You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Tommy Chheng <tc...@uci.edu> on 2008/04/28 20:03:10 UTC
firewall
Hi,
I'm trying to get CouchDB to work as a server. I got it install and
everything works from the same machine, ie, wget localhost:5984 gives
a response.
but i want to access this server over the internet. I set an allow in
iptables:
/sbin/iptables -A INPUT -p tcp -m tcp --sport 5984 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:
5984
ACCEPT tcp -- anywhere anywhere tcp spt:
5984
I'm able to connect to my webserver on this same machine fine. Just no
response on 5984.
Any ideas what's wrong?
thanks,
tommy
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
I'm on couch 0.7.3a813
I only recently checked it from SVN so it should be fairly new.
On Apr 28, 2008, at 1:32 PM, Paul Davis wrote:
> What version of couchdb are you using?
>
> I'm on the most recent svn and I don't need it. Or do you have some
> other setup that's requiring that?
>
> Also, I'm out of ideas, so maybe someone else can jump in.
>
> On Mon, Apr 28, 2008 at 4:11 PM, Tommy Chheng <tc...@uci.edu> wrote:
>> Apparently the httpd_conf is needed :(
>>
>> httpd_conf: Error while reading config file: httpd_conf: Cannot open
>> couch_httpd.conf
>>
>>
>>
>>
>>
>> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>>
>>
>>> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
>>> wrote:
>>>
>>>> ok, I added the Port to the couch.ini and changed my
>>>> couch_http.conf to
>>>> match Still no luck:
>>>> my couch_http.conf file
>>>> http://pastie.caboo.se/188195
>>>>
>>>> I'm running nginx and mongrel for rails on this server.. I doubt
>>>> these
>> can
>>>> be an issue since they aren't touching 5984 at all and no
>>>> firewall is
>> on...
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>>>
>>>>
>>>>
>>>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>>>>> wrote:
>>>>>
>>>>>
>>>>>> I added BindAddress so my couch.ini file looks like:
>>>>>> http://pastie.caboo.se/188174
>>>>>>
>>>>>> Still same problem.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>>>
>>>>>>>> /sbin/iptables -L
>>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>>> target prot opt source destination
>>>>>>>>
>>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>>>
>>>>>>>> target prot opt source destination
>>>>>>>>
>>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>>>
>>>>>>>> target prot opt source destination
>>>>>>>>
>>>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>>>
>>>>>>>> target prot opt source destination
>>>>>>>>
>>>>>>>> Still no response from outside. It's only working via
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> localhost:5984.
>>>>
>>>>>
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Any ideas how to debug this?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
>> ACCEPT
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Ohhhh. Heh.
>>>>>>>
>>>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>>>
>>>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>>>
>>>>>>> Or your local static ip to only listen on that IP.
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> I don't see a port specified. I'd assume that's specified in
>>>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if you
>>>>> have a
>>>>> conflicting BindAddress in there as well.
>>>>>
>>>>> For reference, my couch.ini looks like this:
>>>>> http://pastie.caboo.se/188178
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>> The other servers are reachable from an external host, right?
>>>
>>> Try commenting out the HttpConf. I've never used that and don't have
>>> much of an idea on what the side effects might be. Could it be that
>>> having the BindAddress and Port specified multiple times is causing
>>> issues?
>>>
>>> Paul
>>>
>>>
>>
>>
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
What version of couchdb are you using?
I'm on the most recent svn and I don't need it. Or do you have some
other setup that's requiring that?
Also, I'm out of ideas, so maybe someone else can jump in.
On Mon, Apr 28, 2008 at 4:11 PM, Tommy Chheng <tc...@uci.edu> wrote:
> Apparently the httpd_conf is needed :(
>
> httpd_conf: Error while reading config file: httpd_conf: Cannot open
> couch_httpd.conf
>
>
>
>
>
> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>
>
> > On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu> wrote:
> >
> > > ok, I added the Port to the couch.ini and changed my couch_http.conf to
> > > match Still no luck:
> > > my couch_http.conf file
> > > http://pastie.caboo.se/188195
> > >
> > > I'm running nginx and mongrel for rails on this server.. I doubt these
> can
> > > be an issue since they aren't touching 5984 at all and no firewall is
> on...
> > >
> > >
> > >
> > >
> > >
> > > On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
> > >
> > >
> > >
> > > > On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu> wrote:
> > > >
> > > >
> > > > > I added BindAddress so my couch.ini file looks like:
> > > > > http://pastie.caboo.se/188174
> > > > >
> > > > > Still same problem.
> > > > >
> > > > >
> > > > >
> > > > > On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
> wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Ok, so i just turned off the firewall temporary
> > > > > > >
> > > > > > > /sbin/iptables -L
> > > > > > > Chain INPUT (policy ACCEPT)
> > > > > > > target prot opt source destination
> > > > > > >
> > > > > > > Chain FORWARD (policy ACCEPT)
> > > > > > >
> > > > > > > target prot opt source destination
> > > > > > >
> > > > > > > Chain OUTPUT (policy ACCEPT)
> > > > > > >
> > > > > > > target prot opt source destination
> > > > > > >
> > > > > > > Chain RH-Firewall-1-INPUT (0 references)
> > > > > > >
> > > > > > > target prot opt source destination
> > > > > > >
> > > > > > > Still no response from outside. It's only working via
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > localhost:5984.
