Apache is refusing to connect - apache

I am running Ubuntu 16.04 on a remote server. I wish to setup apache.
I just did a fresh install. I set up ufw and allowed all relevant ports, I believe. Apache is running, I checked that it is listening to port 80 and 443, I believe. I can ssh into the server just fine. When I type the ip address in my browser the connection is refused.
Please help.
Relevant info I believe will help:
IP tables:
jpp#server:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INVALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
ufw-user-input all -- anywhere anywhere
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:7822
ACCEPT udp -- anywhere anywhere udp dpt:7822
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https /* 'dapp_Apache%20Secure' */
ACCEPT tcp -- anywhere anywhere multiport dports 5000:5003
ACCEPT udp -- anywhere anywhere multiport dports 5000:5003
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
Apache status:
jpp#server:~$ sudo systemctl status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (exited) since Tue 2020-06-30 19:48:29 EDT; 1h 40min ago
Docs: man:systemd-sysv-generator(8)
Jun 30 19:48:29 server systemd[1]: Starting LSB: Apache2 web server...
Jun 30 19:48:29 server systemd[1]: Started LSB: Apache2 web server.
Jun 30 21:18:35 server systemd[1]: Started LSB: Apache2 web server.
Jun 30 21:18:46 server systemd[1]: Started LSB: Apache2 web server.
ufw status:
jpp#server:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
7822 ALLOW Anywhere
80 ALLOW Anywhere
80/tcp ALLOW Anywhere
Apache ALLOW Anywhere
443 ALLOW Anywhere
443/tcp ALLOW Anywhere
Apache Secure ALLOW Anywhere
5000:5003/tcp ALLOW Anywhere
5000:5003/udp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
7822 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
Apache Secure (v6) ALLOW Anywhere (v6)
5000:5003/tcp (v6) ALLOW Anywhere (v6)
5000:5003/udp (v6) ALLOW Anywhere (v6)

Related

VM cannot communicate with host on a given port

I'm doing some sort of school project where i have to make my vm (using virtualbox for hosting the vm) communicate with my host pc using port 6969.
The problem is that even after all the things I tried to open this particular port, the vm still says connection refused.
I'm using bridge adapter, the vm is a linux one, and my host is manjaro.
I cannot do any sudoer thing on the vm, it's mounted on an iso given by the school that is sure to be working fine (no one besides me had any problem with it) but is not giving me any admin rights.
Ssh connection are fine though, here are a few commands I ran on the vm :
$> nc -zvw10 192.168.1.40 6969
nc: connect to 192.168.1.40 port 6969 (tcp) failed: Connection refused
$> nc -zvw10 192.168.1.40 22
Connection to 192.168.1.40 22 port [tcp/ssh] succeeded!
And my opened and flushed iptables on host side :
$> sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Any idea on things to try would help me so much.
Thanks for reading.

iptables issue centos 6 - is my port open?

I've entered some rules into IPtables on CentOS 6. But when I run 'service iptables status' I get a different result than when I go 'iptables -L'.
I need to open up port 1270 on this machine.
This is what I see when I go 'service iptables status'
[root#server01 sysconfig]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 /* 000 reject all icmp requests */ reject-with icmp-port-unreachable
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ state RELATED,ESTABLISHED
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 22 /* 100 allow ssh access */
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 443,8443 /* 110 allow https access */
6 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:1556
7 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:13782
8 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:13724
9 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:1556
10 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:13782
11 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:13724
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5222
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5269
16 ACCEPT tcp -- 10.36.16.25 0.0.0.0/0 tcp dpt:1270
17 ACCEPT tcp -- 10.36.16.26 0.0.0.0/0 tcp dpt:1270
18 ACCEPT tcp -- 10.36.16.37 0.0.0.0/0 tcp dpt:1270
19 ACCEPT tcp -- 10.36.16.31 0.0.0.0/0 tcp dpt:1270
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
And this is what I see when I go iptables -L
[root#server01 sysconfig]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT icmp -- anywhere anywhere /* 000 reject all icmp requests */ reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere /* 001 accept all to lo interface */
ACCEPT all -- anywhere anywhere /* 002 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport ports ssh /* 100 allow ssh access */
ACCEPT tcp -- anywhere anywhere multiport ports https,pcsync-https /* 110 allow https access */
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:veritas_pbx
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:bpcd
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:vnetd
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:veritas_pbx
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:bpcd
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:vnetd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:xmpp-server
ACCEPT tcp -- abckpap6181.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abckpap6182.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abcepap6782.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abcepap6783.us.companyworld.company.com anywhere tcp dpt:opsmgr
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So, is port 120 open on this machine or not? Why am I see a difference between the two commands?
Port 1270 is open as you can see bellow:
16 ACCEPT tcp -- 10.36.16.25 0.0.0.0/0 tcp dpt:1270
17 ACCEPT tcp -- 10.36.16.26 0.0.0.0/0 tcp dpt:1270
18 ACCEPT tcp -- 10.36.16.37 0.0.0.0/0 tcp dpt:1270
19 ACCEPT tcp -- 10.36.16.31 0.0.0.0/0 tcp dpt:1270
but it's limited to those 4 ip addresses.
The output is different since service iptables status shows the iptables output using numeric format for ip addresses and ports while using iptables -L doesn't do that. If you want to get a similar ouput try iptables -nL
I would also issue a netstat -tunlp | grep 1270 just to be sure that there is some service/program/app actually listening to that port

