Cannot find process which is using port:8080? - linux

First, I created a docker container by a docker-compose file:
version: '3'
services:
nginx:
container_name: some-name
image: some-name
restart: always
build:
context: .
dockerfile: Dockerfile
ports:
- 8080:80
environment:
- NGINX_HOST=localhost
- NGINX_PORT=80
this Nginx container is just a static web-server, it contains default Nginx page /index.html.
Then I stopped this container, and use curl command for testing:
op#dev-test:~/dev$ curl 127.0.0.1:8080
curl: (7) Failed to connect to 127.0.0.1 port 8080 after 0 ms: Connection refused
op#dev-test:~/dev$ curl 192.168.0.30:8080
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, user-scalable=yes"
/>
<title>Hello World!</title>
</head>
...
Both command "ps" and "netstat" shows no process is using port 8080:
root#dev-test:/home/op# ps aux | egrep "nginx|docker|PID"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1803 0.0 0.2 10640 5792 ? Ss 01:21 0:00 nginx: master process nginx -g daemon off;
systemd+ 1884 0.0 0.1 11176 2688 ? S 01:21 0:00 nginx: worker process
root 7759 0.1 4.2 1528704 83708 ? Ssl 02:57 0:26 /usr/bin/dockerd -H fd:// -H unix:///var/run/docker.sock --containerd=/run/containerd/containerd.sock
root 21866 0.0 0.1 6956 2384 pts/0 S+ 06:41 0:00 grep -E --color=auto nginx|docker|PID
root#dev-test:/home/op# netstat -tlpnao
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name Timer
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 972/sshd: /usr/sbin off (0.00/0/0)
tcp 0 0 127.0.0.1:45265 0.0.0.0:* LISTEN 926/containerd off (0.00/0/0)
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 854/systemd-resolve off (0.00/0/0)
tcp 0 256 192.168.0.30:22 192.168.0.5:54252 ESTABLISHED 2166/sshd: op [priv on (0.20/0/0)
tcp 0 0 192.168.0.30:22 192.168.0.15:10754 ESTABLISHED 21313/sshd: op [pri keepalive (5271.90/0/0)
tcp 0 0 192.168.0.30:22 192.168.0.5:61671 ESTABLISHED 3737/sshd: op [priv keepalive (1560.31/0/0)
tcp6 0 0 :::22 :::* LISTEN 972/sshd: /usr/sbin off (0.00/0/0)
root#dev-test:/home/op# iptables -L DOCKER
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:http
I want know why the command "curl 192.168.0.30:8080" can responses the content of /index.html when the container was stopped. But it's works fine for other container(running/stop) which specified port-binding to 8090?

Related

how to change default start-up folder jupyter hub on Azure DSVM virtual machine

Azure DSVM has jupyterlab enabled on port 8000.
However, the startup folder in jupyterlab always starts at /home/*user-name/notbook.
I want to change the jupyterlab start folder, but I don't know what to do.
tried
1.
I created a jupyterlab configuration by referring to stackoverflow to change c.NotebookApp.notbook_dir, but rebooted and checked again for server operation. I've confirmed it's not working.
2.
I also tried to create a jupyterhub configuration, but it came out that there was no command called jupyterhub.
I thought it was working in docker, but there was no process for jupyterhub in docker.
3.
netstat -tnlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:44675 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:46277 0.0.0.0:* LISTEN 2048/python
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::8000 :::* LISTEN -
ps aux | grep jupyter
root 1345 0.0 0.0 13316 3304 ? Ss 00:06 0:00 /bin/bash /etc/jupyterhub/start_jupyterhub.sh
root 1624 0.0 0.0 246340 64268 ? Sl 00:06 0:01 /anaconda/bin/python /anaconda/bin/jupyterhub --log-file=/var/log/jupyterhub.log
root 1949 0.0 0.0 606436 51356 ? Ssl 00:06 0:01 node /usr/local/bin/configurable-http-proxy --ip * --port 8000 --api-ip 127.0.0.1 --api-port 8001 --error-target http://127.0.0.1:8081/hub/error --ssl-key /etc/jupyterhub/srv/server.key --ssl-cert /etc/jupyterhub/srv/server.crt
rootadm+ 2048 0.2 0.0 343804 101160 ? Ssl 00:07 0:03 /anaconda/bin/python /anaconda/bin/jupyterhub-singleuser --port=46277 --notebook-dir=~/notebooks --SingleUserNotebookApp.default_url=/lab --config=/etc/jupyterhub/default_jupyter_config.py
rootadm+ 3841 0.0 0.0 14864 1040 pts/0 S+ 00:27 0:00 grep --color=auto jupyter

Docker on AWS ElasticBeanstalk: "host.docker.internal: host-gateway": Connection refused. Iptables issue?

So I have a multicontainer project running on AWS ElasticBeanstalk (latest Docker platform).
The containers share the same bridge network since they need to be able to communicate with each other (ports 3000, 8080, 9090, 9100). But one of those containers needs to be able to communicate with the host too (ports 55113, 56113).
This is normally possible by just adding extra_hosts: "host.docker.internal:host-gateway" to that container and then using host.docker.internal instead of localhost inside the container, i.e. host.docker.internal:55113. I've successfully used it before on a Debian.
But this is not working on AWS ElasticBeanstalk, the connection is refused.
Am I doing something wrong? Is there any workaround?
AWS ElasticBeanstalk Platform:
Docker running on 64bit Amazon Linux 2/3.4.2
Host's Docker & Docker-Compose versions:
$ sudo docker --version
Docker version 20.10.4, build d3cb89e
$ sudo docker-compose --version
docker-compose version 1.29.2, build unknown
Project's docker-compose.yml: (showing only the relevant parts)
version: "3.9"
services:
prometheus:
image: prom/prometheus:v2.28.1
container_name: prometheus
ports:
- 9090:9090
extra_hosts:
- host.docker.internal:host-gateway # <-------- EXTRA HOST
networks:
default:
name: monitoring
Container debug:
$ sudo docker exec -it prometheus cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.1 host.docker.internal # <-------- the mapping is present
172.25.0.4 f01ffc6b2a8a
$ sudo docker exec -it prometheus wget host.docker.internal
Connecting to host.docker.internal (172.17.0.1:80)
wget: can't connect to remote host (172.17.0.1): Connection refused
$ sudo docker exec -it prometheus wget host.docker.internal:55113 # <-------- the port I want to reach
Connecting to host.docker.internal:55113 (172.17.0.1:55113)
wget: can't connect to remote host (172.17.0.1): Connection refused
Host's iptables (configured by AWS and/or Docker, I didn't edit it):
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o br-a8a58f19c627 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-a8a58f19c627 -j DOCKER
-A FORWARD -i br-a8a58f19c627 ! -o br-a8a58f19c627 -j ACCEPT
-A FORWARD -i br-a8a58f19c627 -o br-a8a58f19c627 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.25.0.2/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER -d 172.25.0.3/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.25.0.4/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 9090 -j ACCEPT
-A DOCKER -d 172.25.0.5/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i br-a8a58f19c627 ! -o br-a8a58f19c627 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o br-a8a58f19c627 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
Host's open ports:
$ netstat -tuplen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN 0 200315 -
tcp 0 0 127.0.0.1:55113 0.0.0.0:* LISTEN 1000 119886 -
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN 0 200280 -
tcp 0 0 127.0.0.1:22221 0.0.0.0:* LISTEN 1001 197452 -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 14121 -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 0 201081 -
tcp 0 0 127.0.0.1:56113 0.0.0.0:* LISTEN 1000 119890 -
tcp 0 0 127.0.0.1:38581 0.0.0.0:* LISTEN 0 20325 -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18585 -
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 0 201164 -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 16235 -
tcp6 0 0 ::1:55113 :::* LISTEN 1000 119885 -
tcp6 0 0 :::111 :::* LISTEN 0 14124 -
tcp6 0 0 ::1:56113 :::* LISTEN 1000 119889 -
tcp6 0 0 :::22 :::* LISTEN 0 18594 -
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 15762 -
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 14119 -
udp 0 0 127.0.0.1:323 0.0.0.0:* 0 14990 -
udp 0 0 0.0.0.0:979 0.0.0.0:* 0 14120 -
udp6 0 0 fe80::ed:19ff:fe84::546 :::* 0 16539 -
udp6 0 0 :::111 :::* 0 14122 -
udp6 0 0 ::1:323 :::* 0 14991 -
udp6 0 0 :::979 :::* 0 14123 -
I'm new in the field.
Your logs shows that your port is listening on localhost (127.0.0.1:56113) instead of all IPs (eg 0.0.0.0:8080).
In my case the port forward rule on the host machine has to be modified to -L0.0.0.0:<lport>:<ip>:<rport> .

Redirect web server from port 5000 to port 80 on localhost (Fedora)

On Fedora 24, a web server (Node.js) is running (standalone, no apache/others) on port 5000. Trying to making it accessible on port 80.
http://localhost:5000 works
Tried this:
systemctl stop firewalld
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5000
http://localhost doesn't work
Tried this
systemctl restart firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --zone=external --add-masquerade
firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: mdns ssh dhcpv6-client samba-client https http
ports: 1025-65535/tcp 1025-65535/udp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=5000:toaddr=
source-ports:
icmp-blocks:
rich rules:
Additional info
Tried these
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 5000
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 5000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ifconfig
enp0s25: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ip route
default via 192.168.1.1 dev wlp3s0 proto static metric 600
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.4 metric 600
For others it just works:
Best practices when running Node.js with port 80 (Ubuntu / Linode)
Running node as root on port 80 works. Note, there's no IPv4:
netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:4433 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:51157 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 900/postgres
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17600 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17603 0.0.0.0:* LISTEN 3203/dropbox
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::4433 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::51157 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::5432 :::* LISTEN 900/postgres
tcp6 0 0 :::17500 :::* LISTEN 3203/dropbox
tcp6 0 0 :::34017 :::* LISTEN 10532/code
tcp6 0 0 :::5858 :::* LISTEN 30394/node
tcp6 0 0 :::5000 :::* LISTEN 30394/node
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 --permanent
#make port forwarding work on localhost
iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 5000
You should avoid using iptables for things like this, but on Fedora you'd need to setup the firewall appropriately. Also this question has nothing to do with Node.js
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
Related: https://unix.stackexchange.com/questions/39216/cannot-connect-to-fedora-on-port-80

Nodejs site cannot be shown in browser

I have set up a nodejs site on RHEL6. Everything looks fine but I cannot view our site in browsers (all fail in Chrome, Safari and IE9). I can use curl getting correct html response. Here is the test result with different tools.
Did anyone meet the same situation before?
~]$ nmap -v -A 123.150.207.18 -p80
Starting Nmap 5.21 ( http://nmap.org ) at 2013-06-13 07:51 CST
NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 07:51
Scanning 123.150.207.18 [2 ports]
Completed Ping Scan at 07:51, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:51
Completed Parallel DNS resolution of 1 host. at 07:51, 4.00s elapsed
Initiating Connect Scan at 07:51
Scanning 123.150.207.18 [1 port]
Discovered open port 80/tcp on 123.150.207.18
Completed Connect Scan at 07:51, 0.00s elapsed (1 total ports)
Initiating Service scan at 07:51
Scanning 1 service on 123.150.207.18
Completed Service scan at 07:51, 11.13s elapsed (1 service on 1 host)
NSE: Script scanning 123.150.207.18.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 07:51
Completed NSE at 07:51, 0.03s elapsed
NSE: Script Scanning completed.
Nmap scan report for 123.150.207.18
Host is up (0.00057s latency).
PORT STATE SERVICE VERSION
80/tcp open http?
|_http-favicon: Unknown favicon MD5: 1D0E785BFCEDDE5326C2460E9F9B261D
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=5.21%I=7%D=6/13%Time=51B90999%P=x86_64-redhat-linux-gnu%r(
SF:GetRequest,233B,"HTTP/1\.1\x20200\x20OK\r\nX-Powered-By:\x20Express\r\n
SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x208714
SF:\r\nETag:\x20\"891558458\"\r\nSet-Cookie:\x20connect\.sid=s%3AkL3pj-Tzt
SF:rF-hh7Mtjhc85Br\.Nfkgt%2FzHRJ%2FIFiIIqNqW0sSQ7%2F%2Brx%2FWldcrVkNrhQLA;
SF:\x20Path=/;\x20HttpOnly\r\nDate:\x20Wed,\x2012\x20Jun\x202013\x2023:51:
SF:53\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20l
SF:ang=\"en\">\n<head>\n\x20\x20\x20\x20<meta\x20charset=\"utf-8\">\n\x20\
SF:x20\x20\x20<meta\x20http-equiv=\"content-type\"\x20content=\"text/html;
SF:\x20charset=UTF-8\">\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20con
SF:tent=\"width=device-width,\x20initial-scale=1\.0\">\n\x20\x20\x20\x20<m
SF:eta\x20name=\"description\"\x20content=\"\">\n\x20\x20\x20\x20<meta\x20
SF:name=\"author\"\x20content=\"\">\n\x20\x20\x20\x20<title>\xe7\x95\xaa\x
SF:e8\x8c\x84\xe5\xbf\xab\xe8\xb7\x91\x20--\x20\xe4\xb8\xad\xe5\x9b\xbd\xe
SF:6\x9c\x80\xe5\xb0\x8f\xe5\xb7\xa7\xe7\x9a\x84\xe6\x97\xb6\xe9\x97\xb4\x
SF:e7\xae\xa1\xe7\x90\x86\xe5\xb7\xa5\xe5\x85\xb7</title>\n\x20\x20\x20\x2
SF:0<link\x20rel=\"shortcut\x20icon\"\x20href=\"\./tomatodo/img/tomato_32\
SF:.png\">\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20href=\"\./boots
SF:trap/css/bootstrap\.css\">\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"
SF:\x20href=\"\./bootstrap/css/bootstrap-responsive\.css\">\n\x20\x20\x20\
SF:x20<link\x20rel=\"styleshee")%r(HTTPOptions,109,"HTTP/1\.1\x20404\x20No
SF:t\x20Found\r\nX-Powered-By:\x20Express\r\nContent-Type:\x20text/plain\r
SF:\nSet-Cookie:\x20connect\.sid=s%3A_s6k4167c1xZ4bmi6GaUW0ld\.OcixsFK4HAI
SF:53dXqebPJ%2FNp0EPpGtDMPsFRvTFkLj8A;\x20Path=/;\x20HttpOnly\r\nDate:\x20
SF:Wed,\x2012\x20Jun\x202013\x2023:51:53\x20GMT\r\nConnection:\x20close\r\
SF:n\r\nCannot\x20OPTIONS\x20/")%r(FourOhFourRequest,12A,"HTTP/1\.1\x20404
SF:\x20Not\x20Found\r\nX-Powered-By:\x20Express\r\nContent-Type:\x20text/p
SF:lain\r\nSet-Cookie:\x20connect\.sid=s%3AiYSdu5oWddVC54Rergi65gAg\.TOE5n
SF:nutt90l1Xjv%2BG28sy%2BA230zvU9ccDqNTgQEQco;\x20Path=/;\x20HttpOnly\r\nD
SF:ate:\x20Wed,\x2012\x20Jun\x202013\x2023:51:53\x20GMT\r\nConnection:\x20
SF:close\r\n\r\nCannot\x20GET\x20/nice%20ports%2C/Tri%6Eity\.txt%2ebak");
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.36 seconds
~]$ sudo netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2183/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2073/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2259/master
tcp 0 0 0.0.0.0:56378 0.0.0.0:* LISTEN 1924/rpc.statd
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 20904/mongod
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 11590/redis-server
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1903/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21220/node
tcp 0 0 0.0.0.0:28017 0.0.0.0:* LISTEN 20904/mongod
tcp 0 0 :::22 :::* LISTEN 2183/sshd
tcp 0 0 ::1:631 :::* LISTEN 2073/cupsd
tcp 0 0 ::1:25 :::* LISTEN 2259/master
tcp 0 0 :::40334 :::* LISTEN 1924/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1903/rpcbind
udp 0 0 0.0.0.0:55512 0.0.0.0:* 1924/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1903/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2073/cupsd
udp 0 0 0.0.0.0:806 0.0.0.0:* 1903/rpcbind
udp 0 0 0.0.0.0:828 0.0.0.0:* 1924/rpc.statd
udp 0 0 :::49640 :::* 1924/rpc.statd
udp 0 0 :::111 :::* 1903/rpcbind
udp 0 0 :::806 :::* 1903/rpcbind
~]$ sudo /sbin/service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 80,8080
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
~]$ curl 123.150.207.18:80
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
......
It resolved after I correct the iptables settings. No issue in other configurations.

