[opensuse] Resolve Hostname not working with firewall on
OK probably a dumb question with an obvious answer. I just set up an apache2 server on the latest version of tumbleweed. When I go to http://10.113.0.23 it loads fine when I go to http://hostname it will not load unless I turn off the firewall then it works fine. which ports do I need to allow? Basically having a blonde moment. :-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 01:00 PM, Paul Groves wrote:
OK probably a dumb question with an obvious answer.
I just set up an apache2 server on the latest version of tumbleweed.
When I go to http://10.113.0.23 it loads fine
when I go to http://hostname it will not load unless I turn off the firewall then it works fine.
which ports do I need to allow?
Basically having a blonde moment. :-)
Firewall on which system? Where's the DNS? Generally firewalls allow outgoing DNS requests and corresponding responses. DNS uses port 53, normally UDP, but sometimes TCP too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
The following will allow http/https through the firewall. yast firewall services add service=service:apache2 zone=EXT yast firewall services add service=service:apache2-ssl zone=EXT -- Later, Darin On Wed, Aug 23, 2017 at 1:00 PM, Paul Groves <paul.groves.787@gmail.com> wrote:
OK probably a dumb question with an obvious answer.
I just set up an apache2 server on the latest version of tumbleweed.
When I go to http://10.113.0.23 it loads fine
when I go to http://hostname it will not load unless I turn off the firewall then it works fine.
which ports do I need to allow?
Basically having a blonde moment. :-)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Given the problem is host name lookup, it's a DNS issue. On 08/23/2017 01:07 PM, Darin Perusich wrote:
The following will allow http/https through the firewall.
yast firewall services add service=service:apache2 zone=EXT yast firewall services add service=service:apache2-ssl zone=EXT
-- Later, Darin
On Wed, Aug 23, 2017 at 1:00 PM, Paul Groves <paul.groves.787@gmail.com> wrote:
OK probably a dumb question with an obvious answer.
I just set up an apache2 server on the latest version of tumbleweed.
When I go to http://10.113.0.23 it loads fine
when I go to http://hostname it will not load unless I turn off the firewall then it works fine.
which ports do I need to allow?
Basically having a blonde moment. :-)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I have already enabled port 53 incoming and outgoing both tcp and udp also I have already enabled port 80 and 443 tcp from the local subnet http://ip works http://hostname does not turn off firewall then http://hostname works fine. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 01:15 PM, Paul Groves wrote:
I have already enabled port 53 incoming and outgoing both tcp and udp
also I have already enabled port 80 and 443 tcp from the local subnet
http://ip works http://hostname does not
turn off firewall then http://hostname works fine.
Again, where is the firewall? Where is the DNS? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 10:15 AM, Paul Groves wrote:
I have already enabled port 53 incoming and outgoing both tcp and udp
also I have already enabled port 80 and 443 tcp from the local subnet
http://ip works http://hostname does not
turn off firewall then http://hostname works fine.
What program do you expect to resolve that host name to that unroutable address? Are you running a dns server on your machine, and or on your lan? (perhaps in a router?) Check the configuration of those. In the absense of that, you could try adding an entry to your /etc/hosts but generally this will only work for your own machine, not others on the lan. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 01:38 PM, John Andersen wrote:
On 08/23/2017 10:15 AM, Paul Groves wrote:
I have already enabled port 53 incoming and outgoing both tcp and udp
also I have already enabled port 80 and 443 tcp from the local subnet
http://ip works http://hostname does not
turn off firewall then http://hostname works fine.
What program do you expect to resolve that host name to that unroutable address? Are you running a dns server on your machine, and or on your lan? (perhaps in a router?) Check the configuration of those.
RFC1918 addresses are routable, but not onto the Internet. Regardless, it should be possible for DNS or /etc/hosts to map the name to an IP address
In the absense of that, you could try adding an entry to your /etc/hosts but generally this will only work for your own machine, not others on the lan.
Also, he said it worked if the firewall was turned off, but didn't say where the firewall is or the DNS server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/08/17 18:53, James Knott wrote:
On 08/23/2017 01:38 PM, John Andersen wrote:
On 08/23/2017 10:15 AM, Paul Groves wrote:
I have already enabled port 53 incoming and outgoing both tcp and udp
also I have already enabled port 80 and 443 tcp from the local subnet
http://ip works http://hostname does not
turn off firewall then http://hostname works fine.
What program do you expect to resolve that host name to that unroutable address? Are you running a dns server on your machine, and or on your lan? (perhaps in a router?) Check the configuration of those. RFC1918 addresses are routable, but not onto the Internet. Regardless, it should be possible for DNS or /etc/hosts to map the name to an IP address In the absense of that, you could try adding an entry to your /etc/hosts but generally this will only work for your own machine, not others on the lan.
Also, he said it worked if the firewall was turned off, but didn't say where the firewall is or the DNS server. DNS server on same lan.
I am talking about the local firewall on the apache server itself. not my internet firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 01:16 PM, Paul Groves wrote:
DNS server on same lan.
I am talking about the local firewall on the apache server itself. not my internet firewall.
Stab in the dark, but are you trying to browse the apache server from a browser on the same machine? If so, how are you handling localhost/hostname resolution? Does your firewall modify /etc/hosts or /etc/nsswitch.conf? Can you browse http://localhost? If you are attempting to browse on the same machine as the apache server, you must be able to resolve localhost, hostname, and hostname-fqdn. I don't know how the firewall effects that resolution, but apache is generally looking for 'incoming' connection from remote hosts. If you are on the same host, then what is local? and what is remote? can required a bit of finesse/ -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/08/17 18:38, John Andersen wrote:
On 08/23/2017 10:15 AM, Paul Groves wrote:
I have already enabled port 53 incoming and outgoing both tcp and udp
also I have already enabled port 80 and 443 tcp from the local subnet
http://ip works http://hostname does not
turn off firewall then http://hostname works fine.
What program do you expect to resolve that host name to that unroutable address? Firefox / ssh / ping Are you running a dns server on your machine, and or on your lan? (perhaps in a router?) Check the configuration of those. On the lan. All working fine when the apache server's firewall is off. In the absense of that, you could try adding an entry to your /etc/hosts but generally this will only work for your own machine, not others on the lan. Already done so on the DNS. works fire with the apache server's firewall off.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 23.08.2017 um 19:00 schrieb Paul Groves:
OK probably a dumb question with an obvious answer.
I just set up an apache2 server on the latest version of tumbleweed.
When I go to http://10.113.0.23 it loads fine
when I go to http://hostname it will not load unless I turn off the firewall then it works fine.
which ports do I need to allow?
Basically having a blonde moment. :-)
As much as I know it must be in the etc/hosts file like 127.0.0.1 localhost 127.0.0.1 my.local.domain at least here it works hth -- Daniel Bauer photographer Basel Barcelona https://www.patreon.com/danielbauer http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/08/17 18:20, Daniel Bauer wrote:
Am 23.08.2017 um 19:00 schrieb Paul Groves:
OK probably a dumb question with an obvious answer.
I just set up an apache2 server on the latest version of tumbleweed.
When I go to http://10.113.0.23 it loads fine
when I go to http://hostname it will not load unless I turn off the firewall then it works fine.
which ports do I need to allow?
Basically having a blonde moment. :-)
As much as I know it must be in the etc/hosts file like
127.0.0.1 localhost 127.0.0.1 my.local.domain
at least here it works
hth
That is already set on the DNS server. Which is not the cause because everything works fine with firewall off. Again the servers own local firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 02:15 PM, Paul Groves wrote:
That is already set on the DNS server. Which is not the cause because everything works fine with firewall off. Again the servers own local firewall.
So, there is a firewall on the DNS server. If so, then you have to enable port 53 on it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/08/17 19:18, James Knott wrote:
On 08/23/2017 02:15 PM, Paul Groves wrote:
That is already set on the DNS server. Which is not the cause because everything works fine with firewall off. Again the servers own local firewall. So, there is a firewall on the DNS server. If so, then you have to enable port 53 on it.
Already is enabled. Has been for 3 years now working no problem. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 02:19 PM, Paul Groves wrote:
On 23/08/17 19:18, James Knott wrote:
On 08/23/2017 02:15 PM, Paul Groves wrote:
That is already set on the DNS server. Which is not the cause because everything works fine with firewall off. Again the servers own local firewall. So, there is a firewall on the DNS server. If so, then you have to enable port 53 on it.
Already is enabled. Has been for 3 years now working no problem.
Then perhaps it's time to fire up Wireshark, to see what's actually happening. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 23/08/17 19:20, James Knott wrote:
On 08/23/2017 02:19 PM, Paul Groves wrote:
On 23/08/17 19:18, James Knott wrote:
On 08/23/2017 02:15 PM, Paul Groves wrote:
That is already set on the DNS server. Which is not the cause because everything works fine with firewall off. Again the servers own local firewall. So, there is a firewall on the DNS server. If so, then you have to enable port 53 on it.
Already is enabled. Has been for 3 years now working no problem.
Then perhaps it's time to fire up Wireshark, to see what's actually happening.
Indeed. It might help. I know it has got to be just a blocked port but which one.. :-S -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Sorted: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Allow port 5355 incoming from local IP range/subnet now I can http://hostname or ping hostname or ssh paul@hostname -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2017 02:39 PM, Paul Groves wrote:
Sorted:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Allow port 5355 incoming from local IP range/subnet
now I can http://hostname or ping hostname or ssh paul@hostname
Why didn't you mention multicast DNS before? That is not the normal DNS, on port 53, we assumed you used. With that, the client makes a request to the specified DNS server and gets back a response. With multicast DNS, a device announces itself to other devices on the network, without use of a DNS server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Daniel Bauer -
Darin Perusich -
David C. Rankin -
James Knott -
John Andersen -
Paul Groves