iptables help for http and https

Issues related to configuring your network
Post Reply
kynrek
Posts: 1
Joined: 2019/04/01 03:37:59

iptables help for http and https

Post by kynrek » 2019/04/01 03:42:17

I am trying to reconfigure httpd my virtual private server but I cannot seem to access it. curl on the server itself works but trying to hit the server using chrome gives a "this site took too long to respond" error message.

My vps has centos 7 but oddly it has iptables and not firewalld installed

this is the contents of my /etc/sysconfig/iptables file, do I need to change something to allow http on port 80 and https on 443?

Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*raw
:PREROUTING ACCEPT [654:52805]
:OUTPUT ACCEPT [577:72088]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*mangle
:PREROUTING ACCEPT [654:52805]
:INPUT ACCEPT [654:52805]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [577:72088]
:POSTROUTING ACCEPT [577:72088]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:9111]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*nat
:PREROUTING ACCEPT [392:22692]
:POSTROUTING ACCEPT [14:1008]
:OUTPUT ACCEPT [14:1008]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables help for http and https

Post by TrevorH » 2019/04/01 08:10:30

-A INPUT -j REJECT --reject-with icmp-host-prohibited
See that line? It stops all processing and rejects anything that hasn't been accepted by htta point. All rules after it are ignored.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply