CentOS – Unable to Create Rule in IPTables to Open Port 80

centosiptables

I'm trying to open port 80 in iptables but am running into a couple issues. I am running CentOS 5.7.

First I tried to run this command:

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

But I received an error saying:

iptables: command not found

So I then ran the same command but with sbin added:

/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Now I receive this error:

iptables: No chain/target/match by that name

Thanks in advance for any help that can be provided.

Best Answer

If you ran service iptables stop as someone suggested in the other Question you posted, then all iptables rules have been flushed, and there is no "RH-Firewall-1-INPUT" chain.

Assuming you're using the default firewall, do service iptables start. Run iptables -n --list as Zoredache suggests to verify that a chain named "RH-Firewall-1-INPUT" exists. If so, then the command you've shown should work. Run service iptables save afterwards to save it to the config file, so it will be there on the next reboot.

If there is no "RH-Firewall-1-INPUT" chain, the edit your question to show the results of the iptables -n --list, and we can proceed from there.

Related Solutions

Linux – iptables port forward forwarding

You're sending the traffic to 10.52.208.221. Given the config you posted, your problem is the webserver, not the firewall. Your rules look to be correct. FORWARD and INPUT are redirected to RH-Firewall-1-INPUT where your first rule is to allow all traffic. As somebody else pointed out, you could be allowing all traffic on eth1, while the world is actually coming in eth0. Secondary, you have to NAT the traffic as it goes back out to the world

iptables --table nat --append POSTROUTING --proto tcp --dport 80 --jump MASQUERADE -o OUT_INTERFACE

Your traffic originating from the router will never hit the input or forward chains, but instead traverse the output chain on to the webserver. Other systems in that subnet will similarly go directly to the webserver. Systems out on the world at large however will traverse the INPUT / FORWARD chains and need SNAT as well as DNAT so that it appears to the world to be one machine. You still cannot test from within your network. you must test from the opposite interface from the webserver. Get me your IP addresses and I'll point you to the proper configs.

Linux – Unable to make outbound SNMP connections when IPTables is enabled

You must put

ACCEPT     udp  --  anywhere             anywhere            udp spts:snmp:snmptrap dpts:1024:65535 state ESTABLISHED

before RH-Firewall-1-INPUT because of on RH-Firewall-1-INPUT rules there is REJECT on the end of line, the iptables read from top to down.

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination
 1 RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 2 ACCEPT     udp  --  anywhere             anywhere            udp spts:snmp:snmptrap dpts:1024:65535 state ESTABLISHED

If you want to add using command line, you can use:

 iptables -I OUTPUT 1 -p udp -s 0/0 --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -I INPUT 1 -p udp -s 0/0 --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

It should be like:

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination
 1 ACCEPT     udp  --  anywhere             anywhere            udp spts:snmp:snmptrap dpts:1024:65535 state ESTABLISHED
 2 RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Best Answer

Related Solutions

Linux – iptables port forward forwarding

Linux – Unable to make outbound SNMP connections when IPTables is enabled

Related Topic