hi:

I'm trying to start a webserver (rails) on Ubuntu 14.04 LTS. It starts fine and responds fine to local wget/curl requests, but no remote requests (curl or browser). No error code - just failed connection. To eliminate variables, I'm using just the IP address (no DNS) over port 80, though I was ultimately planning to run on normal dev ports of 3000 or 8080.

As I'm not 100% confident in the firewall settings, I first tried to temporarily disable/flush the rules with "sudo iptables -F", but still getting failure to connect in remote curl or browser.

netstat -ltn shows:

b:~$ netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

iptables -L shows:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3000
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Thanks in advance for your help.

Your server (the port 80 line above) is only listening on your localhost (127.0.0.1) address, thus it's impossible to contact it from the outside (firewall or not). It's probably a default "safe" setting in whatever setup you're using. You want that port 80 line to look more like your ssh (port 22) line below it "0.0.0.0" as the local address (or alternatively an explicit local address of your public IP).

You need to adjust your configuration (either the rails app itself if its serving the port directly, or your front-end web server if not) to let it listen on either all of your addresses, or explicitly a selected public address, in addition to localhost. There's probably a configuration item somewhere for listen or local address to bind to.

-- David

Thanks, David. That was it.

For future reference for anyone else searching, the binding in rails is 'rvmsudo rails s -p80 --binding=0.0.0.0