I tried to install an Apache web server on one of the RedHat Enterprise Linux machine and it happened that, after the installation, the web server is running but inaccessible. The web browsers replied that the Apache server took too long time to respond. One possible reason of this to happen is the iptables configuration. Unfortunately, I was incapable of using iptables, so this writing is showing what I did to get the iptables configured.
First, I looked for a clue from `init.d` directory.
[root@xxxxxxx init.d]# pwd /etc/init.d [root@xxxxxxx init.d]# cat iptables #!/bin/sh # # iptables Start iptables firewall # # chkconfig: 2345 08 92 # description: Starts, stops and saves iptables firewall # # config: /etc/sysconfig/iptables # config: /etc/sysconfig/iptables-config # Source function library. . /etc/init.d/functions IPTABLES=iptables ... ... and so on... ...
Get the “clue” in the comment? Second, I went to `/etc/sysconfig/` to look for `iptables`, and I seek for another clue.
[root@xxxxxxx sysconfig]# ls -l | grep iptables -rw------- 1 root root 949 Apr 28 14:59 iptables -rw-r--r-- 1 root root 1763 Apr 28 14:59 iptables-config [root@xxxxxxx sysconfig]# cat iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
Bulls eye! Get the “clue”? Third, I executed `system-config-securitylevel`. I clicked on the Customize.
âââââââââââââ⤠Firewall Configuration ââââââââââââââ
â â
â A firewall protects against unauthorized â
â network intrusions. Enabling a firewall blocks â
â all incoming connections. Disabling a firewall â
â allows all connections and is not recommended. â
â â
â Security Level: (*) Enabled ( ) Disabled â
â â
â SELinux: Enforcing â
â Permissive â
â Disabled â
â â
â ââââââ âââââââââââââ ââââââââââ â
â â OK â â Customize â â Cancel â â
â ââââââ âââââââââââââ ââââââââââ â
â â
â â
ââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââââââââââââââââââ⤠Firewall Configuration - Customize âââââââââââââââââââ
â â
â You can customize your firewall in two ways. First, you can select â
â to allow all traffic from certain network interfaces. Second, you â
â can allow certain protocols explicitly through the firewall. Specify â
â additional ports in the form 'service:protocol', such as 'imap:tcp'. â
â â
â Trusted Devices: [ ] eth1 [ ] eth0 â
â â
â MASQUERADE Devices: [ ] eth1 [ ] eth0 â
â â
â [*] SSH [ ] Telnet [ ] FTP â
â Allow incoming: [*] WWW (HTTP) [ ] Samba [ ] Mail (SMTP) â
â [ ] Secure WWW (HTTPS) [ ] NFS4 â
â Other ports _________________________ â
â â
â ââââââ â
â â OK â â
â ââââââ â
â â
â â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
I ticked the WWW (HTTP), clicked ok twice and… done!
Craeser 
Posted on April 28, 2009
0