Re: Iptables problem with allowing http

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Claude Jones wrote: 
At least I think that's the problem, though I can't see why.
My rules:
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport http -m state --state NEW -j ACCEPT

#to allow ftp?
#iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT

iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable

iptables -vL results in:

Chain INPUT (policy DROP 10 packets, 320 bytes)
pkts bytes target prot opt in out source destination
397 46790 ACCEPT all -- !eth0 any anywhere anywhere
4435 3628K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED
3 144 REJECT tcp -- eth0 any anywhere anywhere reject-with tcp-reset
116 20550 REJECT udp -- eth0 any anywhere anywhere reject-with icmp-port-unreachable
0 0 ACCEPT all -- !eth0 any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED
0 0 REJECT tcp -- eth0 any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- eth0 any anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 35 packets, 7985 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 5105 packets, 609K bytes)
pkts bytes target prot opt in out source destination

Attempts to connect to my ip via http are being refused with a 'connection refused' - seems like the connection is live, but attempts to connect are rebuffed. Anyone spot something wrong in the above?


check and make sure the apache service is running. this is usually the problem when getting this message and you "know" the port is open.

	/sbin/service httpd restart

--
Mark
-----------------------------------------------------------
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & RH Fedora Core 3
ICQ# 27816299

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux