Resolve Hostname not working with firewall on

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Resolve Hostname not working with firewall on

Paul Groves-2
OK probably a dumb question with an obvious answer.

I just set up an apache2 server on the latest version of tumbleweed.

When I go to http://10.113.0.23 it loads fine

when I go to http://hostname it will not load unless I turn off the
firewall then it works fine.

which ports do I need to allow?

Basically having a blonde moment. :-)


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
On 08/23/2017 01:00 PM, Paul Groves wrote:

> OK probably a dumb question with an obvious answer.
>
> I just set up an apache2 server on the latest version of tumbleweed.
>
> When I go to http://10.113.0.23 it loads fine
>
> when I go to http://hostname it will not load unless I turn off the
> firewall then it works fine.
>
> which ports do I need to allow?
>
> Basically having a blonde moment. :-)
>
>

Firewall on which system?  Where's the DNS?  Generally firewalls allow
outgoing DNS requests and corresponding responses.  DNS uses port 53,
normally UDP, but sometimes TCP too.



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Darin Perusich-3
In reply to this post by Paul Groves-2
The following will allow http/https through the firewall.

yast firewall services add service=service:apache2 zone=EXT
yast firewall services add service=service:apache2-ssl zone=EXT

--
Later,
Darin


On Wed, Aug 23, 2017 at 1:00 PM, Paul Groves <[hidden email]> wrote:

> OK probably a dumb question with an obvious answer.
>
> I just set up an apache2 server on the latest version of tumbleweed.
>
> When I go to http://10.113.0.23 it loads fine
>
> when I go to http://hostname it will not load unless I turn off the firewall
> then it works fine.
>
> which ports do I need to allow?
>
> Basically having a blonde moment. :-)
>
>
> --
> To unsubscribe, e-mail: [hidden email]
> To contact the owner, e-mail: [hidden email]
>

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
Given the problem is host name lookup, it's a DNS issue.

On 08/23/2017 01:07 PM, Darin Perusich wrote:

> The following will allow http/https through the firewall.
>
> yast firewall services add service=service:apache2 zone=EXT
> yast firewall services add service=service:apache2-ssl zone=EXT
>
> --
> Later,
> Darin
>
>
> On Wed, Aug 23, 2017 at 1:00 PM, Paul Groves <[hidden email]> wrote:
>> OK probably a dumb question with an obvious answer.
>>
>> I just set up an apache2 server on the latest version of tumbleweed.
>>
>> When I go to http://10.113.0.23 it loads fine
>>
>> when I go to http://hostname it will not load unless I turn off the firewall
>> then it works fine.
>>
>> which ports do I need to allow?
>>
>> Basically having a blonde moment. :-)
>>
>>
>> --
>> To unsubscribe, e-mail: [hidden email]
>> To contact the owner, e-mail: [hidden email]
>>


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
I have already enabled port 53 incoming and outgoing both tcp and udp

also I have already enabled port 80 and 443 tcp from the local subnet

http://ip works
http://hostname does not

turn off firewall then http://hostname works fine.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
On 08/23/2017 01:15 PM, Paul Groves wrote:
> I have already enabled port 53 incoming and outgoing both tcp and udp
>
> also I have already enabled port 80 and 443 tcp from the local subnet
>
> http://ip works
> http://hostname does not
>
> turn off firewall then http://hostname works fine.
>

Again, where is the firewall?  Where is the DNS?


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Daniel Bauer
In reply to this post by Paul Groves-2


Am 23.08.2017 um 19:00 schrieb Paul Groves:

> OK probably a dumb question with an obvious answer.
>
> I just set up an apache2 server on the latest version of tumbleweed.
>
> When I go to http://10.113.0.23 it loads fine
>
> when I go to http://hostname it will not load unless I turn off the
> firewall then it works fine.
>
> which ports do I need to allow?
>
> Basically having a blonde moment. :-)
>
>

As much as I know it must be in the etc/hosts file like

127.0.0.1   localhost
127.0.0.1   my.local.domain

at least here it works

hth

--
Daniel Bauer photographer Basel Barcelona
https://www.patreon.com/danielbauer
http://www.daniel-bauer.com

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

John Andersen-2
In reply to this post by Paul Groves-2
On 08/23/2017 10:15 AM, Paul Groves wrote:
> I have already enabled port 53 incoming and outgoing both tcp and udp
>
> also I have already enabled port 80 and 443 tcp from the local subnet
>
> http://ip works
> http://hostname does not
>
> turn off firewall then http://hostname works fine.
>

What program do you expect to resolve that host name to that unroutable address?
Are you running a dns server on your machine, and or on your lan? (perhaps in a router?)
Check the configuration of those.

In the absense of that, you could try adding an entry to your /etc/hosts but generally this will
only work for your own machine, not others on the lan.

--
After all is said and done, more is said than done.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
On 08/23/2017 01:38 PM, John Andersen wrote:

> On 08/23/2017 10:15 AM, Paul Groves wrote:
>> I have already enabled port 53 incoming and outgoing both tcp and udp
>>
>> also I have already enabled port 80 and 443 tcp from the local subnet
>>
>> http://ip works
>> http://hostname does not
>>
>> turn off firewall then http://hostname works fine.
>>
> What program do you expect to resolve that host name to that unroutable address?
> Are you running a dns server on your machine, and or on your lan? (perhaps in a router?)
> Check the configuration of those.

RFC1918 addresses are routable, but not onto the Internet.  Regardless,
it should be possible for DNS or /etc/hosts to map the name to an IP address
>
> In the absense of that, you could try adding an entry to your /etc/hosts but generally this will
> only work for your own machine, not others on the lan.
>

Also, he said it worked if the firewall was turned off, but didn't say
where the firewall is or the DNS server.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by Daniel Bauer
On 23/08/17 18:20, Daniel Bauer wrote:

>
>
> Am 23.08.2017 um 19:00 schrieb Paul Groves:
>> OK probably a dumb question with an obvious answer.
>>
>> I just set up an apache2 server on the latest version of tumbleweed.
>>
>> When I go to http://10.113.0.23 it loads fine
>>
>> when I go to http://hostname it will not load unless I turn off the
>> firewall then it works fine.
>>
>> which ports do I need to allow?
>>
>> Basically having a blonde moment. :-)
>>
>>
>
> As much as I know it must be in the etc/hosts file like
>
> 127.0.0.1   localhost
> 127.0.0.1   my.local.domain
>
> at least here it works
>
> hth
>
That is already set on the DNS server. Which is not the cause because
everything works fine with firewall off. Again the servers own local
firewall.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by John Andersen-2


On 23/08/17 18:38, John Andersen wrote:

> On 08/23/2017 10:15 AM, Paul Groves wrote:
>> I have already enabled port 53 incoming and outgoing both tcp and udp
>>
>> also I have already enabled port 80 and 443 tcp from the local subnet
>>
>> http://ip works
>> http://hostname does not
>>
>> turn off firewall then http://hostname works fine.
>>
> What program do you expect to resolve that host name to that unroutable address?
Firefox / ssh / ping
> Are you running a dns server on your machine, and or on your lan? (perhaps in a router?)
> Check the configuration of those.
On the lan. All working fine when the apache server's firewall is off.
> In the absense of that, you could try adding an entry to your /etc/hosts but generally this will
> only work for your own machine, not others on the lan.
Already done so on the DNS. works fire with the apache server's firewall
off.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by James Knott


On 23/08/17 18:53, James Knott wrote:

> On 08/23/2017 01:38 PM, John Andersen wrote:
>> On 08/23/2017 10:15 AM, Paul Groves wrote:
>>> I have already enabled port 53 incoming and outgoing both tcp and udp
>>>
>>> also I have already enabled port 80 and 443 tcp from the local subnet
>>>
>>> http://ip works
>>> http://hostname does not
>>>
>>> turn off firewall then http://hostname works fine.
>>>
>> What program do you expect to resolve that host name to that unroutable address?
>> Are you running a dns server on your machine, and or on your lan? (perhaps in a router?)
>> Check the configuration of those.
> RFC1918 addresses are routable, but not onto the Internet.  Regardless,
> it should be possible for DNS or /etc/hosts to map the name to an IP address
>> In the absense of that, you could try adding an entry to your /etc/hosts but generally this will
>> only work for your own machine, not others on the lan.
>>
> Also, he said it worked if the firewall was turned off, but didn't say
> where the firewall is or the DNS server.
DNS server on same lan.

I am talking about the local firewall on the apache server itself. not
my internet firewall.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
In reply to this post by James Knott
On 08/23/2017 02:14 PM, Paul Groves wrote:
>> Again, where is the firewall?  Where is the DNS?
>>
>>
> DNS is on another server in same LAN
>
> I am just talking about the server's own local firewall. Not my
> internet firewall.

Does that DNS server have a firewall?  Does it work for other devices?
These are all relevant points when we try to help.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
In reply to this post by Paul Groves-2
On 08/23/2017 02:15 PM, Paul Groves wrote:
> That is already set on the DNS server. Which is not the cause because
> everything works fine with firewall off. Again the servers own local
> firewall.

So, there is a firewall on the DNS server.  If so, then you have to
enable port 53 on it.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by James Knott


On 23/08/17 19:17, James Knott wrote:
> On 08/23/2017 02:14 PM, Paul Groves wrote:
>>> Again, where is the firewall?  Where is the DNS?
>>>
>>>
>> DNS is on another server in same LAN
>>
>> I am just talking about the server's own local firewall. Not my
>> internet firewall.
> Does that DNS server have a firewall?
Yes-)
> Does it work for other devices?
Yes :-) I can ping and ssh all other servers on the same network and
they work fine.
> These are all relevant points when we try to help.
>
>


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by James Knott


On 23/08/17 19:18, James Knott wrote:
> On 08/23/2017 02:15 PM, Paul Groves wrote:
>> That is already set on the DNS server. Which is not the cause because
>> everything works fine with firewall off. Again the servers own local
>> firewall.
> So, there is a firewall on the DNS server.  If so, then you have to
> enable port 53 on it.
>
>
Already is enabled. Has been for 3 years now working no problem.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
On 08/23/2017 02:19 PM, Paul Groves wrote:

>
>
> On 23/08/17 19:18, James Knott wrote:
>> On 08/23/2017 02:15 PM, Paul Groves wrote:
>>> That is already set on the DNS server. Which is not the cause because
>>> everything works fine with firewall off. Again the servers own local
>>> firewall.
>> So, there is a firewall on the DNS server.  If so, then you have to
>> enable port 53 on it.
>>
>>
> Already is enabled. Has been for 3 years now working no problem.
>

Then perhaps it's time to fire up Wireshark, to see what's actually
happening.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2


On 23/08/17 19:20, James Knott wrote:

> On 08/23/2017 02:19 PM, Paul Groves wrote:
>>
>> On 23/08/17 19:18, James Knott wrote:
>>> On 08/23/2017 02:15 PM, Paul Groves wrote:
>>>> That is already set on the DNS server. Which is not the cause because
>>>> everything works fine with firewall off. Again the servers own local
>>>> firewall.
>>> So, there is a firewall on the DNS server.  If so, then you have to
>>> enable port 53 on it.
>>>
>>>
>> Already is enabled. Has been for 3 years now working no problem.
>>
> Then perhaps it's time to fire up Wireshark, to see what's actually
> happening.
>
>
Indeed. It might help.

I know it has got to be just a blocked port but which one.. :-S

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

Paul Groves-2
In reply to this post by James Knott
Sorted:

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Allow port 5355 incoming from local IP range/subnet

now I can http://hostname
or ping hostname
or ssh paul@hostname

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Resolve Hostname not working with firewall on

James Knott
On 08/23/2017 02:39 PM, Paul Groves wrote:

> Sorted:
>
> https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
>
> Allow port 5355 incoming from local IP range/subnet
>
> now I can http://hostname
> or ping hostname
> or ssh paul@hostname
>

Why didn't you mention multicast DNS before?  That is not the normal
DNS, on port 53, we assumed you used.  With that, the client makes a
request to the specified DNS server and gets back a response. With
multicast DNS, a device announces itself to other devices on the
network, without use of a DNS server.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

12