Hi,

I have just set up a small server with a static ip address on the net. It is running Redhat 7.3. I am having a problem with my firewall. I can't access web pages on it from an external computer elsewhere on the internet.

I have this line in my firewall:

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

What do I have to do to my firewall to allow web page access from remote computers? I am also having the same problem with smtp(25) and pop(110).

Any help would be greatly appreciated.

Thanks,

Steve Quartly.
(Soory I haven't shown my complete firewall script, but I don't currently have acces to my system. If need be I can post it tonight.)

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
looks fine to me, but I have some questions first:
are you surfing to an IP address or your website name?
do you have DNS set up correctly?
Are you running your server thru an ISP? Sometimes they block port 80, you may want to try another port.
I'm not sure if TUX is included in RH 7.*, but I had problems with configuration in TUX when I was trying to run a server with RH8.0.
HTH

Thanks for the reply,

>looks fine to me, but I have some questions first:
>are you surfing to an IP address or your website name?

I'm surfing to a website name.

>do you have DNS set up correctly?

Yes, I'm pretty sure I have because I can surf to any of my virtual hosts with the firewall down.

>Are you running your server thru an ISP? Sometimes they block >port 80, you may want to try another port.

I don't think this is the case because it wouldn't work at al. Currently if the firewall is down, everything works fine!

>I'm not sure if TUX is included in RH 7.*, but I had problems with >configuration in TUX when I was trying to run a server with >RH8.0.

Sorry, I'm not familiar with TUX?

Steve

i have used this firewall before in iptables and it works great. make sure you read all the install how-to.

giptables is a very good firewall. just wanted to drop you a line and see if it would make things easier for you.

http://www.giptables.org

Thanks for the URL...

I'll have a look at it.

Steve

you might want to try these..
the first can stop DOS attacks on the server,
the second will allow new connection for the web page but only a few requests at a time.

the next 3 allow access to port 80, 25 & 110
the dport is the destination port.


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT