I can't see my web-server ...

I'm running httpd on my desktop,
but can't access it from my laptop - I get the message
"The connection was refused when attempting to contact alfred"
(the name of the desktop).

I'm running shorewall on the desktop,
and have the line
AllowWeb loc fw
in /etc/shorewall/rules .
I don't see anything in "iptables -L"
which stops the connection.

Is something more needed that http/https access?
I can access the desktop with ssh without problem,
and can print through it from the laptop (using cups)
again without any problem.

Any suggestions or hints gratefully received.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

what about from the desktop itself, can you access it then? from the
browser http://localhost
is the port listening? `netstat -an -l | grep 80`
you can nmap that port from the laptop to see if is a firewall issue,
`nmap -p 80 alfred`

(E-Mail Removed) wrote:

> what about from the desktop itself, can you access it then? from the
> browser http://localhost
> is the port listening? `netstat -an -l | grep 80`
> you can nmap that port from the laptop to see if is a firewall issue,
> `nmap -p 80 alfred`

The port is not open:
--------------------------------
[tim@martha ~]$ sudo nmap -p 80 alfred

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-02-05 20:27 GMT
Interesting ports on alfred (192.168.1.1):
PORT STATE SERVICE
80/tcp closed http

Nmap finished: 1 IP address (1 host up) scanned in 0.668 seconds
--------------------------------
I can't even access the web-server (running on the desktop)
from the desktop:
--------------------------------
[root@alfred tim]# nmap -p 80 alfred

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-02-05 20:29 GMT
Interesting ports on alfred (192.168.1.1):
PORT STATE SERVICE
80/tcp closed http

Nmap finished: 1 IP address (1 host up) scanned in 0.183 seconds
--------------------------------

But I don't understand why this is so.
I guess this is a shorewall question;
I have the lines
AllowWeb loc fw
AllowWeb net fw
in /etc/shorewall/rules , and have the lines
loc eth1 detect newnotsyn
loc eth2 detect newnotsyn
in /etc/shorewall/interfaces .
I added the options "newnotsyn"
but this did not seem to make any difference.

I wonder if I could add an iptables rule after shorewall has started,
to allow access from a named local address or addresses
to access the web-server?

I can't access the web-server with firefox or lynx :
--------------------------------
[tim@martha ~]$ lynx http://alfred/

Looking up alfred
Making HTTP connection to alfred
Alert!: Unable to connect to remote host.
--------------------------------

I don't see any messages in /var/log/messages
(or in any other /var/log/ files).

I can access the desktop from my laptop with ssh
without any problem.

Any suggestions or advice gratefully received.






--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

well if nmap is showing the port closed, it usually means that the
service is not running, and not really that the firewall is the problem
yet.
So a copy of this outputs`apachectl start` and a `netstat -an -l |
grep 80` may help us determine what the issue is.

<posted & mailed>

(E-Mail Removed) wrote:

> well if nmap is showing the port closed, it usually means that the
> service is not running, and not really that the firewall is the problem
> yet.
> So a copy of this outputs`apachectl start` and a `netstat -an -l |
> grep 80` may help us determine what the issue is.

Thanks for your response.
Unfortunately, that cannot be the solution,
since I can access my web-server from a machine outside my system.
So httpd is presumably running OK.

I'm wondering if I could add an iptables rule
to open port 80 from a specific machine or LAN?

I'm not quite clear what happens if one adds an iptables rule
after shorewall (say) has started.
Does the new rule have precedence?

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland