Opening port 80 with iptables

A few days ago I was contacted by a client whose website had been offline for a month. The site has a history of going offline because of server overloads. The client is OK with the occasional down time as the site is just a pet project. Every time the server goes down we usually restart the MySQL server and everything goes back to normal, but this time it was different. Instead of restarting the MySQL server, the whole server was restarted by power cycling it, and that is when everything went wrong.

When the site came back up, the HTTP and MySQL server had to be manually started, and the program that communicates with the server control panel for status reporting was down as well. It had to also be started manually. However, after all of this, the site was still off line. Trying to access the website resulted in an error like the one you see when you are not connected to the internet.

I decided to curl the site, and in return I got an error saying “No route to host”. Pinging the server worked, but form some reason I could not connect to it, because of this I knew it was not a DNS problem, since the url resolved to the server IP correctly, but the connection was refued. Could it be a server issue?

I decided to take a look at the server config files, only to find out everything was configured correctly. At this point I was absolutely intrigued.

I decided to search the interwebs to find out what people said about the “no route to host” problem, and, as I thought, it was a connection problem. The machine was not refusing the connection, the network was. I confirmed that by fetching localhost from the server. I got the expected result, so the server was not refusing the connection.

It was at this point that I decided to concentrate on the network side of things. I started by determining the port the server was listening on. I did this by checking the server configuration files. When I confirmed the server was listening on port 80, I decided to check if port 80 was open. Using iptables I determined that it was not. From there, it was just a mater of opening the port. I did that by running

iptables -I INPUT 1 -p tcp --dport 80 -j ACCEP

Here are some documents I consulted while trying to solve this problem. Some proved useful, others did not. It is worth mentioning the server runs Fedora.

http://unix.stackexchange.com/questions/29319/fedora-16-iptables-installed-but-no-iptables-service-available
https://www.cyberciti.biz/faq/linux-iptables-firewall-open-port-80/
https://fedoraproject.org/wiki/How_to_edit_iptables_rules
http://superuser.com/questions/720851/connection-refused-vs-no-route-to-host

Setting Up a New Working Environment

If you have followed the blog for long enough, it is no news to you that up untill now I use an old Dell latitude D610 as my main computer. I’ve been working on this modern Dinosaur since 2010, when I first started as a feelance. About a month ago, I decided it was time to buy a new computer, despite the fact that the old computer still works pretty well. I now have a brand new computer that runs on a quad core AMD chip, and has the humble amount of 4GB of memory. 4GB may not be much this days, but it is still double what I have on the D610.

Untill a couple of days ago, the new computer was just sitting there. I decided I would not let my money go to waste, and set up the new computer. I made space for it on the desk, and set it there with an external monitor. (In fact, I bought a new desk to fit this new machine). Until today, I’ve been using that computer just as a firefox house, playing some music on youtube, and searching for stuff on the web, while I try to little by little get rid of my 50+ firefox tabs on the D610. However, the objective is to gradually move all my work environment to this new computer, and leave the old one as a server. The first step is clear: Find a way to access the old computer (running linux) from the new computer, which runs windows 7. I first thought of installing an FTP server, but I decided I would much rather work over SSH than FTP. So, this is what I did:

1) Installed PuTTy on Windows.

Installing programs on windows is pretty easy: you download the executable file, open it, and follow instructions. The intaller can be downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

I went for the “installer for everything except PuTTYtel” mostly because I was too lazy to install puTTY and pscp separately.

At some point I considered copSSH, just because it integrates a client as well as a server, but gave it up when they asked for my email to download the software. I get more than enough spam, so, thanks but no thanks.

The second step was to install an ssh server on the D610, which runs ubuntu.

That is even simpler than what we did on the windows machine. Just open the terminal and enter:

sudo apt-get install openssh-server

That was all. I can now ssh into the ubuntu box from the windows machine.

I think I’m little by little getting away from that sick relationship I have with ubuntu. I am finding myself more and moe annoyed with ubuntu every day. I am not hopping windows will be better, but at least, when I want another linux distro, I will not fall for ubuntu again.

So, what is next? I think next I will install an FTP server, just becuase wordpress sometimes needs one. Then I might install some version manager system. But the real next steps is to start using the windows machine more and leaving the ubuntu box as just a server.

Some links that were useful, or maybe not, are recorded here for future reference:
http://www.sevenforums.com/customization/19864-ssh-windows-7-a.html
http://principialabs.com/beginning-ssh-on-ubuntu/
https://help.ubuntu.com/11.10/serverguide/C/openssh-server.html