[Lista ArNOG] Apache en Centos
Diego Rodriguez
drodriguez en starnetworks.com.ar
Mie Abr 4 15:41:17 ART 2018
Pero en la primer respuesta te puse
Iptables -F
Eso fushea reglas de firewall...
Perdon pero soy de los que hacia reglas en ambos sentidos con ipchains y no
habia conntrack !!
Saludos
El mié., 4 de abr. de 2018 14:37, Fernando R. Soto <fsoto en fi.uba.ar>
escribió:
> Era el firewall. je
>
>
>
>
>
> [root en localhost html]# systemctl status firewalld
>
> ● firewalld.service - firewalld - dynamic firewall daemon
>
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
> vendor preset: enabled)
>
> Active: active (running) since Fri 2018-03-30 18:02:07 -03; 4 days ago
>
> Docs: man:firewalld(1)
>
> Main PID: 745 (firewalld)
>
> CGroup: /system.slice/firewalld.service
>
> └─745 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
>
>
>
> Mar 30 18:02:04 localhost.localdomain systemd[1]: Starting firewalld -
> dynamic firewall daemon...
>
> Mar 30 18:02:07 localhost.localdomain systemd[1]: Started firewalld -
> dynamic firewall daemon.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'beyond-scope' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'failed-policy' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'reject-route' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> [root en localhost html]#
>
> [root en localhost html]# systemctl stop firewalld
>
>
>
>
>
>
>
>
>
> *De:* Fernando R. Soto <fsoto en fi.uba.ar>
> *Enviado el:* miércoles, 4 de abril de 2018 9:37 a.m.
> *Para:* 'lista en arnog.com.ar' <lista en arnog.com.ar>
> *Asunto:* RE: [Lista ArNOG] Apache en Centos
>
>
>
> ok, puede ser.
>
> lo raro q ssh está separado y confunde.
>
>
>
> por curl 127.0.0.1 carga la página, pero no desde otro equipo
>
> se me hace q es el archivo httpd.conf
>
>
>
>
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 64 172.20.0.7:22 190.24.15.11:53390
> ESTABLISHED on (0.25/0/0)
>
> tcp6 0 0 :::80 :::*
> LISTEN off (0.00/0/0)
>
> tcp6 0 0 :::22 :::*
> LISTEN off (0.00/0/0)
>
>
>
>
>
> *De:* lista-bounces en arnog.com.ar <lista-bounces en arnog.com.ar> *En nombre
> de *Diego Rodriguez
> *Enviado el:* miércoles, 4 de abril de 2018 8:08 a.m.
> *Para:* lista en arnog.com.ar
> *Asunto:* Re: [Lista ArNOG] Apache en Centos
>
>
>
> Fernando,
>
>
>
> Esta escuchando en ambos me parece, al mostrar IPv6 asume IPv4.
>
>
> Diego F. Rodríguez
> STARNETWORKS
> Redes y Comunicaciones Moreno S.R.L.
>
> Cel: 15 6660 0035
> Tel: 3220 5923
>
>
>
> 2018-04-03 22:05 GMT-03:00 Fernando R. Soto <fsoto en fi.uba.ar>:
>
> Gracias Pablo
>
> Ahí lo hice, pero no veo al proceso escuchando en puerto 80
>
> Eso me llama la atención. No es raro eso?
>
>
>
>
>
> [root en localhost ~]# sudo firewall-cmd --permanent --add-service=http
>
> success
>
> [root en localhost ~]# netstat -noa
>
> Active Internet connections (servers and established)
>
> Proto Recv-Q Send-Q Local Address Foreign Address
> State Timer
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 64 172.20.0.7:22 190.24.15.11:53390
> ESTABLISHED on (0.25/0/0)
>
> tcp6 0 0 :::80 :::*
> LISTEN off (0.00/0/0)
>
> tcp6 0 0 :::22 :::*
> LISTEN off (0.00/0/0)
>
> tcp6 0 0 ::1:25 :::*
> LISTEN off (0.00/0/0)
>
> raw6 0 0 :::58 :::*
> 7 off (0.00/0/0)
>
> Active UNIX domain sockets (servers and established)
>
> Proto RefCnt Flags Type State I-Node Path
>
>
>
>
>
>
>
>
>
> *De:* lista-bounces en arnog.com.ar <lista-bounces en arnog.com.ar> *En nombre
> de *Pablo Vargas
> *Enviado el:* martes, 3 de abril de 2018 6:19 p.m.
