112

I'm running into a small problem at the end of the Getting Started guide for vagrant. I'm working on a CentOS basebox that has Apache2 running (provisioning via Puppet). I've set up port forwarding for web requests using the following line in Vagrantfile:

 config.vm.forward_port "web", 80, 4567

But when I make requests to that port, they fail. The error reported by Safari is 'Safari can’t open the page “http://localhost:4567/” because the server unexpectedly dropped the connection.'

I did a vagrant reload and saw "[default] -- web: 80 => 4567 (adapter 1)" in the scroll, so where should I begin to troubleshoot this? Thanks.

Hank Gay
  • 70,339
  • 36
  • 160
  • 222
  • 1
    What does `curl -v 'http://localhost:4567/'` say? Sometimes Safari is a bit too nice at hiding error messages. – Steve Losh May 12 '11 at 20:46
  • 2
    Also, does `curl 'http://localhost:80'` from the VM itself work? If not, the problem isn't the port forwarding. – Steve Losh May 12 '11 at 20:47
  • 4
    @Steve Losh `curl` from within the VM is working. `curl` from the host gives me `(52) Empty reply from server`. – Hank Gay May 12 '11 at 20:58
  • The vagrant reload help me on similar question... – haudoing Aug 05 '15 at 03:23
  • For me the case was with symfony 3: - when run sudo php bin/console server:run which makes server running on http://127.0.0.1:8000 then I cannot access from web browser, curl in virtual machine accessed. When ran sudo php -S 0.0.0.0:8000 in web directory, I could access http://127.0.0.1:8082/app_dev.php . Do not understand why this happens, but works. – Dariux Apr 08 '16 at 13:30

5 Answers5

275

I wanted to add an additional note that often this is caused by the server within the VM because it binds to 127.0.0.1, which is loopback. You'll want to make sure that the server is bound to 0.0.0.0 so that all interfaces can access it.

Some built-in app servers such as Django's development servers and some Ruby servers default to 127.0.0.1 by default so this is something to watch out for.

Other than that, what Steve said holds true: Make sure it works from within the VM and try some other simple servers to try and figure out if it is a configuration problem.

Mitchell
  • 32,819
  • 6
  • 42
  • 35
81

I'll make this an actual answer instead of just more comments.

First thing: try curl 'http://localhost:80' from within the VM. If that doesn't work, then it's definitely not the port forwarding.

Next: try curl -v 'http://localhost:4567/' from your host machine. Curl might give you a better error message than Safari.

I'd check that there are no firewalls set up restricting access to port 80. The default Vagrant VM (Ubuntu) doesn't come with a firewall set up, but you said you're using something else, so it might be worth it to check.

If that's not it, try making something other than Apache listed on port 80. Python ships with a simple HTTP server you can use -- go to the folder with index.html and run sudo python -m SimpleHTTPServer 80, then try hitting that with curl from both boxes. If that works, then it's probably an Apache configuration issue. I don't have enough experience with Apache to help if that's the case (I use nginx).

Steve Losh
  • 19,642
  • 2
  • 51
  • 44
  • 14
    Basically, I suck at RedHat and `iptables`. I checked to make sure the default policy was `ACCEPT` for incoming connections, but didn't pay attention to RedHat's custom rule chain, which has a catch-all `REJECT` rule as the last rule in the chain. tl;dr I had a firewall in the way and just didn't notice. – Hank Gay May 14 '11 at 12:53
  • Thanks! That sneaky firewall rule is what caused my problems on RHEL 5.5. – Roosh Jun 25 '12 at 15:07
  • I reprint Robert's comment below because it is such a trivial way to check: Run `service iptables stop` as root to quickly rule out a Guest firewall issue. Reenable it later if needed. – Arnaud Meuret May 13 '13 at 10:29
  • 1
    had same issue with a weird centos image; `iptables` was restricting almost everything. I followed this [iptable centos guide](http://wiki.centos.org/HowTos/Network/IPTables) (solution in [section 3 Writing a Simple Rule Set](http://wiki.centos.org/HowTos/Network/IPTables#head-724ed81dbcd2b82b5fd3f648142796f3ce60c730)) and it worked like a charm :) – GabLeRoux May 08 '14 at 18:21
  • for me curl was working inside so i enabled networking in `Vagrantfile` and ran command `vagrant reload` – abhirathore2006 Apr 06 '17 at 10:39
33

I had the same problem on CentOS 6.3 w/ NGINX and found the answer to be in the iptables on the vagrant box.

From bash on the vagrant box, follow these steps:

First list current iptable rules

iptables -L -v

Then flush current rules:

iptables -F

Allow SSH connections on tcp port 22 

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Set default policies for INPUT, FORWARD and OUTPUT chains

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Set access for localhost

iptables -A INPUT -i lo -j ACCEPT

Accept packets belonging to established and related connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Save settings

/sbin/service iptables save

List modified rules

iptables -L -v

Curl localhost:[port#] or hit it in your browser from outside vagrant

More info on CentOS iptable configs found here:

http://wiki.centos.org/HowTos/Network/IPTables

Good luck.

travyo
  • 493
  • 4
  • 5
  • 2
    Thanks for writing this up. I had this same problem on Fedora 18, so it's not specific to CentOS. I hope that helps someone else. :) – Benjamin Oakes Feb 11 '13 at 20:23
  • 4
    This was me on CentOS. `service iptables stop` – Robert Apr 22 '13 at 19:09
  • 2
    `iptables -F` alone did it for me – code_monk Feb 15 '15 at 14:56
  • I found a solid solution to this with some exec commands listed in this blog post to solve this same issue http://techie-notebook.blogspot.com/2014/05/using-puppet-to-open-port-80-through.html I had to replace my path with the ${os_path} sections as I didn't have that variable available. – Joshua Fricke May 22 '16 at 20:16
27

A better solution for me is disabling the firewall

service iptables stop
chkconfig iptables off
edwinallenz
  • 453
  • 5
  • 7
0

I want to add another note like Mitchell as well. if my case I forward it to 6789 from 80

$ curl -v http://localhost:6789

And I got 

<HTML>
<HEAD><TITLE>Redirection</TITLE></HEAD>
<BODY><H1>Redirect</H1></BODY>

Then, I used the IP address instead, it got the correct html message.

Larry Cai
  • 55,923
  • 34
  • 110
  • 156