A brief comment on Linux Weekly News discussion of the long, slow, transition from net-tools to iproute2 reminded me that many people seem not to realize the man-pages for the iproute2 commands have been there all along. Rather like the git commands they are all prefixed with ip-. They provide much greater depth than the simple man ip:
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
ā Live Streamingā Interactive Chatā Private Showsā HD Quality
Anya is LIVE right now
FREE
Free to watch ā¢ No registration required ā¢ HD streaming
Thereās more work to do, due to the enhanced security features of CentOS. DNS is correct, the webserver is running, but the browsers says the site responds with Connection Refused. Okay, so itās time to dig in.
First off, is DNS really correct? Ā Does the DNS name resolve to the correct IP address? A quick use of nslookup will verify this, and it does. Okay, next I double-check access the website using the IP, e.g. http://10.11.12.13. This gives the same connection refused error.
Okay, so I know my web browser is getting to the host; if it was a routing issue I wouldnāt get connection refused. So either the server is not listening on port 80 or thereās a firewall blocking it.
Next I get on the host and check to see that httpd is running, usingĀ āps -ef|grep httpdā. Itās there. Okay, is it not running on port 80? Sometimes the apache processes listens on 8080 or something, so I review the /etc/httpd/conf/httpd.conf file and findĀ āListen 80ā³ in there. Okay, thatās good.
Next up, netstat. A simpleĀ ānetstat -na|grep 80ā³ should tell me if the server is listening on port 80. Except...Ā ācommand not foundā. WTF? Iāve been using netstat in UNIX systems since the eighties. Where did it go? A little quick research and I learn that netstat and related commands were put in a package calledĀ ānet-toolsā and this package was deprecated because some really smart people found a better way for these tools to work, creating theĀ āiproute2ā³ package. Okay, Iām game to keep up with the times, thatās why everything is using latest versions in this project. So instead of netstat, the new command isĀ āss -lā. SoĀ āss -l|grep LISTENā shows something listening on the http port, and to make sure thatās 80, I take a guess that adding anĀ ānā flag will show numbers instead of port names. AndĀ āss -nl|grep LISTEN|grep 80ā³ shows the host is indeed listening to the port.
But yet, Iām still getting connection refused. There must be a firewall in place somewhere. Now this is a VPS, so a separate firewall service is probably an add-on feature. But to be sure, I log into my ISP account and see if thereās any mention of a firewall there. Nope.
So there must be a firewall process on the host.Ā āps -ef|grep firewallā reveals a firewalld process. Ah, I guess iptables has moved on and been replaced by something new. Okay. A little more research and I find that the commandsĀ āfirewall-cmd --zone=public --ad-service=http --permanentā andĀ āfirewall-cmd --reloadā will allow http traffic to public zone. (I will need to repeat this later for https when I add an SSL certificate.)
And that does the trick. Instead of connection refused, I get the default Apache page.
stackexchange also suggests older tunctl.
baturin points out persistent/transient distinction, tun==IP tap=frames and root versus ordinary user permissions. openvpn with iproute2
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
ā Live Streamingā Interactive Chatā Private Showsā HD Quality
Anya is LIVE right now
FREE
Free to watch ā¢ No registration required ā¢ HD streaming