when testing apache if running, no response from site

I'm trying to install LAMP.
I followed the instructions here.
I'm stuck at installing apache/httpd
I've installed apache/httpd in a ssh server. When trying to check if apache is okay, which is opening a web browser and input the ip address, it would show that "This site cannot be reached".
What suppose could be the problem?
here is the local firewall config
Chain INPUT (policy DROP 142 packets, 7398 bytes)
pkts bytes target prot opt in out source destination
2492 218K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
34 2040 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2202
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2364 packets, 225K bytes)
pkts bytes target prot opt in out source destination

Blocked IPs in iptables but DDOS still is going on

I had a DDOS today on a webserver running debian sequeeze and blocked various IP-Adresses in iptables like so:
iptables -A INPUT -s 169.50.5.42 -j DROP
But it seems to not being dropping the traffic from these ip.
Listing all rules with iptables -L gives the following output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp
fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps
DROP all -- 169.50.5.42-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.45-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.37-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.36-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.38-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.39-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.45-static.reverse.softlayer.com anywhere
DROP all -- 169.50.5.42-static.reverse.softlayer.com anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-dovecot-pop3imap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-pureftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- 43.229.53.60 anywhere
RETURN all -- anywhere anywhere
Is there something that i missed?
I can answer myself. Apparently it needs some time to apply all changes internally. After one minute or so the rules are working.

OpenStack Network not working after IPTables was turned off and then back on

I installed OpenStack on RHEL6 using DevStack and had it running nicely. One day one of our "system administrators" noticed that iptables was running on the system and decided to turn it off (chkconfig iptables off). He then restarted the server and didn't tell me for a couple days. After he told me I quickly checked to see if I could access my instances. While Horizon was accessible, since nothing is being blocked, and I could access my instances from the Console, these instances could not access the network. After this I tried to access the instances from the server via SSH. The private IP was not accessible.
I then tried to restart iptables, which came up... and blocked the horizon dashboard. So I then attempted to restart all the open stack services... still no access to Horizon or any of the instances, but at least now my IPTables was populated with nova rules
Chain INPUT (policy ACCEPT)
target prot opt source destination
nova-api-INPUT all -- anywhere anywhere
nova-network-INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere multiport dports https
ACCEPT tcp -- anywhere anywhere multiport dports http
Chain FORWARD (policy ACCEPT)
target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-api-FORWARD all -- anywhere anywhere
nova-network-FORWARD all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-api-OUTPUT all -- anywhere anywhere
nova-network-OUTPUT all -- anywhere anywhere
Chain nova-api-FORWARD (1 references)
target prot opt source destination
Chain nova-api-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere devcloud.camb.comdev.ca tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-local (1 references)
target prot opt source destination
Chain nova-filter-top (2 references)
target prot opt source destination
nova-api-local all -- anywhere anywhere
nova-network-local all -- anywhere anywhere
Chain nova-network-FORWARD (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain nova-network-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Chain nova-network-OUTPUT (1 references)
target prot opt source destination
Chain nova-network-local (1 references)
target prot opt source destination
None of these rules allows allow remote access to Horizon, and they don't even allow local access to the instances that should be running. On top of that, before iptables was turned off I was able to allow Apache HTTPD to listen on any port, but that functionality seems to be stopped now as well.
Right now, the only thing I can think of is starting fresh because I don't have a clue where to look. I've been reading up on iptables and OpenStack and how they work together but haven't been able to find any solution. Can anyone point me in a direction that might help?
I had considered adding rules to the IPtables rules directly, but these would be overridden by nova anytime a change is made or it is restarted which would make this impossible to maintain.
I had same issue. I logged in the console and found that INPUT and FORWARD policies were set to drop. To fix this issue:
$ sudo iptables -A INPUT ACCEPT
$ sudo iptables -A FORWARD ACCEPT
then I could ssh and open the dashboard.