[Lista ArNOG] Apache en Centos

Diego Rodriguez drodriguez en starnetworks.com.ar
Mie Abr 4 15:41:17 ART 2018


Pero en la primer respuesta te puse

Iptables -F

Eso fushea reglas de firewall...

Perdon pero soy de los que hacia reglas en ambos sentidos con ipchains y no
habia conntrack !!

Saludos

El mié., 4 de abr. de 2018 14:37, Fernando R. Soto <fsoto en fi.uba.ar>
escribió:

> Era el firewall. je
>
>
>
>
>
> [root en localhost html]# systemctl status firewalld
>
> ● firewalld.service - firewalld - dynamic firewall daemon
>
>    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
> vendor preset: enabled)
>
>    Active: active (running) since Fri 2018-03-30 18:02:07 -03; 4 days ago
>
>      Docs: man:firewalld(1)
>
> Main PID: 745 (firewalld)
>
>    CGroup: /system.slice/firewalld.service
>
>            └─745 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
>
>
>
> Mar 30 18:02:04 localhost.localdomain systemd[1]: Starting firewalld -
> dynamic firewall daemon...
>
> Mar 30 18:02:07 localhost.localdomain systemd[1]: Started firewalld -
> dynamic firewall daemon.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'beyond-scope' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'failed-policy' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type
> 'reject-route' is not supported by the kernel for ipv6.
>
> Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING:
> reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for
> run-time.
>
> [root en localhost html]#
>
> [root en localhost html]# systemctl stop firewalld
>
>
>
>
>
>
>
>
>
> *De:* Fernando R. Soto <fsoto en fi.uba.ar>
> *Enviado el:* miércoles, 4 de abril de 2018 9:37 a.m.
> *Para:* 'lista en arnog.com.ar' <lista en arnog.com.ar>
> *Asunto:* RE: [Lista ArNOG] Apache en Centos
>
>
>
> ok, puede ser.
>
> lo raro q ssh está separado y confunde.
>
>
>
> por  curl 127.0.0.1 carga la página, pero no desde otro equipo
>
> se me hace q es el archivo httpd.conf
>
>
>
>
>
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN      off (0.00/0/0)
>
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
>          LISTEN      off (0.00/0/0)
>
> tcp        0     64 172.20.0.7:22           190.24.15.11:53390
> ESTABLISHED on (0.25/0/0)
>
> tcp6       0      0 :::80                   :::*
> LISTEN      off (0.00/0/0)
>
> tcp6       0      0 :::22                   :::*
> LISTEN      off (0.00/0/0)
>
>
>
>
>
> *De:* lista-bounces en arnog.com.ar <lista-bounces en arnog.com.ar> *En nombre
> de *Diego Rodriguez
> *Enviado el:* miércoles, 4 de abril de 2018 8:08 a.m.
> *Para:* lista en arnog.com.ar
> *Asunto:* Re: [Lista ArNOG] Apache en Centos
>
>
>
> Fernando,
>
>
>
> Esta escuchando en ambos me parece, al mostrar IPv6 asume IPv4.
>
>
> Diego F. Rodríguez
> STARNETWORKS
> Redes y Comunicaciones Moreno S.R.L.
>
> Cel: 15 6660 0035
> Tel: 3220 5923
>
>
>
> 2018-04-03 22:05 GMT-03:00 Fernando R. Soto <fsoto en fi.uba.ar>:
>
> Gracias Pablo
>
> Ahí lo hice, pero no veo al proceso escuchando en puerto 80
>
> Eso me llama la atención. No es raro eso?
>
>
>
>
>
> [root en localhost ~]# sudo firewall-cmd --permanent --add-service=http
>
> success
>
> [root en localhost ~]# netstat -noa
>
> Active Internet connections (servers and established)
>
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State       Timer
>
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN      off (0.00/0/0)
>
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
>          LISTEN      off (0.00/0/0)
>
> tcp        0     64 172.20.0.7:22           190.24.15.11:53390
> ESTABLISHED on (0.25/0/0)
>
> tcp6       0      0 :::80                   :::*
> LISTEN      off (0.00/0/0)
>
> tcp6       0      0 :::22                   :::*
> LISTEN      off (0.00/0/0)
>
> tcp6       0      0 ::1:25                  :::*
> LISTEN      off (0.00/0/0)
>
> raw6       0      0 :::58                   :::*
