Installation

Trouble with iptables script (ww_install script)

Trouble with iptables script (ww_install script)

by Miguel-Angel Manrique -
Number of replies: 1
Hello,

I have tried running the script iptables_rules.sh from ww_install github. I am unable to access the webwork server after the script has run. When I run 'iptables -F' webwork load very nicely.

Here is my current iptables:

-----------

[root@somedomain ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

-----------

Besides allowing port 80, what exactly do I need to enable? I need to SSH into the server from any IP address and also send email from the server..

The server is running CentOS 7 on a VPS that I am personally renting... so I have full control of the server. I used the ww_install script.

Thank you all!
In reply to Miguel-Angel Manrique

Re: Trouble with iptables script (ww_install script)

by Danny Glin -
It looks like iptables_rules.sh has the name of the network interface hard-coded as eth0. You could try changing all mentions of eth0 to the name of your interface if you want to use the script, though I suspect the script has not been very well tested.

In answer to your question, I believe you only need to allow port 80 (and 443 if you want to use https). I believe that this is the command you want:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
(repeat for port 443 if desired). Note you will have to save these rules in configuration (put everything from "-A..." onward into /etc/sysconfig/iptables) if you want them to be loaded when iptables starts.

Note also that by default CentOS 7 uses firewalld to manage firewall rules, which sits on top of iptables. If firewalld is running, then it's a bad idea to edit iptables rules directly, as firewalld will likely blow away any changes you make.

Based on your iptables rules it looks like you've already disabled firewalld in favour of just iptables. It also looks like you're allowing all incoming traffic with "ACCEPT all -- anywhere anywhere". I'm assuming this is just during the debugging phase. You should be able to replace this with rules allowing incoming traffic on ports 22, 80 and maybe 443.