Iptables problem with allowing http

Mark Weaver mdw1982 at mdw1982.com
Tue Mar 15 13:40:51 UTC 2005 

Claude Jones wrote:
> At least I think that's the problem, though I can't see why.
> My rules:
> iptables -P INPUT DROP
> iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -p tcp --dport http -m state --state NEW -j ACCEPT
> 
> #to allow ftp?
> #iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
> 
> iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
> iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with 
> icmp-port-unreachable
> 
> iptables -vL results in:
> 
> Chain INPUT (policy DROP 10 packets, 320 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>  397 46790 ACCEPT     all  --  !eth0  any     anywhere             anywhere
> 4435 3628K ACCEPT     all  --  any    any     anywhere             
> anywhere            state RELATED,ESTABLISHED
>    0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            tcp dpt:http state NEW
>    0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state RELATED
>    3   144 REJECT     tcp  --  eth0   any     anywhere             
> anywhere            reject-with tcp-reset
>  116 20550 REJECT     udp  --  eth0   any     anywhere             
> anywhere            reject-with icmp-port-unreachable
>    0     0 ACCEPT     all  --  !eth0  any     anywhere             anywhere
>    0     0 ACCEPT     all  --  any    any     anywhere             
> anywhere            state RELATED,ESTABLISHED
>    0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            tcp dpt:http state NEW
>    0     0 ACCEPT     tcp  --  any    any     anywhere             
> anywhere            state RELATED
>    0     0 REJECT     tcp  --  eth0   any     anywhere             
> anywhere            reject-with tcp-reset
>    0     0 REJECT     udp  --  eth0   any     anywhere             
> anywhere            reject-with icmp-port-unreachable
> 
> Chain FORWARD (policy ACCEPT 35 packets, 7985 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
> 
> Chain OUTPUT (policy ACCEPT 5105 packets, 609K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
> 
> Attempts to connect to my ip via http are being refused with a 
> 'connection refused' - seems like the connection is live, but attempts 
> to connect are rebuffed. Anyone spot something wrong in the above?
> 

check and make sure the apache service is running. this is usually the 
problem when getting this message and you "know" the port is open.

	/sbin/service httpd restart

-- 
Mark
-----------------------------------------------------------
Paid for by Penguins against modern appliances(R)
Linux User Since 1996
Powered by Mandrake Linux 8.2 & RH Fedora Core 3
ICQ# 27816299

More information about the fedora-list mailing list