Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-29-2014, 11:36 AM
|
#1
|
LQ Newbie
Registered: Jan 2014
Distribution: CentOS 6.5
Posts: 2
Rep:
|
iptables webserver problem
Hello.
I have a webserver that works fine (localhost and local ip), but when I want to acces it from its public ip, it doesnt work.
I tried eveything, it just doest work. Only if I stop iptables, it starts to work.
I`m using CentOS 6.5 x86
Maybe its from a port forwarding or it doesnt allow to communicate to www. Please explain me how to solve this. (I`m new).
THANKS!!!
|
|
|
01-29-2014, 11:57 AM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Well, if it works when you clear the iptables setup, that must be where the problem is. I guess you'd better find the rules causing the problem, and remove or change them.
If you'd like some help with that, please post your current iptables ruleset. After all, most of us aren't clairvoyant.
(The output from iptables-save would be ideal. Please put it in [code] tags, as it makes it easy to read.)
|
|
|
01-29-2014, 12:29 PM
|
#3
|
LQ Newbie
Registered: Jan 2014
Distribution: CentOS 6.5
Posts: 2
Original Poster
Rep:
|
Thanks for replying Ser. I`m new to all of the linux world, so...
It`s the default iptables (fresh install)
Code:
# Generated by iptables-save v1.4.7 on Wed Jan 29 19:28:10 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9023:7887709]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jan 29 19:28:10 2014
Last edited by NicK2oo6; 01-29-2014 at 12:34 PM.
|
|
|
01-29-2014, 02:46 PM
|
#4
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Perfect. It seems the default ruleset allows ICMP (ping) and incoming SSH (for remote administration), but nothing else. I've added some highlighted rules that would permit incoming traffic to the webserver on ports 80 and 443. (If you only use one of those ports, remove the rule you don't need.)
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9023:7887709]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
To add these rules, you could do one of the following: - Save the above to a file, run iptables-restore < filename to load the rules into memory, verify that they work, and then save everything with /sbin/service iptables save
- Run the following commands in sequence, which will add rules 5 and 6 to the existing ruleset and then save:
- iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
- iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
- /sbin/service iptables save
(Again, you may want to verify that everything works properly before entering that last "save" command.)
- Edit the file /etc/sysconfig/iptables, which I believe contain the iptables ruleset on CentOS systems
- Locate the CentOS GUI for editing firewall settings and add the rules from there
|
|
|
All times are GMT -5. The time now is 10:45 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|