> *Para:* lista en arnog.com.ar
> *Asunto:* Re: [Lista ArNOG] Apache en Centos
>
>
>
> Hola Fernando: lo mas probable es que sea el servicio de firewall que
> viene activado por defecto en RedHat/Centos
>
> # para permitir acceso web al server ( iptables -A INPUT.... )
>
> sudo firewall-cmd --permanent --add-service=http
> sudo firewall-cmd --permanent --add-service=https
>
> # para listar los servicios conocidos
> firewall-cmd --get-services
>
> # permitir puertos especificos
> sudo firewall-cmd --permanent --add-port=4444/tcp
>
> Pero si le cambias los puertos al httpd si vas a tener que "pelear" un
> poco con SELinux, para permitir que apache uso otro puerto que no son los
> estandar
>
>
>
> # ver los puertos que httpd puede usar
>
> sudo semanage port -l | grep -w http_port_t
>
> # permitir que httpd abra otros puertos
>
> sudo semanage port -a -t http_port_t -p tcp 4444
>
> saludos
>
> Pablo
>
>
>
>
>
>
>
> On Fri, Mar 30, 2018 at 4:21 PM, Fernando R. Soto <frsoto en gmail.com>
> wrote:
>
> Hola Amigos
>
> Instale un Apache en un centos 7 y no veo q este escuchando el puerto 80
> en ipv4
>
> que podrá ser? firewall? archivo conf?
>
> Probe ingresar desde una maquina en la misma red y no carga la página.
>
>
>
> [root en Centos7teleco ~]# netstat -ano
>
> Active Internet connections (servers and established)
>
> Proto Recv-Q Send-Q Local Address Foreign Address
> State Timer
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 0 0.0.0.0:3306 0.0.0.0:*
> LISTEN off (0.00/0/0)
>
> tcp 0 64 172.20.0.7:22 10.25.14.29:63483
> ESTABLISHED on (0,24/0/0)
>
>
>
> tcp6 0 0 :::80 :::*
> LISTEN off (0.00/0/0)
>
> tcp6 0 0 :::22 :::*
> LISTEN off (0.00/0/0)
>
> tcp6 0 0 ::1:25 :::*
> LISTEN off (0.00/0/0)
>
> udp 0 0 127.0.0.1:323 0.0.0.0:*
> off (0.00/0/0)
>
> udp6 0 0 ::1:323 :::*
> off (0.00/0/0)
>
> Active UNIX domain sockets (servers and established)
>
>
>
>
>
>
>
>
>
> *[root en Centos7teleco ~]# curl 127.0.0.1*
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "
> http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
>
> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
>
> <title>Apache HTTP Server Test Page powered by CentOS
> </title>
>
> <meta http-equiv="Content-Type" content="text/html;
> charset=UTF-8">
>
>
>
> <!-- Bootstrap -->
>
> <link href="/noindex/css/bootstrap.min.css" rel="stylesheet">
>
> <link rel="stylesheet" href="noindex/css/open-sans.css"
> type="text/css" />
>
>
>
> <style type="text/css"><!--
>
>
>
> body {
>
> font-family: "Open Sans", Helvetica, sans-serif;
>
> font-weight: 100;
>
> color: #ccc;
>
> background: rgba(10, 24, 55, 1);
>
> font-size: 16px;
>
> }
>
>
>
> h2, h3, h4 {
>
> font-weight: 200;
>
> }
>
>
>
> h2 {
>
> font-size: 28px;
>
> }
>
>
>
> .jumbotron {
>
> margin-bottom: 0;
>
> color: #333;
>
> background: rgb(212,212,221); /* Old browsers */
>
> background: radial-gradient(ellipse at center top, rgba(255,255,255,1)
> 0%,rgba(174,174,183,1) 100%); /* W3C */