> 7           off (0.00/0/0)
>
> Active UNIX domain sockets (servers and established)
>
> Proto RefCnt Flags       Type       State         I-Node   Path
>
>
>
>
>
>
>
>
>
> *De:* lista-bounces en arnog.com.ar <lista-bounces en arnog.com.ar> *En nombre
> de *Pablo Vargas
> *Enviado el:* martes, 3 de abril de 2018 6:19 p.m.
> *Para:* lista en arnog.com.ar
> *Asunto:* Re: [Lista ArNOG] Apache en Centos
>
>
>
> Hola Fernando: lo mas probable es que sea el servicio de firewall que
> viene activado por defecto en RedHat/Centos
>
> # para permitir acceso web al server ( iptables -A INPUT.... )
>
> sudo firewall-cmd --permanent --add-service=http
> sudo firewall-cmd --permanent --add-service=https
>
> # para listar los servicios conocidos
> firewall-cmd --get-services
>
> # permitir puertos especificos
> sudo firewall-cmd --permanent --add-port=4444/tcp
>
> Pero si le cambias los puertos al httpd si vas a tener que "pelear" un
> poco con SELinux, para permitir que apache uso otro puerto que no son los
> estandar
>
>
>
> # ver los puertos que httpd puede usar
>
> sudo semanage port -l | grep -w http_port_t
>
> # permitir que httpd abra otros puertos
>
> sudo semanage port -a -t http_port_t -p tcp 4444
>
> saludos
>
> Pablo
>
>
>
>
>
>
>
> On Fri, Mar 30, 2018 at 4:21 PM, Fernando R. Soto <frsoto en gmail.com>
> wrote:
>
> Hola Amigos
>
> Instale un Apache en un centos 7 y no veo q este escuchando el puerto 80
> en ipv4
>
> que podrá ser? firewall? archivo conf?
>
> Probe ingresar desde una maquina en la misma red y no carga la página.
>
>
>
> [root en Centos7teleco ~]# netstat -ano
>
> Active Internet connections (servers and established)
>
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State       Timer
>
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN      off (0.00/0/0)
>
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
>             LISTEN      off (0.00/0/0)
>
> tcp        0      0 0.0.0.0:3306            0.0.0.0:*
> LISTEN      off (0.00/0/0)
>
> tcp        0     64 172.20.0.7:22           10.25.14.29:63483
>     ESTABLISHED on (0,24/0/0)
>
>
>
> tcp6       0      0 :::80                   :::*
> LISTEN      off (0.00/0/0)
>
> tcp6       0      0 :::22                   :::*
> LISTEN      off (0.00/0/0)
>
> tcp6       0      0 ::1:25                  :::*
> LISTEN      off (0.00/0/0)
>
> udp        0      0 127.0.0.1:323           0.0.0.0:*
> off (0.00/0/0)
>
> udp6       0      0 ::1:323                 :::*
>                           off (0.00/0/0)
>
> Active UNIX domain sockets (servers and established)
>
>
>
>
>
>
>
>
>
> *[root en Centos7teleco ~]# curl 127.0.0.1*
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "
> http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
>
> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
>
>                 <title>Apache HTTP Server Test Page powered by CentOS
> </title>
>
>                 <meta http-equiv="Content-Type" content="text/html;
> charset=UTF-8">
>
>
>
>     <!-- Bootstrap -->
>
>     <link href="/noindex/css/bootstrap.min.css" rel="stylesheet">
>
>     <link rel="stylesheet" href="noindex/css/open-sans.css"
> type="text/css" />
>
>
>
> <style type="text/css"><!--
>
>
>
> body {
>
>   font-family: "Open Sans", Helvetica, sans-serif;
>
>   font-weight: 100;
>
>   color: #ccc;
>
>   background: rgba(10, 24, 55, 1);
>
>   font-size: 16px;
>
> }
>
>
>
> h2, h3, h4 {
>
>   font-weight: 200;
>
> }
>
>
>
> h2 {
>
>   font-size: 28px;
>
> }
>
>
>
> .jumbotron {
>
>   margin-bottom: 0;
>
>   color: #333;
>
>   background: rgb(212,212,221); /* Old browsers */
>
>   background: radial-gradient(ellipse at center top, rgba(255,255,255,1)
> 0%,rgba(174,174,183,1) 100%); /* W3C */
>
> }
>
>
>
> .jumbotron h1 {
>
>   font-size: 128px;
>
>   font-weight: 700;
>
>   color: white;
>
>   text-shadow: 0px 2px 0px #abc,
>
>                0px 4px 10px rgba(0,0,0,0.15),
>
