Allow incoming traffic to CentOS server

Question

I've built a new box on our network to serve a new web application. It's a CentOS server running on a local IP address 172.25.97.25 and local hostname truleadsap01:80.

SELinux has been disabled.

This address is NAT'ed and routed up to a public domain www.foobar.co.za and public IP address x.x.x.x.

I've configured httpd correctly because when I navigate to local hostname, I see the app. However, when I use either the public domain or IP address, it doesn't load the page.

From my httpd.conf:

Listen 172.25.97.25:80
ServerName truleadsap01:80

From /etc/sysconfig/iptables:

# Completed on Tue Dec 10 18:17:02 2013
# Generated by iptables-save v1.4.7 on Tue Dec 10 18:17:02 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:2744]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 196.15.219.218/32 -i eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i lo -o etho0 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Tue Dec 10 18:17:02 2013

Despite following a lot of tutorials on-line and making numerous changes, I'm still not able to browse to the public domain.

UPDATE I: I checked the access log when I access the site from the public domain. I get this entry repeatedly:

  172.25.121.5 - - [11/Dec/2013:10:22:22 +0200] "GET /" 302 - "-" "-"

Your help is much appreciated.

Answer 1

The httpd.conf you posted only shows what IP:port is should listen on and the expected ServerName:port. I'll try to answer based on some possibilities.

Check that port 80 is indeed accessible by running the following command from a remote node.

nc 172.25.97.25 80 < /dev/null

If the connection is successful you may want to check access_log and error_log to see if the server is only accepting request URL with the configured ServerName. If this is the case, you might have virtualHost configured.

Answer 2

Try adding the public IP address to the listen line in the httpd.conf file (I am assuming it is a static IP).