re-imaged. – iHowell Sep 28 '16 at 02:49
@iHowell In that case I think I would start over fresh, add the ports to the firewall as above, and get on with other things. :) – Michael Hampton Sep 28 '16 at 02:51
Alright thank you. I will be doing this tomorrow then, as our system administrator is out. – iHowell Sep 28 '16 at 02:51
I got the new server set up but I still can't get to the apache test page. I also made a new thread here: http://serverfault.com/questions/805954/just-finished-updating-centos-and-installing-httpd-on-a-vm-but-cant-get-to-the – iHowell Sep 28 '16 at 20:07

Trying to set up Apache on remote virtual machine. Can't access from my machine

1 Answers1