Cannot access to web server, but can ssh to it
Solution 1
You can debug the issue using the following tools:
Run
wireshark
ortcpdump
and check whether the HTTP request is reaching to the server or not.Use
tcptraceroute
$ tcptraceroute "webserver-ip" 80
It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)
$ sudo netstat -taupen | grep LISTEN
Check the iptables rules using
$ sudo iptables -nvL
Check the status of SELinux which also acts as firewall.
$ sudo sestatus
Solution 2
You might have firewall rules blocking access. Check the output of
iptables -L
. Maybe everything is blocked except ssh.The services might not be listening on the right interfaces or ports. Check the output of
netstat -ntl
.
If these commands don't help figuring it out, then please add their output in your question. Also add the output of ifconfig
.
Related videos on Youtube
sushiconzo
Updated on September 18, 2022Comments
-
sushiconzo over 1 year
I have a Ubuntu server but there are some weird things I can't understand.
I cannot ping to the server via IP address, but I can ssh to it. I can access to apache server inside the server via command line, but I cannot acccess in my Windows's browser.
What kind of setting I need to check now?
-
depquid about 11 yearsOne other possibility is that Apache isn't listening on the correct network interface, but that's highly unlikely if this is a new install.
-
vonbrand about 11 years@jsbillings, routing tables direct traffic at the IP level, if you can reach the machine at the IP level (via direct ssh) then you can reach it by ICMP (ping, ...) and HTTP/HTTPS unless something filters that out on the way (or at the destination).
-
Olathe about 8 yearsSome cloud providers block ICMP (for example, Amazon Web Services does by default).
-
-
TPS almost 8 yearsWelcome to U&L SE. This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. OR You can always ask a new question by follwing guidelines given in How to Ask.
-
nevillescollop almost 8 yearsno it doesn't answer the question but it offers more information regarding the issue. The OP did not add any significant information to his(her) post therefore I am. I figured out what my issue was. I had not allowed the ports to go through the firewall. I should have done this: firewall-cmd --zone=public --add-port=8080/tcp --permanent (for http) and then the reload command (firewall-cmd --reload)