Mailing List Archive: MythTV: Users

Fedora firewall problems(?)

Index | Next | Previous | View Threaded

jonnylinux at gmail

Jul 2, 2008, 1:38 PM

Post #1 of 5 (745 views)
Permalink

Fedora firewall problems(?)

Hi,

I've got a new installation of Fedora 9. The problem is I can't connect to
it for most services. For some reason ssh works, but I'm trying to use it as
a mythtv backend, and it won't allow either a mysql connection or a
mythbackend connection. Also the apache web server appears to be blocked (no
route to host when doing "telnet 192.168.1.39 80").

I've used system-config-firewall to ensure there is no firewall running, and
I've tried SELinux in both permissive and off modes.

Can anybody tell me of any other settings that could be blocking these
ports?

Thanks,

Jonny

peter at vanderwal

Jul 3, 2008, 3:49 AM

Post #2 of 5 (695 views)
Permalink

Re: Fedora firewall problems(?) [In reply to]

> jonny Linux wrote:
>> Hi,
>>
>> I've got a new installation of Fedora 9. The problem is I can't connect
>> to
>> it for most services. For some reason ssh works, but I'm trying to use
>> it as
>> a mythtv backend, and it won't allow either a mysql connection or a
>> mythbackend connection. Also the apache web server appears to be blocked
>> (no
>> route to host when doing "telnet 192.168.1.39 80").
>>
>> I've used system-config-firewall to ensure there is no firewall running,
>> and
>> I've tried SELinux in both permissive and off modes.
>>
>> Can anybody tell me of any other settings that could be blocking these
>> ports?
>>
>
> Sometimes figuring out what's going on with this sort of error requires
> the deductive genius of Sherlock Holmes *and* Hercule Poirot, working in
> concert!
>
> 0 The most likely and usual problem: check your cables!
>
> 1 Can you get *out* to the world from the new box? (Eg. the new box is
> working...)
>
> 2 Ifconfig on the new box actually reports '192.168.1.39'
>
> 3 You are plugged into the correct NIC ( eg this is not a 2 NIC
> setupt...where the box could pass test #1 but still 'refuse' you access!)
>
> 4 The router is set up to allow access to the new installation. This can
> be a silent killer. Check the router
> a) for MAC address restrictions (not likely on a new installtion to an
> old box, but possible for a new box),
> b) for IP address restrictions ( nothing above 192.168.1.32 for
> example..sometimes tied with the DHCP range even though using a static
> address) and
> c) IP address assignments ( that IP address is reserved for another box,
> by *that box's* MAC address: both MAC addresses show up as
> allowed-access, but one is already tied to ..1.39.)
>
> 5 Can you ping from another box by IP as root and as a user?
>
> 6 Can you ping by hostname: check /etc/hosts-allow and hosts-deny on
> both boxes
>
> 7 Check that both boxes are using the correct (same) hostname and IP
> address in /etc/hosts.
>
> 8 I'm out of ideas....
>

Run:
# netstat -tuna
and make sure the services are actually listening for connections

_______________________________________________
mythtv-users mailing list
mythtv-users[at]mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

newbury at mandamus

Jul 3, 2008, 10:16 AM

Post #3 of 5 (698 views)
Permalink

Re: Fedora firewall problems(?) [In reply to]

jonny Linux wrote:
> Hi,
>
> I've got a new installation of Fedora 9. The problem is I can't connect to
> it for most services. For some reason ssh works, but I'm trying to use it as
> a mythtv backend, and it won't allow either a mysql connection or a
> mythbackend connection. Also the apache web server appears to be blocked (no
> route to host when doing "telnet 192.168.1.39 80").
>
> I've used system-config-firewall to ensure there is no firewall running, and
> I've tried SELinux in both permissive and off modes.
>
> Can anybody tell me of any other settings that could be blocking these
> ports?
>

Sometimes figuring out what's going on with this sort of error requires
the deductive genius of Sherlock Holmes *and* Hercule Poirot, working in
concert!

0 The most likely and usual problem: check your cables!

1 Can you get *out* to the world from the new box? (Eg. the new box is
working...)

2 Ifconfig on the new box actually reports '192.168.1.39'

3 You are plugged into the correct NIC ( eg this is not a 2 NIC
setupt...where the box could pass test #1 but still 'refuse' you access!)

4 The router is set up to allow access to the new installation. This can
be a silent killer. Check the router
a) for MAC address restrictions (not likely on a new installtion to an
old box, but possible for a new box),
b) for IP address restrictions ( nothing above 192.168.1.32 for
example..sometimes tied with the DHCP range even though using a static
address) and
c) IP address assignments ( that IP address is reserved for another box,
by *that box's* MAC address: both MAC addresses show up as
allowed-access, but one is already tied to ..1.39.)

5 Can you ping from another box by IP as root and as a user?

6 Can you ping by hostname: check /etc/hosts-allow and hosts-deny on
both boxes

7 Check that both boxes are using the correct (same) hostname and IP
address in /etc/hosts.

8 I'm out of ideas....

Geoff

_______________________________________________
mythtv-users mailing list
mythtv-users[at]mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

watkinshome at gmail

Jul 4, 2008, 12:55 AM

Post #4 of 5 (682 views)
Permalink

Re: Fedora firewall problems(?) [In reply to]

> I've got a new installation of Fedora 9. The problem is I can't connect to
> it for most services. For some reason ssh works, but I'm trying to use it as
> a mythtv backend, and it won't allow either a mysql connection or a
> mythbackend connection. Also the apache web server appears to be blocked (no
> route to host when doing "telnet 192.168.1.39 80").

On FC8 (so probably FC9 as well) the webserver rejects clients that
use the servers IP address rather than its hostname. (There's
probably a technical term for this.)

Try adding

192.168.1.39 your_myth_backend's_hostname

to your /etc/hosts file on the client and then using the hostname

I've no idea whether this will fix your mysql or mythtv problems though.
_______________________________________________
mythtv-users mailing list
mythtv-users[at]mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

jonnylinux at gmail

Jul 4, 2008, 4:12 AM

Post #5 of 5 (674 views)
Permalink

Re: Fedora firewall problems(?) [In reply to]

Hi all,

I've solved this now, even though I'd disabled the firewall in
system-config-firewall, I used iptables --list and got

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

so I disabled iptables in serviceconf, and now everything is working.

Thanks,

Jonny

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com