Stefan,
I checked my iptables and found that only dpt port 80 was enabled.
I added spt to port 80. Also, to use svn commando to apache.org,
I opened both -dport and -sport on 3690.
After saving itables and restarting it, I tried
"svn co http://svn.apache.org/repos/asf/subversion/trunk subversion"
again on the server, but it failed with the message
"svn: OPTIONS (URL: 'http://svn.apache.org/repos/asf/subversion/trunk'):
Could not read status line:(http://svn.apache.org)".
Nothing has changed. Let me show my iptables list here. I add SERVICE
chain to make it manage easily.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- 10.0.0.0/8 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 192.168.0.0/16 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere state NEW tcp flags:!FIN,SYN,RST,ACK/SYN
SERVICE tcp -- anywhere anywhere state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain SERVICE (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:10022
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpts:50000:50030
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp spt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:svn
ACCEPT tcp -- anywhere anywhere tcp spt:svn
Would you please have a look at this list? And if you find my mistakes,
let me know please.
Thanks in advance,
Masaru
On 2012/06/05, at 18:55, Stefan Sperling wrote:
> On Tue, Jun 05, 2012 at 06:42:46PM +0900, Masaru Kitajima wrote:
>> I'm not sure if I have a connection problem. As "Yum" and "wget"
>> works well on the server. And I can connect to the server using
>> HTTP, FTP, and SSH.
>
> If I understood correctly you are having trouble connecting *from*
> the server to svn.apache.org, and that you can connect fine to
> svn.apache.org from another machine. Or did I misunderstand?
>
>> And I'm not behind any proxies. Only one thing which is different
>> is that it's a VPS. But the VPS has a global IP address and I can
>> configure almost everything.
>
> Maybe something between svn.apache.org and the VPS is interfering?
> Maybe your iptables rules on the VPS are somehow blocking or breaking
> outgoing http connections?
>
> I hope you'll find out what's wrong. I cannot think of anything
> else to suggest :(
>
>> Ah, I'm really confusing. Is there any specific port I should open
>> using iptables for Subversion HTTP connection besides 80?
>
> Subversion uses just port 80 for HTTP.
>
> BTW, I'm getting occasional bounces when sending replies to your posts:
>
> Final-Recipient: RFC822; kitajima_at_prime-kobo.com
> Action: failed
> Status: 4.4.7
> Remote-MTA: DNS; prime-kobo.com
> Diagnostic-Code: SMTP; 451 4.3.5 Server configuration error
> Last-Attempt-Date: Tue, 5 Jun 2012 11:31:05 +0200
>
> I don't know what this means and if it is related to the Subversion trouble
> you're having.
Received on 2012-06-06 03:51:00 CEST