listening but not connecting

Larry Martell larry.martell at gmail.com
Fri Jul 29 02:13:30 UTC 2016


On Thu, Jul 28, 2016 at 3:52 PM, Francis Daly <francis at daoine.org> wrote:
> On Thu, Jul 28, 2016 at 03:01:17PM -0400, Larry Martell wrote:
>
> Hi there,
>
>> netstat shows that nginx is listening on port 80:
>>
>> tcp        0      0 0.0.0.0:80              0.0.0.0:*
>> LISTEN      9256/nginx: master
>>
>> But I cannot connect from my browser (I get connection timeout):
>
>> The error log has just this one line:
>>
>> 2016/07/28 14:26:41 [notice] 8737#0: signal process started
>>
>> And there is nothing in the access.log.
>>
>> Any ideas what I could be missing or what i should check?
>
> nginx is seeing no traffic.
>
> So look at everything outside of nginx.
>
> Does the hostname you use resolve to the nginx IP address?

>From my browser I am connecting to it with an IP address.

> Do you have a working network route to and from the nginx server?

Yes, I can ping it from the host I am trying to connect from .

> Is the a firewall or network control device anywhere in between that is dropping the traffic?

There was the out of the box firewall, and first I made sure port 80
was open (firewall-cmd --zone=public --add-port=80/tcp --permanent)
and then I totally disabled the firewalll (systemctl disable
firewalld). I also disabled selinux.

> From the nginx server, does "curl -v http://127.0.0.1/"

That returns the django login page, which is what I would expect.

> or "curl -v http://127.0.0.1/static/"

That gives a 403 forbidden.

> give any useful response, or output in the log files?

For that request nginx error log has:

[error] 9257#0: *21 directory index of
"/usr/local/motor/motor/static/" is forbidden, client: 127.0.0.1,
server: localhost, request: "GET /static/ HTTP/1.1", host: "127.0.0.1"

> If so, you know that nginx is active.
>
> Does "tcpdump" on the nginx server show any incoming port-80 traffic?

I am trying to connect from 173 and the nginx host is 152. When I try
and connect from the browser tcpdump shows messages like this:

IP xx.xx.xx.173.58265 > xx.xx.xx.152.http: Flags [S], seq 2911544323,
win 5840, options [mss 1460,sackOK,TS val 442582882 ecr 0,nop,wscale
2,unknown-76 0x01019887a79a0005,unknown-76 0x0c05,nop,eol], length 0
 IP xx.xx.xx.152 > xx.xx.xx.173: ICMP host 10.188.36.152 unreachable -
admin prohibited, length 84

> Good luck with it,

Thanks. I need more then luck ;-)



More information about the nginx mailing list