> > >
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > > Any ideas how to debug this?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
> ACCEPT
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > Ohhhh. Heh.
> > > > > >
> > > > > > /usr/local/etc/couchdb/couch.ini
> > > > > >
> > > > > > Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
> > > > > >
> > > > > > Or your local static ip to only listen on that IP.
> > > > > >
> > > > > > Paul
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > I don't see a port specified. I'd assume that's specified in
> > > > /usr/local/etc/couchdb/couch_httpd.conf. You might check if you have a
> > > > conflicting BindAddress in there as well.
> > > >
> > > > For reference, my couch.ini looks like this:
> > > > http://pastie.caboo.se/188178
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> > The other servers are reachable from an external host, right?
> >
> > Try commenting out the HttpConf. I've never used that and don't have
> > much of an idea on what the side effects might be. Could it be that
> > having the BindAddress and Port specified multiple times is causing
> > issues?
> >
> > Paul
> >
> >
>
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
I'd start by getting a tcpdump of the traffic to port 5984 on the
couchdb machine.
On Mon, Apr 28, 2008 at 5:59 PM, Tommy Chheng <tc...@uci.edu> wrote:
> Ok, previously I checked out from the google code source.
> Still can't access from external and all iptables rules are turned off.
>
> I tried both
> BindAddress=127.0.0.1
>
> BindAddress=0.0.0.0
>
>
> There's no response from the outside.
> couch 0.7.3a652071 (LogLevel=info)
> Apache CouchDB is starting.
> Apache CouchDB has started. Time to relax.
>
> Only when I access from the same machine do i get info from the couchdb
> output:
> [info] [<0.54.0>] 127.0.0.1 - - "GET /" 200
>
>
> Any thoughts in where to start to debug?
>
> -
> Tommy
>
>
>
> On Apr 28, 2008, at 2:23 PM, Paul Davis wrote:
>
>
> > I might also point out that judging from the version number you
> > checked out of SVN before the move to apache. I'd check out a fresh
> > copy from svn.apache.org and see if that fixes things.
> >
> > Paul
> >
> > On Mon, Apr 28, 2008 at 5:18 PM, Jan Lehnardt <ja...@apache.org> wrote:
> >
> > > With trunk you don't need the couch_httpd.ini anymore. It
> > > was all merged into couch.ini
> > >
> > > Cheers
> > > Jan
> > > --
> > >
> > >
> > > On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
> > >
> > >
> > > > Apparently the httpd_conf is needed :(
> > > >
> > > > httpd_conf: Error while reading config file: httpd_conf: Cannot open
> > > >
> > > couch_httpd.conf
> > >
> > > >
> > > >
> > > >
> > > > On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
> > > >
> > > >
> > > >
> > > > > On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
> wrote:
> > > > >
> > > > >
> > > > > > ok, I added the Port to the couch.ini and changed my
> couch_http.conf
> > > > > >
> > > > >
> > > >
> > > to
> > >
> > > >
> > > > >
> > > > > > match Still no luck:
> > > > > > my couch_http.conf file
> > > > > > http://pastie.caboo.se/188195
> > > > > >
> > > > > > I'm running nginx and mongrel for rails on this server.. I doubt
> > > > > >
> > > > >
> > > >
> > > these can
> > >
> > > >
> > > > >
> > > > > > be an issue since they aren't touching 5984 at all and no firewall
> is
> > > > > >
> > > > >
> > > >
> > > on...
> > >
> > > >
> > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > wrote:
> > >
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > I added BindAddress so my couch.ini file looks like:
> > > > > > > > http://pastie.caboo.se/188174
> > > > > > > >
> > > > > > > > Still same problem.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng
> <tc...@uci.edu>
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > wrote:
> > >
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Ok, so i just turned off the firewall temporary
> > > > > > > > > >
> > > > > > > > > > /sbin/iptables -L
> > > > > > > > > > Chain INPUT (policy ACCEPT)
> > > > > > > > > > target prot opt source destination
> > > > > > > > > >
> > > > > > > > > > Chain FORWARD (policy ACCEPT)
> > > > > > > > > >
> > > > > > > > > > target prot opt source destination
> > > > > > > > > >
> > > > > > > > > > Chain OUTPUT (policy ACCEPT)
> > > > > > > > > >
> > > > > > > > > > target prot opt source destination
> > > > > > > > > >
> > > > > > > > > > Chain RH-Firewall-1-INPUT (0 references)
> > > > > > > > > >
> > > > > > > > > > target prot opt source destination
> > > > > > > > > >
> > > > > > > > > > Still no response from outside. It's only working via
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > localhost:5984.
> > > > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Any ideas how to debug this?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > ACCEPT
> > >
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > Ohhhh. Heh.
> > > > > > > > >
> > > > > > > > > /usr/local/etc/couchdb/couch.ini
> > > > > > > > >
> > > > > > > > > Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
> > > > > > > > >
> > > > > > > > > Or your local static ip to only listen on that IP.
> > > > > > > > >
> > > > > > > > > Paul
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > I don't see a port specified. I'd assume that's specified in
> > > > > > > /usr/local/etc/couchdb/couch_httpd.conf. You might check if you
> have
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > a
> > >
> > > >
> > > > >
> > > > > >
> > > > > > > conflicting BindAddress in there as well.
> > > > > > >
> > > > > > > For reference, my couch.ini looks like this:
> > > > > > > http://pastie.caboo.se/188178
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > The other servers are reachable from an external host, right?
> > > > >
> > > > > Try commenting out the HttpConf. I've never used that and don't have
> > > > > much of an idea on what the side effects might be. Could it be that
> > > > > having the BindAddress and Port specified multiple times is causing
> > > > > issues?
> > > > >
> > > > > Paul
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
>
>
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
Thanks for the tip. The problem was my host provider only allowed port
80/21 at the router level.
On Apr 28, 2008, at 3:12 PM, Anthony Mills wrote:
> Have you tried checking your router? Some of them can block ports.
> If your comfortable in command line you can try querying the server
> directly:
>
> telnet <ip> 5984
> GET /
>
> You need to hit return twice, usually.
>
> If you do not get a connection, then your connection is misrouted,
> or your port is blocked. If it works, but your still not able to
> connect with a web browser your proxy or socks server is in the way.
>
> Hope it helps,
>
> Anthony
>
>
> On Apr 28, 2008, at 4:59 PM, Tommy Chheng wrote:
>
>> Ok, previously I checked out from the google code source.
>> Still can't access from external and all iptables rules are turned
>> off.
>>
>> I tried both
>> BindAddress=127.0.0.1
>> BindAddress=0.0.0.0
>>
>>
>> There's no response from the outside.
>> couch 0.7.3a652071 (LogLevel=info)
>> Apache CouchDB is starting.
>> Apache CouchDB has started. Time to relax.
>>
>> Only when I access from the same machine do i get info from the
>> couchdb output:
>> [info] [<0.54.0>] 127.0.0.1 - - "GET /" 200
>>
>>
>> Any thoughts in where to start to debug?
>>
>> -
>> Tommy
>>
>> On Apr 28, 2008, at 2:23 PM, Paul Davis wrote:
>>
>>> I might also point out that judging from the version number you
>>> checked out of SVN before the move to apache. I'd check out a fresh
>>> copy from svn.apache.org and see if that fixes things.
>>>
>>> Paul
>>>
>>> On Mon, Apr 28, 2008 at 5:18 PM, Jan Lehnardt <ja...@apache.org>
>>> wrote:
>>>> With trunk you don't need the couch_httpd.ini anymore. It
>>>> was all merged into couch.ini
>>>>
>>>> Cheers
>>>> Jan
>>>> --
>>>>
>>>>
>>>> On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
>>>>
>>>>> Apparently the httpd_conf is needed :(
>>>>>
>>>>> httpd_conf: Error while reading config file: httpd_conf: Cannot
>>>>> open
>>>> couch_httpd.conf
>>>>>
>>>>>
>>>>>
>>>>> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>>>>>
>>>>>
>>>>>> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
>>>>>> wrote:
>>>>>>
>>>>>>> ok, I added the Port to the couch.ini and changed my
>>>>>>> couch_http.conf
>>>> to
>>>>>>> match Still no luck:
>>>>>>> my couch_http.conf file
>>>>>>> http://pastie.caboo.se/188195
>>>>>>>
>>>>>>> I'm running nginx and mongrel for rails on this server.. I
>>>>>>> doubt
>>>> these can
>>>>>>> be an issue since they aren't touching 5984 at all and no
>>>>>>> firewall is
>>>> on...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> I added BindAddress so my couch.ini file looks like:
>>>>>>>>> http://pastie.caboo.se/188174
>>>>>>>>>
>>>>>>>>> Still same problem.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tchheng@uci.edu
>>>>>>>>>> >
>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>>>>>>
>>>>>>>>>>> /sbin/iptables -L
>>>>>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>>>>>> target prot opt source destination
>>>>>>>>>>>
>>>>>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>>>>>>
>>>>>>>>>>> target prot opt source destination
>>>>>>>>>>>
>>>>>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>>>>>>
>>>>>>>>>>> target prot opt source destination
>>>>>>>>>>>
>>>>>>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>>>>>>
>>>>>>>>>>> target prot opt source destination
>>>>>>>>>>>
>>>>>>>>>>> Still no response from outside. It's only working via
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>> localhost:5984.
>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Any ideas how to debug this?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
>>>> ACCEPT
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Ohhhh. Heh.
>>>>>>>>>>
>>>>>>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>>>>>>
>>>>>>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>>>>>>
>>>>>>>>>> Or your local static ip to only listen on that IP.
>>>>>>>>>>
>>>>>>>>>> Paul
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> I don't see a port specified. I'd assume that's specified in
>>>>>>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if
>>>>>>>> you have
>>>> a
>>>>>>>> conflicting BindAddress in there as well.
>>>>>>>>
>>>>>>>> For reference, my couch.ini looks like this:
>>>>>>>> http://pastie.caboo.se/188178
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> The other servers are reachable from an external host, right?
>>>>>>
>>>>>> Try commenting out the HttpConf. I've never used that and don't
>>>>>> have
>>>>>> much of an idea on what the side effects might be. Could it be
>>>>>> that
>>>>>> having the BindAddress and Port specified multiple times is
>>>>>> causing
>>>>>> issues?
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
Re: firewall
Posted by Anthony Mills <am...@gascard.net>.
Have you tried checking your router? Some of them can block ports.
If your comfortable in command line you can try querying the server
directly:
telnet <ip> 5984
GET /
You need to hit return twice, usually.
If you do not get a connection, then your connection is misrouted, or
your port is blocked. If it works, but your still not able to connect
with a web browser your proxy or socks server is in the way.
Hope it helps,
Anthony
On Apr 28, 2008, at 4:59 PM, Tommy Chheng wrote:
> Ok, previously I checked out from the google code source.
> Still can't access from external and all iptables rules are turned
> off.
>
> I tried both
> BindAddress=127.0.0.1
> BindAddress=0.0.0.0
>
>
> There's no response from the outside.
> couch 0.7.3a652071 (LogLevel=info)
> Apache CouchDB is starting.
> Apache CouchDB has started. Time to relax.
>
> Only when I access from the same machine do i get info from the
> couchdb output:
> [info] [<0.54.0>] 127.0.0.1 - - "GET /" 200
>
>
> Any thoughts in where to start to debug?
>
> -
> Tommy
>
> On Apr 28, 2008, at 2:23 PM, Paul Davis wrote:
>
>> I might also point out that judging from the version number you
>> checked out of SVN before the move to apache. I'd check out a fresh
>> copy from svn.apache.org and see if that fixes things.
>>
>> Paul
>>
>> On Mon, Apr 28, 2008 at 5:18 PM, Jan Lehnardt <ja...@apache.org> wrote:
>>> With trunk you don't need the couch_httpd.ini anymore. It
>>> was all merged into couch.ini
>>>
>>> Cheers
>>> Jan
>>> --
>>>
>>>
>>> On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
>>>
>>>> Apparently the httpd_conf is needed :(
>>>>
>>>> httpd_conf: Error while reading config file: httpd_conf: Cannot
>>>> open
>>> couch_httpd.conf
>>>>
>>>>
>>>>
>>>> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>>>>
>>>>
>>>>> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
>>>>> wrote:
>>>>>
>>>>>> ok, I added the Port to the couch.ini and changed my
>>>>>> couch_http.conf
>>> to
>>>>>> match Still no luck:
>>>>>> my couch_http.conf file
>>>>>> http://pastie.caboo.se/188195
>>>>>>
>>>>>> I'm running nginx and mongrel for rails on this server.. I doubt
>>> these can
>>>>>> be an issue since they aren't touching 5984 at all and no
>>>>>> firewall is
>>> on...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>> I added BindAddress so my couch.ini file looks like:
>>>>>>>> http://pastie.caboo.se/188174
>>>>>>>>
>>>>>>>> Still same problem.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng
>>>>>>>>> <tc...@uci.edu>
>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>>>>>
>>>>>>>>>> /sbin/iptables -L
>>>>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>>>>> target prot opt source destination
>>>>>>>>>>
>>>>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>>>>>
>>>>>>>>>> target prot opt source destination
>>>>>>>>>>
>>>>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>>>>>
>>>>>>>>>> target prot opt source destination
>>>>>>>>>>
>>>>>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>>>>>
>>>>>>>>>> target prot opt source destination
>>>>>>>>>>
>>>>>>>>>> Still no response from outside. It's only working via
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> localhost:5984.
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Any ideas how to debug this?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
>>> ACCEPT
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Ohhhh. Heh.
>>>>>>>>>
>>>>>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>>>>>
>>>>>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>>>>>
>>>>>>>>> Or your local static ip to only listen on that IP.
>>>>>>>>>
>>>>>>>>> Paul
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> I don't see a port specified. I'd assume that's specified in
>>>>>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if
>>>>>>> you have
>>> a
>>>>>>> conflicting BindAddress in there as well.
>>>>>>>
>>>>>>> For reference, my couch.ini looks like this:
>>>>>>> http://pastie.caboo.se/188178
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> The other servers are reachable from an external host, right?
>>>>>
>>>>> Try commenting out the HttpConf. I've never used that and don't
>>>>> have
>>>>> much of an idea on what the side effects might be. Could it be
>>>>> that
>>>>> having the BindAddress and Port specified multiple times is
>>>>> causing
>>>>> issues?
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
Ok, previously I checked out from the google code source.
Still can't access from external and all iptables rules are turned off.
I tried both
BindAddress=127.0.0.1
BindAddress=0.0.0.0
There's no response from the outside.
couch 0.7.3a652071 (LogLevel=info)
Apache CouchDB is starting.
Apache CouchDB has started. Time to relax.
Only when I access from the same machine do i get info from the
couchdb output:
[info] [<0.54.0>] 127.0.0.1 - - "GET /" 200
Any thoughts in where to start to debug?
-
Tommy
On Apr 28, 2008, at 2:23 PM, Paul Davis wrote:
> I might also point out that judging from the version number you
> checked out of SVN before the move to apache. I'd check out a fresh
> copy from svn.apache.org and see if that fixes things.
>
> Paul
>
> On Mon, Apr 28, 2008 at 5:18 PM, Jan Lehnardt <ja...@apache.org> wrote:
>> With trunk you don't need the couch_httpd.ini anymore. It
>> was all merged into couch.ini
>>
>> Cheers
>> Jan
>> --
>>
>>
>> On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
>>
>>> Apparently the httpd_conf is needed :(
>>>
>>> httpd_conf: Error while reading config file: httpd_conf: Cannot open
>> couch_httpd.conf
>>>
>>>
>>>
>>> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>>>
>>>
>>>> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
>>>> wrote:
>>>>
>>>>> ok, I added the Port to the couch.ini and changed my
>>>>> couch_http.conf
>> to
>>>>> match Still no luck:
>>>>> my couch_http.conf file
>>>>> http://pastie.caboo.se/188195
>>>>>
>>>>> I'm running nginx and mongrel for rails on this server.. I doubt
>> these can
>>>>> be an issue since they aren't touching 5984 at all and no
>>>>> firewall is
>> on...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>> wrote:
>>>>>>
>>>>>>
>>>>>>> I added BindAddress so my couch.ini file looks like:
>>>>>>> http://pastie.caboo.se/188174
>>>>>>>
>>>>>>> Still same problem.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>>>>
>>>>>>>>> /sbin/iptables -L
>>>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>>>> target prot opt source destination
>>>>>>>>>
>>>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>>>>
>>>>>>>>> target prot opt source destination
>>>>>>>>>
>>>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>>>>
>>>>>>>>> target prot opt source destination
>>>>>>>>>
>>>>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>>>>
>>>>>>>>> target prot opt source destination
>>>>>>>>>
>>>>>>>>> Still no response from outside. It's only working via
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> localhost:5984.
>>>>>
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Any ideas how to debug this?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
>> ACCEPT
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> Ohhhh. Heh.
>>>>>>>>
>>>>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>>>>
>>>>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>>>>
>>>>>>>> Or your local static ip to only listen on that IP.
>>>>>>>>
>>>>>>>> Paul
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> I don't see a port specified. I'd assume that's specified in
>>>>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if you
>>>>>> have
>> a
>>>>>> conflicting BindAddress in there as well.
>>>>>>
>>>>>> For reference, my couch.ini looks like this:
>>>>>> http://pastie.caboo.se/188178
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> The other servers are reachable from an external host, right?
>>>>
>>>> Try commenting out the HttpConf. I've never used that and don't
>>>> have
>>>> much of an idea on what the side effects might be. Could it be that
>>>> having the BindAddress and Port specified multiple times is causing
>>>> issues?
>>>>
>>>> Paul
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
I might also point out that judging from the version number you
checked out of SVN before the move to apache. I'd check out a fresh
copy from svn.apache.org and see if that fixes things.
Paul
On Mon, Apr 28, 2008 at 5:18 PM, Jan Lehnardt <ja...@apache.org> wrote:
> With trunk you don't need the couch_httpd.ini anymore. It
> was all merged into couch.ini
>
> Cheers
> Jan
> --
>
>
> On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
>
> > Apparently the httpd_conf is needed :(
> >
> > httpd_conf: Error while reading config file: httpd_conf: Cannot open
> couch_httpd.conf
> >
> >
> >
> > On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
> >
> >
> > > On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu> wrote:
> > >
> > > > ok, I added the Port to the couch.ini and changed my couch_http.conf
> to
> > > > match Still no luck:
> > > > my couch_http.conf file
> > > > http://pastie.caboo.se/188195
> > > >
> > > > I'm running nginx and mongrel for rails on this server.. I doubt
> these can
> > > > be an issue since they aren't touching 5984 at all and no firewall is
> on...
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
> > > >
> > > >
> > > >
> > > > > On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
> wrote:
> > > > >
> > > > >
> > > > > > I added BindAddress so my couch.ini file looks like:
> > > > > > http://pastie.caboo.se/188174
> > > > > >
> > > > > > Still same problem.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
> wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > Ok, so i just turned off the firewall temporary
> > > > > > > >
> > > > > > > > /sbin/iptables -L
> > > > > > > > Chain INPUT (policy ACCEPT)
> > > > > > > > target prot opt source destination
> > > > > > > >
> > > > > > > > Chain FORWARD (policy ACCEPT)
> > > > > > > >
> > > > > > > > target prot opt source destination
> > > > > > > >
> > > > > > > > Chain OUTPUT (policy ACCEPT)
> > > > > > > >
> > > > > > > > target prot opt source destination
> > > > > > > >
> > > > > > > > Chain RH-Firewall-1-INPUT (0 references)
> > > > > > > >
> > > > > > > > target prot opt source destination
> > > > > > > >
> > > > > > > > Still no response from outside. It's only working via
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > localhost:5984.
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > Any ideas how to debug this?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j
> ACCEPT
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > > Ohhhh. Heh.
> > > > > > >
> > > > > > > /usr/local/etc/couchdb/couch.ini
> > > > > > >
> > > > > > > Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
> > > > > > >
> > > > > > > Or your local static ip to only listen on that IP.
> > > > > > >
> > > > > > > Paul
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > I don't see a port specified. I'd assume that's specified in
> > > > > /usr/local/etc/couchdb/couch_httpd.conf. You might check if you have
> a
> > > > > conflicting BindAddress in there as well.
> > > > >
> > > > > For reference, my couch.ini looks like this:
> > > > > http://pastie.caboo.se/188178
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > > The other servers are reachable from an external host, right?
> > >
> > > Try commenting out the HttpConf. I've never used that and don't have
> > > much of an idea on what the side effects might be. Could it be that
> > > having the BindAddress and Port specified multiple times is causing
> > > issues?
> > >
> > > Paul
> > >
> > >
> >
> >
> >
>
>
Re: firewall
Posted by Jan Lehnardt <ja...@apache.org>.
With trunk you don't need the couch_httpd.ini anymore. It
was all merged into couch.ini
Cheers
Jan
--
On Apr 28, 2008, at 22:11, Tommy Chheng wrote:
> Apparently the httpd_conf is needed :(
>
> httpd_conf: Error while reading config file: httpd_conf: Cannot open
> couch_httpd.conf
>
>
>
> On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
>
>> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu>
>> wrote:
>>> ok, I added the Port to the couch.ini and changed my
>>> couch_http.conf to
>>> match Still no luck:
>>> my couch_http.conf file
>>> http://pastie.caboo.se/188195
>>>
>>> I'm running nginx and mongrel for rails on this server.. I doubt
>>> these can
>>> be an issue since they aren't touching 5984 at all and no firewall
>>> is on...
>>>
>>>
>>>
>>>
>>>
>>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>>
>>>
>>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>>>> wrote:
>>>>
>>>>> I added BindAddress so my couch.ini file looks like:
>>>>> http://pastie.caboo.se/188174
>>>>>
>>>>> Still same problem.
>>>>>
>>>>>
>>>>>
>>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>>
>>>>>>> /sbin/iptables -L
>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>> target prot opt source destination
>>>>>>>
>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>>
>>>>>>> target prot opt source destination
>>>>>>>
>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>>
>>>>>>> target prot opt source destination
>>>>>>>
>>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>>
>>>>>>> target prot opt source destination
>>>>>>>
>>>>>>> Still no response from outside. It's only working via
>>> localhost:5984.
>>>>>>>
>>>>>>> Any ideas how to debug this?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Ohhhh. Heh.
>>>>>>
>>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>>
>>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>>
>>>>>> Or your local static ip to only listen on that IP.
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> I don't see a port specified. I'd assume that's specified in
>>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if you
>>>> have a
>>>> conflicting BindAddress in there as well.
>>>>
>>>> For reference, my couch.ini looks like this:
>>>> http://pastie.caboo.se/188178
>>>>
>>>>
>>>
>>>
>>
>> The other servers are reachable from an external host, right?
>>
>> Try commenting out the HttpConf. I've never used that and don't have
>> much of an idea on what the side effects might be. Could it be that
>> having the BindAddress and Port specified multiple times is causing
>> issues?
>>
>> Paul
>>
>
>
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
Apparently the httpd_conf is needed :(
httpd_conf: Error while reading config file: httpd_conf: Cannot open
couch_httpd.conf
On Apr 28, 2008, at 12:04 PM, Paul Davis wrote:
> On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu> wrote:
>> ok, I added the Port to the couch.ini and changed my
>> couch_http.conf to
>> match Still no luck:
>> my couch_http.conf file
>> http://pastie.caboo.se/188195
>>
>> I'm running nginx and mongrel for rails on this server.. I doubt
>> these can
>> be an issue since they aren't touching 5984 at all and no firewall
>> is on...
>>
>>
>>
>>
>>
>> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>>
>>
>>> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu>
>>> wrote:
>>>
>>>> I added BindAddress so my couch.ini file looks like:
>>>> http://pastie.caboo.se/188174
>>>>
>>>> Still same problem.
>>>>
>>>>
>>>>
>>>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>>>
>>>>
>>>>
>>>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
>>>>> wrote:
>>>>>
>>>>>
>>>>>> Ok, so i just turned off the firewall temporary
>>>>>>
>>>>>> /sbin/iptables -L
>>>>>> Chain INPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>>>
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Still no response from outside. It's only working via
>> localhost:5984.
>>>>>>
>>>>>> Any ideas how to debug this?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Ohhhh. Heh.
>>>>>
>>>>> /usr/local/etc/couchdb/couch.ini
>>>>>
>>>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>>>
>>>>> Or your local static ip to only listen on that IP.
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>> I don't see a port specified. I'd assume that's specified in
>>> /usr/local/etc/couchdb/couch_httpd.conf. You might check if you
>>> have a
>>> conflicting BindAddress in there as well.
>>>
>>> For reference, my couch.ini looks like this:
>>> http://pastie.caboo.se/188178
>>>
>>>
>>
>>
>
> The other servers are reachable from an external host, right?
>
> Try commenting out the HttpConf. I've never used that and don't have
> much of an idea on what the side effects might be. Could it be that
> having the BindAddress and Port specified multiple times is causing
> issues?
>
> Paul
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
On Mon, Apr 28, 2008 at 2:57 PM, Tommy Chheng <tc...@uci.edu> wrote:
> ok, I added the Port to the couch.ini and changed my couch_http.conf to
> match Still no luck:
> my couch_http.conf file
> http://pastie.caboo.se/188195
>
> I'm running nginx and mongrel for rails on this server.. I doubt these can
> be an issue since they aren't touching 5984 at all and no firewall is on...
>
>
>
>
>
> On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
>
>
> > On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu> wrote:
> >
> > > I added BindAddress so my couch.ini file looks like:
> > > http://pastie.caboo.se/188174
> > >
> > > Still same problem.
> > >
> > >
> > >
> > > On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
> > >
> > >
> > >
> > > > On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu> wrote:
> > > >
> > > >
> > > > > Ok, so i just turned off the firewall temporary
> > > > >
> > > > > /sbin/iptables -L
> > > > > Chain INPUT (policy ACCEPT)
> > > > > target prot opt source destination
> > > > >
> > > > > Chain FORWARD (policy ACCEPT)
> > > > >
> > > > > target prot opt source destination
> > > > >
> > > > > Chain OUTPUT (policy ACCEPT)
> > > > >
> > > > > target prot opt source destination
> > > > >
> > > > > Chain RH-Firewall-1-INPUT (0 references)
> > > > >
> > > > > target prot opt source destination
> > > > >
> > > > > Still no response from outside. It's only working via
> localhost:5984.
> > > > >
> > > > > Any ideas how to debug this?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > Ohhhh. Heh.
> > > >
> > > > /usr/local/etc/couchdb/couch.ini
> > > >
> > > > Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
> > > >
> > > > Or your local static ip to only listen on that IP.
> > > >
> > > > Paul
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> > I don't see a port specified. I'd assume that's specified in
> > /usr/local/etc/couchdb/couch_httpd.conf. You might check if you have a
> > conflicting BindAddress in there as well.
> >
> > For reference, my couch.ini looks like this:
> > http://pastie.caboo.se/188178
> >
> >
>
>
The other servers are reachable from an external host, right?
Try commenting out the HttpConf. I've never used that and don't have
much of an idea on what the side effects might be. Could it be that
having the BindAddress and Port specified multiple times is causing
issues?
Paul
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
ok, I added the Port to the couch.ini and changed my couch_http.conf
to match Still no luck:
my couch_http.conf file
http://pastie.caboo.se/188195
I'm running nginx and mongrel for rails on this server.. I doubt
these can be an issue since they aren't touching 5984 at all and no
firewall is on...
On Apr 28, 2008, at 11:38 AM, Paul Davis wrote:
> On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu> wrote:
>> I added BindAddress so my couch.ini file looks like:
>> http://pastie.caboo.se/188174
>>
>> Still same problem.
>>
>>
>>
>> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>>
>>
>>> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu>
>>> wrote:
>>>
>>>> Ok, so i just turned off the firewall temporary
>>>>
>>>> /sbin/iptables -L
>>>> Chain INPUT (policy ACCEPT)
>>>> target prot opt source destination
>>>>
>>>> Chain FORWARD (policy ACCEPT)
>>>>
>>>> target prot opt source destination
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>>
>>>> target prot opt source destination
>>>>
>>>> Chain RH-Firewall-1-INPUT (0 references)
>>>>
>>>> target prot opt source destination
>>>>
>>>> Still no response from outside. It's only working via localhost:
>>>> 5984.
>>>>
>>>> Any ideas how to debug this?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>> Ohhhh. Heh.
>>>
>>> /usr/local/etc/couchdb/couch.ini
>>>
>>> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>>>
>>> Or your local static ip to only listen on that IP.
>>>
>>> Paul
>>>
>>>
>>
>>
>
> I don't see a port specified. I'd assume that's specified in
> /usr/local/etc/couchdb/couch_httpd.conf. You might check if you have a
> conflicting BindAddress in there as well.
>
> For reference, my couch.ini looks like this:
> http://pastie.caboo.se/188178
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
On Mon, Apr 28, 2008 at 2:30 PM, Tommy Chheng <tc...@uci.edu> wrote:
> I added BindAddress so my couch.ini file looks like:
> http://pastie.caboo.se/188174
>
> Still same problem.
>
>
>
> On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
>
>
> > On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu> wrote:
> >
> > > Ok, so i just turned off the firewall temporary
> > >
> > > /sbin/iptables -L
> > > Chain INPUT (policy ACCEPT)
> > > target prot opt source destination
> > >
> > > Chain FORWARD (policy ACCEPT)
> > >
> > > target prot opt source destination
> > >
> > > Chain OUTPUT (policy ACCEPT)
> > >
> > > target prot opt source destination
> > >
> > > Chain RH-Firewall-1-INPUT (0 references)
> > >
> > > target prot opt source destination
> > >
> > > Still no response from outside. It's only working via localhost:5984.
> > >
> > > Any ideas how to debug this?
> > >
> > >
> > >
> > >
> > >
> > > On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
> > >
> > >
> > >
> > > >
> > > >
> > > > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> > Ohhhh. Heh.
> >
> > /usr/local/etc/couchdb/couch.ini
> >
> > Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
> >
> > Or your local static ip to only listen on that IP.
> >
> > Paul
> >
> >
>
>
I don't see a port specified. I'd assume that's specified in
/usr/local/etc/couchdb/couch_httpd.conf. You might check if you have a
conflicting BindAddress in there as well.
For reference, my couch.ini looks like this:
http://pastie.caboo.se/188178
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
I added BindAddress so my couch.ini file looks like:
http://pastie.caboo.se/188174
Still same problem.
On Apr 28, 2008, at 11:22 AM, Paul Davis wrote:
> On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu> wrote:
>> Ok, so i just turned off the firewall temporary
>>
>> /sbin/iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain FORWARD (policy ACCEPT)
>>
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>>
>> target prot opt source destination
>>
>> Chain RH-Firewall-1-INPUT (0 references)
>>
>> target prot opt source destination
>>
>> Still no response from outside. It's only working via localhost:5984.
>>
>> Any ideas how to debug this?
>>
>>
>>
>>
>>
>> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>>
>>
>>>
>>>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>>>>
>>>
>>
>>
>
> Ohhhh. Heh.
>
> /usr/local/etc/couchdb/couch.ini
>
> Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
>
> Or your local static ip to only listen on that IP.
>
> Paul
>
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
On Mon, Apr 28, 2008 at 2:19 PM, Tommy Chheng <tc...@uci.edu> wrote:
> Ok, so i just turned off the firewall temporary
>
> /sbin/iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
>
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
>
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (0 references)
>
> target prot opt source destination
>
> Still no response from outside. It's only working via localhost:5984.
>
> Any ideas how to debug this?
>
>
>
>
>
> On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>
>
> >
> > > /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
> > >
> >
>
>
Ohhhh. Heh.
/usr/local/etc/couchdb/couch.ini
Change "BindAddresss=127.0.0.1" to "BindAddress=0.0.0.0"
Or your local static ip to only listen on that IP.
Paul
Re: firewall
Posted by Tommy Chheng <tc...@uci.edu>.
Ok, so i just turned off the firewall temporary
/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
Still no response from outside. It's only working via localhost:5984.
Any ideas how to debug this?
On Apr 28, 2008, at 11:12 AM, Paul Davis wrote:
>> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
Re: firewall
Posted by Paul Davis <pa...@gmail.com>.
On Mon, Apr 28, 2008 at 2:03 PM, Tommy Chheng <tc...@uci.edu> wrote:
> Hi,
> I'm trying to get CouchDB to work as a server. I got it install and
> everything works from the same machine, ie, wget localhost:5984 gives a
> response.
>
> but i want to access this server over the internet. I set an allow in
> iptables:
> /sbin/iptables -A INPUT -p tcp -m tcp --sport 5984 -j ACCEPT
> /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>
> /sbin/iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
> RH-Firewall-1-INPUT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere tcp dpt:5984
> ACCEPT tcp -- anywhere anywhere tcp spt:5984
>
>
> I'm able to connect to my webserver on this same machine fine. Just no
> response on 5984.
>
> Any ideas what's wrong?
>
> thanks,
> tommy
I think this is your problem:
-A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
Try chaning the --dport to --sport. Or, also, you could just not
filter outbound traffic. Unless for some reason you don't trust code
running behind your firewall.
HTH,
Paul