Open port 80 in CentOS 6.5

Rather than key the rules in manually you can use iptables to add the rules to the appropriate chains and then save them. This will allow you to debug the rules live, confirming they're correct, rather than having to add them to the file like you appear to be doing.

To open port 80 I do this:

$ sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ sudo /etc/init.d/iptables save

The last command will save the added rules. This is the rule I would use to open up the port for web traffic.

Why your rule is causing issues

If you notice the rule you're attempting to use:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Has a chain called "RH-Firewall-1-INPUT". If you do not have this chain, or a link from the INPUT chain to this chain, then this rule will never be reachable. This rule could likely be like this:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Or your INPUT chain should link to this chain RH-Firewall-1-INPUT with a rule like this:

$ sudo iptables --list
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
....

NOTE: You can see what chains you have with this command: 

$ sudo iptables -L| grep Chain
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
...

Also the states might need to be modified so that existing connections are allowed as well.

-A INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 80 -j ACCEPT

Also when you use the -A switch you're appending the rule to chain INPUT. If there are other rules before it that are blocking and/or interfering with the reaching of this rule, it will never get executed. So you might want to move it to the top by inserting rather than appending, like this:

-I INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 80 -j ACCEPT

Using the GUI

Firewalls can be complicated beasts. So you might want to try the TUI instead (TUI's are GUI's for the terminal).

$ sudo system-config-firewall-tui

You can then go through the various screens setting up iptables rules.

            ss #1

            ss #2

References

  • Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

Tags:

Centos

Iptables

Apache Httpd

Recent Posts