How to do port forwarding properly with VirtualBox?

I have a trouble connecting to a guest OS in VirtualBox.
My environtment is as follows:
Host: MacOSX (Lion)
Guest: CentOS (5.7, 2.6.18-274.3.1.el5)
VirtualBox: 4.1.4 r74291
-- Network Adapter Type: NAT
In the guest OS, I can see that the httpd is running properly like:
$ ps aux | grep httpd
root 2571 0.0 3.5 258440 8824 ? Ss 08:20 0:00 /usr/sbin/httpd
apache 2573 0.0 2.2 258440 5780 ? S 08:20 0:00 /usr/sbin/httpd
apache 2574 0.0 2.0 258440 5184 ? S 08:20 0:00 /usr/sbin/httpd
apache 2575 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
apache 2576 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
apache 2577 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
apache 2578 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
apache 2579 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
apache 2580 0.0 2.0 258440 5180 ? S 08:20 0:00 /usr/sbin/httpd
$ curl localhost
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
...
In the host OS, I did a configuration to do port forwarding as follows:
$ VBoxManage showvminfo CentOS_3 | grep "NIC 1"
NIC 1: MAC: 080027B1FA87, Attachment: NAT, Cable connected: on, Trace: off (file: none), Type: Am79C973, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny
NIC 1 Settings: MTU: 0, Socket (send: 64, receive: 64), TCP Window (send:64, receive: 64)
NIC 1 Rule(0): name = http, protocol = tcp, host ip = , host port = 8003, guest ip = , guest port = 80
NIC 1 Rule(1): name = ssh, protocol = tcp, host ip = , host port = 2203, guest ip = , guest port = 22
As this information go, I'm trying to do port forwarding from 8003 to 80 and from 2203 to 22.
In fact, I can make the ssh connection to the guest OS with "ssh -p 2203 localhost".
However, when I try to see http://localhost:8003, the browser says
"Unable to load the webpage because the server sent no data."
When I try "telnet localhost 8003" in the host OS
it seems the port is listening, but there
appears no log in the access log of the guest OS.
What should I do to solve this problem? Thanks in advance!
(addition: Oct. 14 15:55)
$ netstat -nl | grep tcp | grep 127.0.0.1 # Host OS
tcp4 0 0 127.0.0.1.8003 127.0.0.1.64698 ESTABLISHED
tcp4 0 0 127.0.0.1.64698 127.0.0.1.8003 ESTABLISHED
tcp4 0 0 127.0.0.1.26164 127.0.0.1.53917 ESTABLISHED
tcp4 0 0 127.0.0.1.53917 127.0.0.1.26164 ESTABLISHED
tcp4 0 0 127.0.0.1.2203 127.0.0.1.53183 ESTABLISHED
tcp4 0 0 127.0.0.1.53183 127.0.0.1.2203 ESTABLISHED
$ netstat -nl | grep tcp # Guest OS
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:952 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
It seems that like mkj wrote, you have a firewall installed.
try running (as root):
yum install system-config-firewall-tui
run system-config-firewall-tui, select customize and make sure that "WWW (HTTP)" is checked.
Although old question, but this may be helpful to someone, as I faced this problem today.
As mentioned by mkj, the issue is with Guest OS ( Centos 6 in my case) firewall. It allows ssh (port 22) connection, but blocks others. I had issue accessing postgresql server running in Guest OS (at port 5432) from Host. So executing following iptables command on Guest OS worked:
$ sudo iptables -I INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
In your case, for httpd server running at port 80, you may have to do below:
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
I never faced this problem when running ubuntu/debian as Guest OS, so probably firewall is not configured in them.

Resources