deklinm
asked on
CentOS Open a Port
I am trying to open port 80 & 443 to everyone. My et/sysconfig/iptables looks like:
# Generated by iptables-save v1.3.5 on Tue Mar 20 19:14:47 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [133643:8702644]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Mar 20 19:14:47 2012
"/etc/sysconfig/iptables" 23L, 1071C
When i test the ports with a port query tool it tells me they are not open. What did i miss?
# Generated by iptables-save v1.3.5 on Tue Mar 20 19:14:47 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [133643:8702644]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Mar 20 19:14:47 2012
"/etc/sysconfig/iptables" 23L, 1071C
When i test the ports with a port query tool it tells me they are not open. What did i miss?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start up Apache and run the port scan again.
What about IPTables and Firewall? Are they running?
Your syntax seems correct.
First make sure you start up whatever is going to be connecting to port 80. Then verify that the system is listening on port 80 using:
netstat --listen -an | awk '/LISTEN/ && /:80 / && /tcp/'
Now run your port scan. Since it's a tcp port scan, it requires a response to be considered 'up' and therefore it needs to have traffic allowed in addition to a listening service on that server's port 80.
First make sure you start up whatever is going to be connecting to port 80. Then verify that the system is listening on port 80 using:
netstat --listen -an | awk '/LISTEN/ && /:80 / && /tcp/'
Now run your port scan. Since it's a tcp port scan, it requires a response to be considered 'up' and therefore it needs to have traffic allowed in addition to a listening service on that server's port 80.
ASKER
Apache is not running