>
> }
>
>
>
> .jumbotron h1 {
>
> font-size: 128px;
>
> font-weight: 700;
>
> color: white;
>
> text-shadow: 0px 2px 0px #abc,
>
> 0px 4px 10px rgba(0,0,0,0.15),
>
> 0px 5px 2px rgba(0,0,0,0.1),
>
> 0px 6px 30px rgba(0,0,0,0.1);
>
> }
>
>
>
> .jumbotron p {
>
> font-size: 28px;
>
> font-weight: 100;
>
> }
>
>
>
> .main {
>
> background: white;
>
> color: #234;
>
> border-top: 1px solid rgba(0,0,0,0.12);
>
> padding-top: 30px;
>
> padding-bottom: 40px;
>
> }
>
>
>
> .footer {
>
> border-top: 1px solid rgba(255,255,255,0.2);
>
> padding-top: 30px;
>
> }
>
>
>
> --></style>
>
> </head>
>
> <body>
>
> <div class="jumbotron text-center">
>
> <div class="container">
>
> <h1>Testing 123..</h1>
>
> <p class="lead">This page is used to test the proper
> operation of the <a href="http://apache.org">Apache HTTP server</a> after
> it has been installed. If you can read this page it means that this site
> is working properly. This server is powered by <a href="http://centos.org
> ">CentOS</a>.</p>
>
> </div>
>
> </div>
>
> <div class="main">
>
> <div class="container">
>
> <div class="row">
>
> <div class="col-sm-6">
>
> <h2>Just visiting?</h2>
>
> <p class="lead">The website you
> just visited is either experiencing problems or is undergoing routine
> maintenance.</p>
>
> <p>If you would like to let the
> administrators of this website know that you've seen this page instead of
> the page you expected, you should send them e-mail. In general, mail sent
> to the name "webmaster" and directed to the website's domain should reach
> the appropriate person.</p>
>
> <p>For example, if you experienced
> problems while visiting www.example.com, you should send e-mail to "
> webmaster en example.com".</p>
>
> </div>
>
> <div class="col-sm-6">
>
> <h2>Are you the Administrator?</h2>
>
> <p>You should add your website
> content to the directory <tt>/var/www/html/</tt>.</p>
>
> <p>To prevent this page from ever
> being used, follow the instructions in the file
> <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
>
>
>
> <h2>Promoting Apache and
> CentOS</h2>
>
> <p>You are free to use the images
> below on Apache and CentOS Linux powered HTTP servers. Thanks for using
> Apache and CentOS!</p>
>
> <p><a href="
> http://httpd.apache.org/"><img src="images/apache_pb.gif" alt="[ Powered
> by Apache ]"></a> <a href="http://www.centos.org/"><img
> src="images/poweredby.png" alt="[ Powered by CentOS Linux ]" height="31"
> width="88"></a></p>
>
> </div>
>
> </div>
>
> </div>
>
> </div>
>
> </div>
>
> <div class="footer">
>
> <div class="container">
>
> <div class="row">
>
> <div class="col-sm-6">
>
> <h2>Important note:</h2>
>
> <p class="lead">The CentOS Project has nothing to do with this
> website or its content,
>
> it just provides the software that makes the website run.</p>
>
>
>
> <p>If you have issues with the content of this site, contact
> the owner of the domain, not the CentOS project.
>
> Unless you intended to visit CentOS.org, the CentOS Project
> does not have anything to do with this website,
>
> the content or the lack of it.</p>
>
> <p>For example, if this website is www.example.com, you would
> find the owner of the example.com domain at the following WHOIS
> server:</p>
>
> <p><a href="http://www.internic.net/whois.html">
> http://www.internic.net/whois.html</a></p>
>
> </div>
>
> <div class="col-sm-6">
>
> <h2>The CentOS Project</h2>
>
> <p>The CentOS Linux distribution is a stable, predictable,
> manageable and reproduceable platform derived from
>
> the sources of Red Hat Enterprise Linux (RHEL).<p>
>
>
>
> <p>Additionally to being a popular choice for web hosting,
> CentOS also provides a rich platform for open source communities to build
> upon. For more information
>
> please visit the <a href="http://www.centos.org/">CentOS
> website</a>.</p>
>
> </div>
>
> </div>
>
> </div>
>
> </div>
>
> </div>
>
> </body></html>
>
> [root en Centos7teleco ~]#
>
>
>
>
>
> [root en Centos7teleco ~]# systemctl status httpd
>
> ● httpd.service - The Apache HTTP Server
>
> Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor
> preset: disabled)
>
> Active: active (running) since lun 2017-11-27 15:54:20 -03; 1 weeks 4
> days ago
>
> Docs: man:httpd(8)
>
> man:apachectl(8)
>
> Process: 32581 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
> (code=exited, status=0/SUCCESS)
>
> Main PID: 1116 (httpd)
>
> Status: "Total requests: 0; Current requests/sec: 0; Current traffic:
> 0 B/sec"
>
> CGroup: /system.slice/httpd.service
>
> ├─ 1116 /usr/sbin/httpd -DFOREGROUND
>
> ├─32588 /usr/sbin/httpd -DFOREGROUND
>
> ├─32589 /usr/sbin/httpd -DFOREGROUND
>
> ├─32590 /usr/sbin/httpd -DFOREGROUND
>
> ├─32591 /usr/sbin/httpd -DFOREGROUND
>
> └─32592 /usr/sbin/httpd -DFOREGROUND
>
>
>
> nov 27 15:54:15 Centos7teleco systemd[1]: Starting The Apache HTTP
> Server...
>
> nov 27 15:54:20 Centos7teleco httpd[1116]: AH00557: httpd:
> apr_sockaddr_info_get() failed for Centos7teleco
>
> nov 27 15:54:20 Centos7teleco httpd[1116]: AH00558: httpd: Could not
> reliably determine the server's fully qualified domain name, using
> 127.0.0.1. Set the 'ServerName' directi...this message
>
> nov 27 15:54:20 Centos7teleco systemd[1]: Started The Apache HTTP Server.
>
> dic 04 03:31:01 Centos7teleco httpd[32581]: AH00557: httpd:
> apr_sockaddr_info_get() failed for Centos7teleco
>
> dic 04 03:31:01 Centos7teleco httpd[32581]: AH00558: httpd: Could not
> reliably determine the server's fully qualified domain name, using
> 127.0.0.1. Set the 'ServerName' direct...this message
>
> dic 04 03:31:01 Centos7teleco systemd[1]: Reloaded The Apache HTTP Server.
>
> Hint: Some lines were ellipsized, use -l to show in full.
>
> [root en Centos7teleco ~]#
>
>
>
>
>
> *top -* 16:42:14 up 11 days, 48 min, 1 user, load average: 0,15, 0,05,
> 0,06
>
> Tasks: 188 total, 2 running, 186 sleeping, 0 stopped, 0 zombie
>
> %Cpu(s): 0,7 us, 0,7 sy, 0,0 ni, 98,7 id, 0,0 wa, 0,0 hi, 0,0 si,
> 0,0 st
>
> KiB Mem : 8010576 total, 6863232 free, 273320 used, 874024 buff/cache
>
> KiB Swap: 8257532 total, 8257532 free, 0 used. 7121664 avail Mem
>
>
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
>
> 1039 root 0 -20 0 0 0 S 0,0 0,0 0:00.09
> kworker/1:1H
>
> 1109 root 20 0 105996 4116 3140 S 0,0 0,1 0:17.80 sshd
>
> 1116 root 20 0 433368 15196 8716 S 0,0 0,2 0:38.46 httpd
>
> 1117 root 20 0 562392 18600 5880 S 0,0 0,2 1:31.10 tuned
>
> 1208 mysql 20 0 113260 1596 1300 S 0,0 0,0 0:00.01
> mysqld_safe
>
>
>
>
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
>
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20180404/73d65519/attachment-0001.html>
Más información sobre la lista de distribución Lista