open port 80 (iptables)

[Roxxor]

I have started to read about firewalls. Now I want to open port 80, and I have this line in my firewall:

[peka]

this my sound silly, but:
did you apply your new rules after changing them? i.e. did you run the script file in which you store your firewall script?
did you restart iptables? i.e. did you do /etc/init.d/iptables restart?

run iptables --list to see what;s applied
_________________
p3k4

Seize the time, Meribor. Live now; make now always the most precious time. Now will never come again...
Jean-Luc Picard, Star Trek TNG - The Inner Light

[Roxxor]

Yes.

Look, this is the output I get when I try to write this command directly in console:

[ter_roshak]

You have to define $INTERFACE with a valid interface on your system if you are going to run this from the console. Something to the effect of 'export INTERFACE=eth0' or something like that. Otherwise, this is a good command.

[jamapii]

$INTERFACE isn't set, so your test can't work. But it's set in the script, your script must have a different problem.

You need either INPUT *and* OUTPUT or FORWARD rules (maybe not all of them if you use STATEFUL), it depends whether you are on the router or on the real server. If you need DNAT, you need the DNAT rule to do the NAT and a FORWARD rule to allow the traffic.

Do you ever -j STATEFUL (jump to the STATEFUL chain)?

[corley]

well, you have a few things wrong..
Actually there is a typo in your iptables, which is why you have an error. The reason port 80 is still unaccessable is because you need to change the order some of these rules are being applied I would imagine. With long rules like you have covering the 'gamit' you can't just come in later and type a rule like that and expect it to work. IPTABLES and others go on a first come first serve basis.. so you really have to think about the order you want your rules to be in. I would suggest starting off with a much simpler set of firewall rules. and get it going first, then start adding in all the other stuff.