[clue] Can't connect to Webmin

foo7775 at comcast.net foo7775 at comcast.net
Sun Feb 10 12:13:35 MST 2013


Thanks for the response David! Fortunately, the output from the three commands you suggested is small/concise enough that an attachment isn't necessary: 

[root at system ~]# getenforce 
Enforcing 
[root at system ~]# service iptables status 
iptables: Firewall is not running. 
[root at system ~]# netstat -plant 
Active Internet connections (servers and established) 
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1145/rpcbind 
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 16710/perl 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1415/sshd 
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1301/cupsd 
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1491/master 
tcp 0 0 0.0.0.0:33566 0.0.0.0:* LISTEN 1163/rpc.statd 
tcp 0 52 10.20.30.7:22 10.20.30.112:60931 ESTABLISHED 15622/sshd 
tcp 0 0 :::111 :::* LISTEN 1145/rpcbind 
tcp 0 0 :::22 :::* LISTEN 1415/sshd 
tcp 0 0 ::1:631 :::* LISTEN 1301/cupsd 
tcp 0 0 :::46359 :::* LISTEN 1163/rpc.statd 
tcp 0 0 ::1:25 :::* LISTEN 1491/master 
[root at system ~]# 

So, it looks like SELinux could indeed be the culprit (' Enforcing '). I'll review how to disable that, & then try again & post the results. (Ironically, that's one of the things that I want to "play with" & gain a better understanding of...) 

Again, thanks for the help! 

T. 
----- Original Message -----
From: "David L. Willson" <DLWillson at TheGeek.NU> 
To: "CLUE's mailing list" <clue at cluedenver.org> 
Sent: Sunday, February 10, 2013 11:40:32 AM 
Subject: Re: [clue] Can't connect to Webmin 

Please send the output of these: 

getenforce 
service iptables status 
netstat -plant 

Preferably, as gzip'd text, but I don't know whether the list tolerates attachments. 

-- 
David L. Willson 
Trainer, Engineer, Enthusiast 
RHCE Network+ A+ Linux+ LPIC-1 Ubuntu 
Mobile 720-333-LANS(5267) 

This is a good time for a r3VOLution. 

----- foo7775 at comcast.net wrote: 
> Hi all, 
> 
> I've run into a bit of a puzzler while setting up a new server - or maybe it's just a "blind spot" that I'm not recognizing. The background is that I've recently bought a dual-Xeon system that I could use at home for playing around with virtualization. It's running ESXi 5.1, & currently has two virtual machines installed - a Windows Server 2012 Datacenter Edition (going to use that to learn all about that OS, as well as PowerShell) and a 2nd VM running CentOS 6.3. I have Webmin installed on the CentOS system, but I'm unable to connect to it from my desktop PC that's running Win7. The two machines are connected via an ordinary 10/100 Ethernet switch, no firewalls or other devices between. Here are the troubleshooting steps that I've taken so far: 
> 
> Attempted to connect using both http and https connections directed to port 10000, using both Firefox & IE9. Both time out, neither browser reports anything useful; 
> 
> Confirmed that the "virtual" network adapter within ESXi shows as 'Connected' & connects at power-on; 
> 
> I've tried pinging in both directions, each system is able to ping the other without issue (0-1ms latency); 
> 
> I am able to SSH from the Win7 desktop to the CentOS VM using PuTTY, login & all other functions behave as expected; 
> 
> I've confirmed that webmin is running - the output of both the 'ps aux' and 'netstat -aon' commands show the expected output: 
> 
> [root at system ~]# ps aux | grep webmin 
> root 11710 0.0 1.0 84572 19208 ? Ss 13:35 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf 
> 
> [root at system ~]# netstat -aon | head -2; netstat -aon | grep 10000 
> Active Internet connections (servers and established) 
> Proto Recv-Q Send-Q Local Address Foreign Address State Timer 
> tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN off (0.00/0/0) 
> udp 0 0 0.0.0.0:10000 0.0.0.0:* off (0.00/0/0) 
> 
> 
> I've edited the miniserv.conf configuration file & changed the 'port' and 'listen' parameters, then restarted webmin (/sbin/service webmin restart), that completed without issue - and when that was done, netstat correctly reported the new port listening; 
> 
> Re-trying with the browsers mentioned above (to the newly-changed port number) produced the same output; 
> 
> Completely disabled the Windows firewall, tried again, still no luck; 
> 
> Fired up the 'lynx' browser (ahhhh - memories of my first days on the internet!) within the CentOS VM, pointed it to the local system's port 10000, received output that appeared to be consistent with what I would expect (although I'm sure that lynx didn't format it as intended). 
> 
> So then I started wondering if I had a firewall active on the CentOS system - the output of the 'ps' command showed nothing for ipfw. I did find iptables active, so I stopped that using '/sbin/service iptables stop'. Testing at this point showed no change. 
> 
> At this point, I'm thinking that Webmin's probably working well enough on the VM, I'm just not able to *get* to it from the Win7 box, so I downloaded & installed the Windows port of nmap & strobed the VM from the Win7 machine (Intense scan, all TCP ports) - I'm including the relevant output below: 
> 
> SYN Stealth Scan Timing: About 54.23% done; ETC: 22:10 (0:01:17 remaining) 
> Discovered open port 10000/tcp on <IP address> 
> 
> Interestingly (to me) it did NOT detect port 10000 during the initial 'SYN Stealth Scan' where it detected the open port 22 (SSH) and one other port. 
> 
> 
> PORT STATE SERVICE VERSION 
> 10000/tcp open http MiniServ 1.620 (Webmin httpd) 
> |_http-favicon: Unknown favicon MD5: 9A2006C267DE04E262669D821B57EAD1 
> |_http-git: 0 
> |_http-methods: No Allow or Public header in OPTIONS response (status code 200) 
> | http-robots.txt: 1 disallowed entry 
> |_/ 
> |_http-title: Login to Webmin 
> | ndmp-version: 
> |_ ERROR: Failed to get host information from server 
> 
> To *me*, it still feels like there's a firewall in the mix somewhere (although the 'http-title: Login to Webmin' output above would *seem* to argue against that). Since I'm not too familiar with iptables, is it possible that it's still affecting the situation? What am I forgetting/overlooking? 
> 
> Thanks all. 
> 
> T. 

_______________________________________________ 
clue mailing list: clue at cluedenver.org 
For information, account preferences, or to unsubscribe see: 
http://cluedenver.org/mailman/listinfo/clue 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20130210/aee0d8fa/attachment-0001.html 


More information about the clue mailing list