I'm setting up a new web server with CentOS 6.2 and am not able to connect via the web. Everything looks set up correctly in httpd.conf
and Apache is running, so I'm assuming it's an iptables issue.
Is there anything in the following which could be causing the issue?
EDIT: If i stop iptables, I can connect fine, so must be something needing tweaked in the below. I've already run iptables -A INPUT -p tcp --dport 80 -j ACCEPT
and saved and restarted iptables but made no difference
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Following advice in answer below:
[root@staging ~]# iptables -N TCP
[root@staging ~]# iptables -A TCP -p tcp --dport 80 -j ACCEPT
[root@staging ~]# iptables-save > /etc/iptables/iptables.rules
-bash: /etc/iptables/iptables.rules: No such file or directory
[root@staging ~]# iptables-save
# Generated by iptables-save v1.4.7 on Thu Nov 8 14:09:09 2012
*filter
:INPUT ACCEPT [91:7480]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [70:6556]
:TCP - [0:0]
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
# Completed on Thu Nov 8 14:09:09 2012
[root@staging ~]# iptables-restore
^C
[root@staging ~]# service iptables start
iptables: Applying firewall rules: [ OK ]
Further edit: iptables-save showed nothing as I ran it after I'd stopped iptables! So here's the output:
# iptables-save
# Generated by iptables-save v1.4.7 on Thu Nov 8 14:39:10 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28:3344]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Nov 8 14:39:10 2012
iptables-save
?iptables-save
doesn't show any output, this means there are no active rules? Can you executeiptables --version
,iptables -S
,lsof -i | grep http
anduname -a
and post it? I've set upiptables
as described on a test computer running Apache and could access port 80, which makes sense, because rule 3 in the input chain accepts all traffic. Maybe the web server has more than one network card (or more than one IP address) and the forward chain comes into play?iptables
altogether, does it work again? And again a bit I'm missing, does the web server have more than one IP address (check it withip address
orifconfig
? The output of commandsiptables --version
,iptables -S
,lsof -i | grep http
anduname -a
could also be helpful.