Stefan, I checked my iptables and found that only dpt port 80 was enabled. I added spt to port 80. Also, to use svn commando to apache.org, I opened both -dport and -sport on 3690.
After saving itables and restarting it, I tried "svn co http://svn.apache.org/repos/asf/subversion/trunk subversion" again on the server, but it failed with the message "svn: OPTIONS (URL: 'http://svn.apache.org/repos/asf/subversion/trunk'): Could not read status line:(http://svn.apache.org)". Nothing has changed. Let me show my iptables list here. I add SERVICE chain to make it manage easily. Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- 10.0.0.0/8 anywhere DROP all -- 172.16.0.0/12 anywhere DROP all -- 192.168.0.0/16 anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere state NEW tcp flags:!FIN,SYN,RST,ACK/SYN SERVICE tcp -- anywhere anywhere state NEW Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain SERVICE (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:10022 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpts:50000:50030 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp spt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT tcp -- anywhere anywhere tcp dpt:svn ACCEPT tcp -- anywhere anywhere tcp spt:svn Would you please have a look at this list? And if you find my mistakes, let me know please. Thanks in advance, Masaru On 2012/06/05, at 18:55, Stefan Sperling wrote: > On Tue, Jun 05, 2012 at 06:42:46PM +0900, Masaru Kitajima wrote: >> I'm not sure if I have a connection problem. As "Yum" and "wget" >> works well on the server. And I can connect to the server using >> HTTP, FTP, and SSH. > > If I understood correctly you are having trouble connecting *from* > the server to svn.apache.org, and that you can connect fine to > svn.apache.org from another machine. Or did I misunderstand? > >> And I'm not behind any proxies. Only one thing which is different >> is that it's a VPS. But the VPS has a global IP address and I can >> configure almost everything. > > Maybe something between svn.apache.org and the VPS is interfering? > Maybe your iptables rules on the VPS are somehow blocking or breaking > outgoing http connections? > > I hope you'll find out what's wrong. I cannot think of anything > else to suggest :( > >> Ah, I'm really confusing. Is there any specific port I should open >> using iptables for Subversion HTTP connection besides 80? > > Subversion uses just port 80 for HTTP. > > BTW, I'm getting occasional bounces when sending replies to your posts: > > Final-Recipient: RFC822; kitaj...@prime-kobo.com > Action: failed > Status: 4.4.7 > Remote-MTA: DNS; prime-kobo.com > Diagnostic-Code: SMTP; 451 4.3.5 Server configuration error > Last-Attempt-Date: Tue, 5 Jun 2012 11:31:05 +0200 > > I don't know what this means and if it is related to the Subversion trouble > you're having.
