Apache 2.4.6 on port 8080

[jrgt_1976]

Hi everyone! First timer here and as a centos user.

I've been reading a lot in this forum about opening ports on apache but I seem to be far from succeed.
I already had my webserver active with default port 80. Since I need to make some tests with another port I started to read how to do it.
The thing is that I already have access inside my LAN with 8080 port but from the outside the port appears closed. I want to think is a modem-router issue but I want to be sure that I'm not doing something wrong.

I already checked the httpd.conf= Listen 8080 , ServerName localhost:8080
commands used:
netstat -nlp | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 22977/httpd
tcp6 0 0 :::443 :::* LISTEN 22977/httpd
semanage port -l | grep -w http_port_t
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
netstat -anp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 26003/httpd
nmap -sT -O localhost
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
3306/tcp open mysql
8080/tcp open http-proxy

Already added port 8080 to firewalld and when stoped used IPTABLES. Everything seems to be right, what am I missing?
This is outside my network, inside I get access on any port I want, 8090, 8080.

Appreciate your time & comments.

[TrevorH]

This looks like a firewall problem to me. Pick one of firewalld OR iptables services and stick with it. You cannot mix and match the two. If you are using firewalld then run firewall-cmd --add-port=8080/tcp to add it to the active rules - the port should be open immediately. Now if it works, run the same command again but add --permanent to make the change ... permanent. If you're using iptables then you need to insert a new rule at a point in the ruleset prior to the final --j REJECT rule on the INPUT chain (if you -A append then it will go after the -j REJECT rule and will never be run) - something like iptables -I INPUT 99 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT (99 is the line number on the rules, pick a position in the chain before the end).

[jrgt_1976]

Thanks a lot Trevor for you post.
I already did all that before I decided to subscribe to this forum and the only door that remains closed is from the outside of my network, usin port 8080.
Inside my LAN there is no issue. Even thouh, I will try again using firewalld only (actually I've tried both separately and never at the same time) but I gotta say that the instructions you provide already have been done.

Thanks again and I'll let you know if I succeed.

[jrgt_1976]

# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh http https dhcp
ports: 80/tcp 80/udp 7000/tcp 7000/udp 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports: 8080/tcp
icmp-blocks:
rich rules:
I'm starting to guess that the problem comes from my very basic ISP modem-router.If this is an issue with firewall on CentOS, my local windows machine could not connect to it. Any other suggestions?

[TrevorH]

So you can connect to it from the localhost? And can you connect to it from another machine on the same subnet as well? The only problem is people on the other side of your ISP connection? Is that correct?

Be aware that some ISPs block server ports like 80/8080/25 etc as it's against their T&Cs to run servers on domestic connections. If they don't block it then perhaps you haven't set up the port forwarding rules correctly on the router.

[jrgt_1976]

Yes, I think there's something foggy with the ISP. The rules I already set to the ports 80 and 22 are working just fine, the user settings like 8080 or any other non standard port isn't working.
Well, thanks for your help!

[TrevorH]

Well, that's odd as that's the exact opposite symptoms to those you'd get on most ISPs where they block the server ports like 25 and 80 to stop people from running web servers etc and to force them onto a "business" connection if they have a real requirement.