I am running Apache/2.2.15 on Centos 6.6.
I have a Verizon router and checked the port forwarding and saw
WorkstationName 192.168.1.6 HTTPS TCP Any -> 443 All Broadband Devices Active
I went to the command line and entered
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
I also entered
sudo netstat -anltp | grep LISTEN
and got
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1462/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2297/sshd
tcp 0 0 :::443 :::* LISTEN 2340/httpd
tcp 0 0 :::80 :::* LISTEN 2340/httpd
tcp 0 0 :::22 :::* LISTEN 2297/sshd
However, when I enter my website name (which works fine with http) as follows
https://websitename.com
it just hangs. I then go to http://www.mynetworktest.com/ports.php and click on
Test https – Port 443
and get
Port 443 is not open on my.ip.addre.ess
sudo iptables -L -n
gives
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 192.168.1.1 0.0.0.0/0 tcp flags:!0x17/0x02
ACCEPT udp -- 192.168.1.1 0.0.0.0/0
ACCEPT tcp -- 151.198.0.38 0.0.0.0/0 tcp flags:!0x17/0x02
ACCEPT udp -- 151.198.0.38 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 192.168.1.255
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
LSI all -f 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
INBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
DROP all -- 69.84.207.246 0.0.0.0/0
DROP all -- 69.84.207.246 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.1.4 192.168.1.1 tcp dpt:53
ACCEPT udp -- 192.168.1.4 192.168.1.1 udp dpt:53
ACCEPT tcp -- 192.168.1.4 151.198.0.38 tcp dpt:53
ACCEPT udp -- 192.168.1.4 151.198.0.38 udp dpt:53
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
OUTBOUND all -- 0.0.0.0/0 0.0.0.0/0
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
DROP all -- 0.0.0.0/0 69.84.207.246
DROP all -- 0.0.0.0/0 69.84.207.246
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LSI all -- 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Best Answer
The fact is that you added the rule that allows port 443 at the end of the
INPUT
chain.But you have a previous rule that drops everything :
With
iptables
rules order matters!Use
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
to put the rule at the beginning of yourINPUT
chain.The
-A
flag (Append) adds the rule at the end of the specified chain, which is not what you want here.