Open port 80 in CentOS 6.5
I'm trying to open the Port 80 in my CentOS 6.5, on my virtual machine, so I can access the apache from my desktop's browser.
If you take a look at the screenshot above.... I've added the line before the blue arrow, as is written on http://www.cyberciti.biz/faq/linux-iptables-firewall-open-port-80/ Now I do get the apache test page when entering the IP-address in my browser, but still when restarting the iptables, I get a "FAILED" when CentOS tries to apply the new rule.
Does anyone know a solution for this? Or do I need to ignore the failure?
Rather than key the rules in manually you can use
iptablesto add the rules to the appropriate chains and then save them. This will allow you to debug the rules live, confirming they're correct, rather than having to add them to the file like you appear to be doing.
To open port 80 I do this:
$ sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT $ sudo /etc/init.d/iptables save
The last command will save the added rules. This is the rule I would use to open up the port for web traffic.
Why your rule is causing issues
If you notice the rule you're attempting to use:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Has a chain called "RH-Firewall-1-INPUT". If you do not have this chain, or a link from the
INPUTchain to this chain, then this rule will never be reachable. This rule could likely be like this:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
INPUTchain should link to this chain
RH-Firewall-1-INPUTwith a rule like this:
$ sudo iptables --list Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 ....
NOTE: You can see what chains you have with this command:
$ sudo iptables -L| grep Chain Chain INPUT (policy ACCEPT) Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) ...
Also the states might need to be modified so that existing connections are allowed as well.
-A INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 80 -j ACCEPT
Also when you use the
-Aswitch you're appending the rule to chain
INPUT. If there are other rules before it that are blocking and/or interfering with the reaching of this rule, it will never get executed. So you might want to move it to the top by inserting rather than appending, like this:
-I INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 80 -j ACCEPT
Using the GUI
Firewalls can be complicated beasts. So you might want to try the TUI instead (TUI's are GUI's for the terminal).
$ sudo system-config-firewall-tui
You can then go through the various screens setting up
The last rule deleted all previous rules in my iptables file and added just the one above (sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT). Now I cannot access the apache page from my browser anymore, either.
@ErikVandeVen - sorry I didn't make that clearer. The other rules that you had would either need to be added in this same manner and saved (at the sam time), or you can go to the file `/etc/sysconfig/iptables` and add them. Your original entries should be in this file, `/etc/sysconfig/iptables.save`.
Thanks, I was able to restore iptables by copying the iptables.save. But I still wasn't able to add the rule without getting a failure and being able to open the apache test page within my browser, at the same time. I'll take a look at the tutorial whcih riclags has posted, first :)
Man, i totally didnt get why this answer received any single like yet. Excellent detailed reply. Consider my one like as thousand thanks.