I have iptables config like this:
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
Also, I have apache virtual host:
<VirtualHost *:80>
ServerName wiki.myite.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8901/
ProxyPassReverse / http://localhost:8901/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
My primary domain www.mysite.com is working well with this configuration (I don't use proxy redirect on it). But my virtual host wiki.mysite.com is not responding.
Please, help me to setup iptables config to allow wiki.mysite.com working too. I think, I need to setup iptables FORWARDING options, but I don't know how.
update:
I have 1 server with 1 IP. On server I have apache2.2 on 80 port. Also I have tomcat6 on 8901 port. In apache I setup to forwarding domain wiki.mysite.com to tomcat (mysite.com:8901).
I want to secure my server by disabling all ports, except 80, 22 and 443.
Best Answer
Well, if you're redirecting to port 8901 and you haven't marked your lo interface as "trusted" by accepting all from it, then you're probably just blocking yourself at your own firewall.
Assuming you've set up the site to correctly listen at 8901, you should add another line:
Or just add:
So your machine will know to accept localhost packets on all ports.