>                0px 5px 2px rgba(0,0,0,0.1),
>
>                0px 6px 30px rgba(0,0,0,0.1);
>
> }
>
>
>
> .jumbotron p {
>
>   font-size: 28px;
>
>   font-weight: 100;
>
> }
>
>
>
> .main {
>
>    background: white;
>
>    color: #234;
>
>    border-top: 1px solid rgba(0,0,0,0.12);
>
>    padding-top: 30px;
>
>    padding-bottom: 40px;
>
> }
>
>
>
> .footer {
>
>    border-top: 1px solid rgba(255,255,255,0.2);
>
>    padding-top: 30px;
>
> }
>
>
>
>     --></style>
>
> </head>
>
> <body>
>
>   <div class="jumbotron text-center">
>
>     <div class="container">
>
>           <h1>Testing 123..</h1>
>
>                 <p class="lead">This page is used to test the proper
> operation of the <a href="http://apache.org">Apache HTTP server</a> after
> it has been installed. If you can read this page it means that this site
> is working properly. This server is powered by <a href="http://centos.org
> ">CentOS</a>.</p>
>
>                 </div>
>
>   </div>
>
>   <div class="main">
>
>     <div class="container">
>
>        <div class="row">
>
>                         <div class="col-sm-6">
>
>                         <h2>Just visiting?</h2>
>
>                                         <p class="lead">The website you
> just visited is either experiencing problems or is undergoing routine
> maintenance.</p>
>
>                                         <p>If you would like to let the
> administrators of this website know that you've seen this page instead of
> the page you expected, you should send them e-mail. In general, mail sent
> to the name "webmaster" and directed to the website's domain should reach
> the appropriate person.</p>
>
>                                         <p>For example, if you experienced
> problems while visiting www.example.com, you should send e-mail to "
> webmaster en example.com".</p>
>
>                                 </div>
>
>                                 <div class="col-sm-6">
>
>                                         <h2>Are you the Administrator?</h2>
>
>                                         <p>You should add your website
> content to the directory <tt>/var/www/html/</tt>.</p>
>
>                                         <p>To prevent this page from ever
> being used, follow the instructions in the file
> <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
>
>
>
>                                         <h2>Promoting Apache and
> CentOS</h2>
>
>                                         <p>You are free to use the images
> below on Apache and CentOS Linux powered HTTP servers.  Thanks for using
> Apache and CentOS!</p>
>
>                                         <p><a href="
> http://httpd.apache.org/"><img src="images/apache_pb.gif" alt="[ Powered
> by Apache ]"></a> <a href="http://www.centos.org/"><img
> src="images/poweredby.png" alt="[ Powered by CentOS Linux ]" height="31"
> width="88"></a></p>
>
>                                 </div>
>
>                         </div>
>
>             </div>
>
>                 </div>
>
>         </div>
>
>           <div class="footer">
>
>       <div class="container">
>
>         <div class="row">
>
>           <div class="col-sm-6">
>
>             <h2>Important note:</h2>
>
>             <p class="lead">The CentOS Project has nothing to do with this
> website or its content,
>
>             it just provides the software that makes the website run.</p>
>
>
>
>             <p>If you have issues with the content of this site, contact
> the owner of the domain, not the CentOS project.
>
>             Unless you intended to visit CentOS.org, the CentOS Project
> does not have anything to do with this website,
>
>             the content or the lack of it.</p>
>
>             <p>For example, if this website is www.example.com, you would
> find the owner of the example.com domain at the following WHOIS
> server:</p>
>
>             <p><a href="http://www.internic.net/whois.html">
> http://www.internic.net/whois.html</a></p>
>
>           </div>
>
>           <div class="col-sm-6">
>
>             <h2>The CentOS Project</h2>
>
>             <p>The CentOS Linux distribution is a stable, predictable,
> manageable and reproduceable platform derived from
>
>                the sources of Red Hat Enterprise Linux (RHEL).<p>
>
>
>
>             <p>Additionally to being a popular choice for web hosting,
> CentOS also provides a rich platform for open source communities to build
> upon. For more information
>
>                please visit the <a href="http://www.centos.org/">CentOS
> website</a>.</p>
>
>           </div>
>
>         </div>
>
>                   </div>
>
>     </div>
>
>   </div>
>
> </body></html>
>
> [root en Centos7teleco ~]#
>
>
>
>
>
> [root en Centos7teleco ~]# systemctl status httpd
>
> ● httpd.service - The Apache HTTP Server
>
>    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor
> preset: disabled)
>
>    Active: active (running) since lun 2017-11-27 15:54:20 -03; 1 weeks 4
> days ago
>
>      Docs: man:httpd(8)
>
>            man:apachectl(8)
>
>   Process: 32581 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
> (code=exited, status=0/SUCCESS)
>
> Main PID: 1116 (httpd)
>
>    Status: "Total requests: 0; Current requests/sec: 0; Current traffic:
> 0 B/sec"
>
>    CGroup: /system.slice/httpd.service
>
>            ├─ 1116 /usr/sbin/httpd -DFOREGROUND
>
>            ├─32588 /usr/sbin/httpd -DFOREGROUND
>
>            ├─32589 /usr/sbin/httpd -DFOREGROUND
>
>            ├─32590 /usr/sbin/httpd -DFOREGROUND
>
>            ├─32591 /usr/sbin/httpd -DFOREGROUND
>
>            └─32592 /usr/sbin/httpd -DFOREGROUND
>
>
>
> nov 27 15:54:15 Centos7teleco systemd[1]: Starting The Apache HTTP
> Server...
>
> nov 27 15:54:20 Centos7teleco httpd[1116]: AH00557: httpd:
> apr_sockaddr_info_get() failed for Centos7teleco
>
> nov 27 15:54:20 Centos7teleco httpd[1116]: AH00558: httpd: Could not
> reliably determine the server's fully qualified domain name, using
> 127.0.0.1. Set the 'ServerName' directi...this message
>
> nov 27 15:54:20 Centos7teleco systemd[1]: Started The Apache HTTP Server.
>
> dic 04 03:31:01 Centos7teleco httpd[32581]: AH00557: httpd:
> apr_sockaddr_info_get() failed for Centos7teleco
>
> dic 04 03:31:01 Centos7teleco httpd[32581]: AH00558: httpd: Could not
> reliably determine the server's fully qualified domain name, using
> 127.0.0.1. Set the 'ServerName' direct...this message
>
> dic 04 03:31:01 Centos7teleco systemd[1]: Reloaded The Apache HTTP Server.
>
> Hint: Some lines were ellipsized, use -l to show in full.
>
> [root en Centos7teleco ~]#
>
>
>
>
>
> *top -* 16:42:14 up 11 days, 48 min,  1 user,  load average: 0,15, 0,05,
> 0,06
>
> Tasks: 188 total,   2 running, 186 sleeping,   0 stopped,   0 zombie
>
> %Cpu(s):  0,7 us,  0,7 sy,  0,0 ni, 98,7 id,  0,0 wa,  0,0 hi,  0,0 si,
> 0,0 st
>
> KiB Mem :  8010576 total,  6863232 free,   273320 used,   874024 buff/cache
>
> KiB Swap:  8257532 total,  8257532 free,        0 used.  7121664 avail Mem
>
>
>
>   PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
>
> 1039 root       0 -20       0      0      0 S   0,0  0,0   0:00.09
> kworker/1:1H
>
> 1109 root      20   0  105996   4116   3140 S   0,0  0,1   0:17.80 sshd
>
> 1116 root      20   0  433368  15196   8716 S   0,0  0,2   0:38.46 httpd
>
> 1117 root      20   0  562392  18600   5880 S   0,0  0,2   1:31.10 tuned
>
> 1208 mysql     20   0  113260   1596   1300 S   0,0  0,0   0:00.01
> mysqld_safe
>
>
>
>
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
>
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
>
> _______________________________________________
> Lista mailing list
> Lista en arnog.com.ar
> http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20180404/73d65519/attachment-0001.html>


Más información sobre la lista de distribución Lista