Port 80 connection refused












4















i can not connect to port 80 on my webserver.
my iptables are in the default state:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


when i start different servers (nginx, nodejs ...) i can make them listen to port 80, but trying to access, i always get "connection refused".
Listening to any other port (81,8080 whatever) works perfectly fine. Only port 80 is somehow blocked. Accessing port 80 via localhost does work, so for testing purpose i even switched of the external firewall, still no luck. What can i do to find out who is blocking this port 80?



as requested the output of netstat -tlpn (when running nginx on port 80):



Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 710/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1179/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1661/master
tcp 0 0 0.0.0.0:5984 0.0.0.0:* LISTEN 980/beam.smp
tcp 0 0 87.106.64.11:3306 0.0.0.0:* LISTEN 1346/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3274/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1179/sshd
tcp6 0 0 :::25 :::* LISTEN 1661/master









share|improve this question




















  • 1





    Please edit your question and add the output of sudo netstat -tlpn running from the server..

    – heemayl
    Sep 20 '15 at 21:48











  • Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

    – mchid
    Sep 20 '15 at 21:55











  • Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

    – Thomas Ward
    Sep 20 '15 at 21:58













  • thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

    – Holger Will
    Sep 20 '15 at 22:03













  • nginx is listening on port 80..check the nginx logs..

    – heemayl
    Sep 20 '15 at 22:03
















4















i can not connect to port 80 on my webserver.
my iptables are in the default state:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


when i start different servers (nginx, nodejs ...) i can make them listen to port 80, but trying to access, i always get "connection refused".
Listening to any other port (81,8080 whatever) works perfectly fine. Only port 80 is somehow blocked. Accessing port 80 via localhost does work, so for testing purpose i even switched of the external firewall, still no luck. What can i do to find out who is blocking this port 80?



as requested the output of netstat -tlpn (when running nginx on port 80):



Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 710/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1179/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1661/master
tcp 0 0 0.0.0.0:5984 0.0.0.0:* LISTEN 980/beam.smp
tcp 0 0 87.106.64.11:3306 0.0.0.0:* LISTEN 1346/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3274/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1179/sshd
tcp6 0 0 :::25 :::* LISTEN 1661/master









share|improve this question




















  • 1





    Please edit your question and add the output of sudo netstat -tlpn running from the server..

    – heemayl
    Sep 20 '15 at 21:48











  • Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

    – mchid
    Sep 20 '15 at 21:55











  • Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

    – Thomas Ward
    Sep 20 '15 at 21:58













  • thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

    – Holger Will
    Sep 20 '15 at 22:03













  • nginx is listening on port 80..check the nginx logs..

    – heemayl
    Sep 20 '15 at 22:03














4












4








4








i can not connect to port 80 on my webserver.
my iptables are in the default state:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


when i start different servers (nginx, nodejs ...) i can make them listen to port 80, but trying to access, i always get "connection refused".
Listening to any other port (81,8080 whatever) works perfectly fine. Only port 80 is somehow blocked. Accessing port 80 via localhost does work, so for testing purpose i even switched of the external firewall, still no luck. What can i do to find out who is blocking this port 80?



as requested the output of netstat -tlpn (when running nginx on port 80):



Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 710/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1179/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1661/master
tcp 0 0 0.0.0.0:5984 0.0.0.0:* LISTEN 980/beam.smp
tcp 0 0 87.106.64.11:3306 0.0.0.0:* LISTEN 1346/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3274/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1179/sshd
tcp6 0 0 :::25 :::* LISTEN 1661/master









share|improve this question
















i can not connect to port 80 on my webserver.
my iptables are in the default state:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


when i start different servers (nginx, nodejs ...) i can make them listen to port 80, but trying to access, i always get "connection refused".
Listening to any other port (81,8080 whatever) works perfectly fine. Only port 80 is somehow blocked. Accessing port 80 via localhost does work, so for testing purpose i even switched of the external firewall, still no luck. What can i do to find out who is blocking this port 80?



as requested the output of netstat -tlpn (when running nginx on port 80):



Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 710/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1179/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1661/master
tcp 0 0 0.0.0.0:5984 0.0.0.0:* LISTEN 980/beam.smp
tcp 0 0 87.106.64.11:3306 0.0.0.0:* LISTEN 1346/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3274/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1179/sshd
tcp6 0 0 :::25 :::* LISTEN 1661/master






networking server iptables nginx






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 21 '15 at 7:51







Holger Will

















asked Sep 20 '15 at 21:42









Holger WillHolger Will

171119




171119








  • 1





    Please edit your question and add the output of sudo netstat -tlpn running from the server..

    – heemayl
    Sep 20 '15 at 21:48











  • Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

    – mchid
    Sep 20 '15 at 21:55











  • Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

    – Thomas Ward
    Sep 20 '15 at 21:58













  • thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

    – Holger Will
    Sep 20 '15 at 22:03













  • nginx is listening on port 80..check the nginx logs..

    – heemayl
    Sep 20 '15 at 22:03














  • 1





    Please edit your question and add the output of sudo netstat -tlpn running from the server..

    – heemayl
    Sep 20 '15 at 21:48











  • Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

    – mchid
    Sep 20 '15 at 21:55











  • Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

    – Thomas Ward
    Sep 20 '15 at 21:58













  • thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

    – Holger Will
    Sep 20 '15 at 22:03













  • nginx is listening on port 80..check the nginx logs..

    – heemayl
    Sep 20 '15 at 22:03








1




1





Please edit your question and add the output of sudo netstat -tlpn running from the server..

– heemayl
Sep 20 '15 at 21:48





Please edit your question and add the output of sudo netstat -tlpn running from the server..

– heemayl
Sep 20 '15 at 21:48













Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

– mchid
Sep 20 '15 at 21:55





Ubuntu and debian usually use ufw (uncomplicated firewall) and, oftentimes, the default is to block incoming and allow outgoing. Have you tried running sudo ufw disable on the server machine to see if that is the culprit? Additionally, you may need to set access by properly editing your /etc/apache2/sites-enabled file.

– mchid
Sep 20 '15 at 21:55













Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

– Thomas Ward
Sep 20 '15 at 21:58







Some ISPs and routers block port 80 access, keep that in mind. Is this on an offsite server or...?

– Thomas Ward
Sep 20 '15 at 21:58















thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

– Holger Will
Sep 20 '15 at 22:03







thanks for your input, ufw staus is "inactive" and i don't have apache installed hence no /etc/apache2 folder... still the problem persists... and again on the server when i do lynx 127.0.0.1, all is well and works fine

– Holger Will
Sep 20 '15 at 22:03















nginx is listening on port 80..check the nginx logs..

– heemayl
Sep 20 '15 at 22:03





nginx is listening on port 80..check the nginx logs..

– heemayl
Sep 20 '15 at 22:03










3 Answers
3






active

oldest

votes


















5














i did a tcptraceroute 87.106.64.11 80 and its definitely my server that is blocking the port. At some point in the trace i got this:



s18132051.onlinehome-server.info (87.106.64.11) [closed]


So i reset my ip tables, and that did the trick.



So either there where some hidden rule in the table, or iptable -L did not give me all rules. I will mark this as the answer as it fixes the problem.

I would still love to hear, how come i didn't get any blocking rules when doing iptables -L






share|improve this answer

































    2














    I experienced the same problem, but on Debian 8.4 (Jessie). Like the above, the solution was the IPTables flush script as listed at http://insanelabs.net/linux/linux-reset-iptables-firewall-rules/. Though iptables reported no rules, there must have been some "hidden" rules, or otherwise a bug in iptables itself. I am reporting this bug to the Debian maintainers.



    In case the linked site goes down, here is the full text of the script in question, reproduced here for convenience.



    #!/bin/sh
    echo "Flushing iptables rules..."
    sleep 1
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT





    share|improve this answer































      1














      You didn't list all of your rules. I've found a good way to get any active netfilter tables is:



      for blah in sudo /bin/cat /proc/net/ip_tables_names; do sudo /sbin/iptables -t $blah -L -vn --line-numbers|sed "s/^/$blah: /" ; done |less -RXF



      Another options is to run:



      /sbin/iptables-save



      If you have the patience, you can go through each rule one at a time and change any DENY targets to ACCEPT and see which one fixes the problem.






      share|improve this answer























        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "89"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f676434%2fport-80-connection-refused%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        5














        i did a tcptraceroute 87.106.64.11 80 and its definitely my server that is blocking the port. At some point in the trace i got this:



        s18132051.onlinehome-server.info (87.106.64.11) [closed]


        So i reset my ip tables, and that did the trick.



        So either there where some hidden rule in the table, or iptable -L did not give me all rules. I will mark this as the answer as it fixes the problem.

        I would still love to hear, how come i didn't get any blocking rules when doing iptables -L






        share|improve this answer






























          5














          i did a tcptraceroute 87.106.64.11 80 and its definitely my server that is blocking the port. At some point in the trace i got this:



          s18132051.onlinehome-server.info (87.106.64.11) [closed]


          So i reset my ip tables, and that did the trick.



          So either there where some hidden rule in the table, or iptable -L did not give me all rules. I will mark this as the answer as it fixes the problem.

          I would still love to hear, how come i didn't get any blocking rules when doing iptables -L






          share|improve this answer




























            5












            5








            5







            i did a tcptraceroute 87.106.64.11 80 and its definitely my server that is blocking the port. At some point in the trace i got this:



            s18132051.onlinehome-server.info (87.106.64.11) [closed]


            So i reset my ip tables, and that did the trick.



            So either there where some hidden rule in the table, or iptable -L did not give me all rules. I will mark this as the answer as it fixes the problem.

            I would still love to hear, how come i didn't get any blocking rules when doing iptables -L






            share|improve this answer















            i did a tcptraceroute 87.106.64.11 80 and its definitely my server that is blocking the port. At some point in the trace i got this:



            s18132051.onlinehome-server.info (87.106.64.11) [closed]


            So i reset my ip tables, and that did the trick.



            So either there where some hidden rule in the table, or iptable -L did not give me all rules. I will mark this as the answer as it fixes the problem.

            I would still love to hear, how come i didn't get any blocking rules when doing iptables -L







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Apr 2 '16 at 20:50









            Jeremy

            32




            32










            answered Sep 21 '15 at 3:17









            Holger WillHolger Will

            171119




            171119

























                2














                I experienced the same problem, but on Debian 8.4 (Jessie). Like the above, the solution was the IPTables flush script as listed at http://insanelabs.net/linux/linux-reset-iptables-firewall-rules/. Though iptables reported no rules, there must have been some "hidden" rules, or otherwise a bug in iptables itself. I am reporting this bug to the Debian maintainers.



                In case the linked site goes down, here is the full text of the script in question, reproduced here for convenience.



                #!/bin/sh
                echo "Flushing iptables rules..."
                sleep 1
                iptables -F
                iptables -X
                iptables -t nat -F
                iptables -t nat -X
                iptables -t mangle -F
                iptables -t mangle -X
                iptables -P INPUT ACCEPT
                iptables -P FORWARD ACCEPT
                iptables -P OUTPUT ACCEPT





                share|improve this answer




























                  2














                  I experienced the same problem, but on Debian 8.4 (Jessie). Like the above, the solution was the IPTables flush script as listed at http://insanelabs.net/linux/linux-reset-iptables-firewall-rules/. Though iptables reported no rules, there must have been some "hidden" rules, or otherwise a bug in iptables itself. I am reporting this bug to the Debian maintainers.



                  In case the linked site goes down, here is the full text of the script in question, reproduced here for convenience.



                  #!/bin/sh
                  echo "Flushing iptables rules..."
                  sleep 1
                  iptables -F
                  iptables -X
                  iptables -t nat -F
                  iptables -t nat -X
                  iptables -t mangle -F
                  iptables -t mangle -X
                  iptables -P INPUT ACCEPT
                  iptables -P FORWARD ACCEPT
                  iptables -P OUTPUT ACCEPT





                  share|improve this answer


























                    2












                    2








                    2







                    I experienced the same problem, but on Debian 8.4 (Jessie). Like the above, the solution was the IPTables flush script as listed at http://insanelabs.net/linux/linux-reset-iptables-firewall-rules/. Though iptables reported no rules, there must have been some "hidden" rules, or otherwise a bug in iptables itself. I am reporting this bug to the Debian maintainers.



                    In case the linked site goes down, here is the full text of the script in question, reproduced here for convenience.



                    #!/bin/sh
                    echo "Flushing iptables rules..."
                    sleep 1
                    iptables -F
                    iptables -X
                    iptables -t nat -F
                    iptables -t nat -X
                    iptables -t mangle -F
                    iptables -t mangle -X
                    iptables -P INPUT ACCEPT
                    iptables -P FORWARD ACCEPT
                    iptables -P OUTPUT ACCEPT





                    share|improve this answer













                    I experienced the same problem, but on Debian 8.4 (Jessie). Like the above, the solution was the IPTables flush script as listed at http://insanelabs.net/linux/linux-reset-iptables-firewall-rules/. Though iptables reported no rules, there must have been some "hidden" rules, or otherwise a bug in iptables itself. I am reporting this bug to the Debian maintainers.



                    In case the linked site goes down, here is the full text of the script in question, reproduced here for convenience.



                    #!/bin/sh
                    echo "Flushing iptables rules..."
                    sleep 1
                    iptables -F
                    iptables -X
                    iptables -t nat -F
                    iptables -t nat -X
                    iptables -t mangle -F
                    iptables -t mangle -X
                    iptables -P INPUT ACCEPT
                    iptables -P FORWARD ACCEPT
                    iptables -P OUTPUT ACCEPT






                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Jun 22 '16 at 6:56









                    JessicaJessica

                    211




                    211























                        1














                        You didn't list all of your rules. I've found a good way to get any active netfilter tables is:



                        for blah in sudo /bin/cat /proc/net/ip_tables_names; do sudo /sbin/iptables -t $blah -L -vn --line-numbers|sed "s/^/$blah: /" ; done |less -RXF



                        Another options is to run:



                        /sbin/iptables-save



                        If you have the patience, you can go through each rule one at a time and change any DENY targets to ACCEPT and see which one fixes the problem.






                        share|improve this answer




























                          1














                          You didn't list all of your rules. I've found a good way to get any active netfilter tables is:



                          for blah in sudo /bin/cat /proc/net/ip_tables_names; do sudo /sbin/iptables -t $blah -L -vn --line-numbers|sed "s/^/$blah: /" ; done |less -RXF



                          Another options is to run:



                          /sbin/iptables-save



                          If you have the patience, you can go through each rule one at a time and change any DENY targets to ACCEPT and see which one fixes the problem.






                          share|improve this answer


























                            1












                            1








                            1







                            You didn't list all of your rules. I've found a good way to get any active netfilter tables is:



                            for blah in sudo /bin/cat /proc/net/ip_tables_names; do sudo /sbin/iptables -t $blah -L -vn --line-numbers|sed "s/^/$blah: /" ; done |less -RXF



                            Another options is to run:



                            /sbin/iptables-save



                            If you have the patience, you can go through each rule one at a time and change any DENY targets to ACCEPT and see which one fixes the problem.






                            share|improve this answer













                            You didn't list all of your rules. I've found a good way to get any active netfilter tables is:



                            for blah in sudo /bin/cat /proc/net/ip_tables_names; do sudo /sbin/iptables -t $blah -L -vn --line-numbers|sed "s/^/$blah: /" ; done |less -RXF



                            Another options is to run:



                            /sbin/iptables-save



                            If you have the patience, you can go through each rule one at a time and change any DENY targets to ACCEPT and see which one fixes the problem.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Jan 19 at 14:27









                            LeeLee

                            113




                            113






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Ask Ubuntu!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f676434%2fport-80-connection-refused%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Human spaceflight

                                Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

                                張江高科駅