website is not loading

acid_kewpie · 12-04-2011, 10:34 AM

Stop listing commands you have executed, start actually showing us the current iptables ruleset in place.

agriz · 12-04-2011, 10:43 AM

Quote:

Originally Posted by acid_kewpie

Stop listing commands you have executed, start actually showing us the current iptables ruleset in place.

Cool!

Here are the results of iptables -L

Quote:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:xx state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:xx state ESTABLISHED

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:xx state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:xx state NEW,ESTABLISHED

XX is the new port number of sshd.
If it is not secured rules, kindly post the rules which i should use on the server which is just used for website

Thanks

acid_kewpie · 12-04-2011, 12:33 PM

OK, so yet again, I'll say you need default rules alreadyon this thread to allow standard outbound connections etc. and please use "iptables -vnL"

and I can promise you no one here cares in the slightest what your SSH port is. I will say though that as you've got "xx" as the source AND destination port in both directions, it does suggest you don't really understand what's going on as much as you really should.

agriz · 12-04-2011, 01:35 PM

Quote:

Originally Posted by acid_kewpie

I will say though that as you've got "xx" as the source AND destination port in both directions, it does suggest you don't really understand what's going on as much as you really should.

I too suspect that. But i was afraid to add it in one direction.
I believe the input rule is important to make ssh to the server.

The outbound rule might be saying that i want to ssh to another server using that port which is not required.
But As you know, I am not an expert and I really don't want to get blocked from sshing again.

unSpawn · 12-04-2011, 07:53 PM

Best run '/sbin/iptables-save > /tmp/iptables.rules' as root and then attach the plain text file.