0

I have a VPS with nginx but no website is working and timeout is sent. When I disable iptables everything is fine. But no idea which rule/s is taking the problem. Any help?

$sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Both 443 and 80 dport and sport rules are new. Tried as read in a website to open the ports with no success.

Improve this question

2 Answers 2

Reset to default
0

The order of the rules is important. The first matching rule will be used. In your case REJECT comes before ACCEPT.

You should consider (generally a good idea) to move a conditionless REJECT to the end of the chain.

Improve this answer
0

REJECT rule in the INPUT chain is matching all incoming packets so it should be placed at the end of your chain. So sequence change will fix the issue :

1- Save the existing iptables

sudo iptables-save > /tmp/iptables.txt

2- Edit the text file to change the order 

sudo vi /tmp/iptables.txt

3- Restore the edited rules 

sudo iptables-restore < /tmp/iptables.txt
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .