Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello.
I have a webserver that works fine (localhost and local ip), but when I want to acces it from its public ip, it doesnt work.
I tried eveything, it just doest work. Only if I stop iptables, it starts to work.
I`m using CentOS 6.5 x86
Maybe its from a port forwarding or it doesnt allow to communicate to www. Please explain me how to solve this. (I`m new).
Well, if it works when you clear the iptables setup, that must be where the problem is. I guess you'd better find the rules causing the problem, and remove or change them.
If you'd like some help with that, please post your current iptables ruleset. After all, most of us aren't clairvoyant.
(The output from iptables-save would be ideal. Please put it in [code] tags, as it makes it easy to read.)
Perfect. It seems the default ruleset allows ICMP (ping) and incoming SSH (for remote administration), but nothing else. I've added some highlighted rules that would permit incoming traffic to the webserver on ports 80 and 443. (If you only use one of those ports, remove the rule you don't need.)
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9023:7887709]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
To add these rules, you could do one of the following:
Save the above to a file, run iptables-restore < filename to load the rules into memory, verify that they work, and then save everything with /sbin/service iptables save
Run the following commands in sequence, which will add rules 5 and 6 to the existing ruleset and then save:
iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
/sbin/service iptables save
(Again, you may want to verify that everything works properly before entering that last "save" command.)
Edit the file /etc/sysconfig/iptables, which I believe contain the iptables ruleset on CentOS systems
Locate the CentOS GUI for editing firewall settings and add the rules from there
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
