iptables help for http and https

Issues related to configuring your network
Post Reply
kynrek
Posts: 1
Joined: 2019/04/01 03:37:59

iptables help for http and https

Post by kynrek » 2019/04/01 03:42:17

I am trying to reconfigure httpd my virtual private server but I cannot seem to access it. curl on the server itself works but trying to hit the server using chrome gives a "this site took too long to respond" error message.

My vps has centos 7 but oddly it has iptables and not firewalld installed

this is the contents of my /etc/sysconfig/iptables file, do I need to change something to allow http on port 80 and https on 443?

Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*raw
:PREROUTING ACCEPT [654:52805]
:OUTPUT ACCEPT [577:72088]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*mangle
:PREROUTING ACCEPT [654:52805]
:INPUT ACCEPT [654:52805]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [577:72088]
:POSTROUTING ACCEPT [577:72088]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:9111]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Mar 27 19:30:55 2019
# Generated by iptables-save v1.4.21 on Wed Mar 27 19:30:55 2019
*nat
:PREROUTING ACCEPT [392:22692]
:POSTROUTING ACCEPT [14:1008]
:OUTPUT ACCEPT [14:1008]
COMMIT
# Completed on Wed Mar 27 19:30:55 2019

User avatar
TrevorH
Forum Moderator
Posts: 26133
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables help for http and https

Post by TrevorH » 2019/04/01 08:10:30

-A INPUT -j REJECT --reject-with icmp-host-prohibited
See that line? It stops all processing and rejects anything that hasn't been accepted by htta point. All rules after it are ignored.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply