Cannot open port 8080

I'm running a VmWare with an application under JBoss starting up on port 8080. I'm able to access the app from outside the VM if the iptables are off.

However, I must turn on iptables due to some rules, but I couldn't open port 8080. I tried: -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT and -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT but no success.

Output of netstat -tulpn with iptables rule:

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 6617/java

What am I missing here?

Thanks!

It's not working yet, when I execute service iptables save it's going to /etc/sysconfig/iptables. This is what I got now: [root@devsrvr ~]# more /etc/sysconfig/iptables *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [23:1780] :OUTPUT ACCEPT [23:1780] -A PREROUTING -d 172.17.38.10 -p tcp -j DNAT --to-destination 192.168.38.129 COMMIT *filter :INPUT ACCEPT [151:22125] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [275:33909] -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT COMMIT

I've just found out that the rule iptables -t nat -A PREROUTING --dst 172.17.38.10 -p tcp -j DNAT --to-destination 192.168.38.129 is doing that. Any idea of how can I have that rule and also access through port 8080?

As your default policies all appear to be "ACCEPT", I can't see any reason why this is not working. I'm guessing you have dropped the rest of the firewall and it works now ? If so, what does it look like with the Firewal on ? If the firewall is meant to be like this, what does the firewall on the VM show ?

You write "You have probably APPENDED the rule to the table after a policy that denies access. You should try INSERTING the rule" <---From the little I know of iptables, if a policy denies access, then appending a rule should work.It doesn't matter if the accept rule is first or last..The only time appending a rule might not work is if there is a deny rule before it.But I don't think there should be.. AFAIK(not much) i'd guess the only normal/useful configurations are blacklists and whitelists so with a policy of deny, the rules should be only accept. And appending or inserting won't matter

There may be a rule missing allowing established connections through, so maybe also "iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" may be needed to match the returning traffic. @barlop - Rule order is important when using IPTABLES, if traffic matches a drop rule before its matched, it will be dropped at that point. Rules are processed in order they are added, with -I adding them at the beginning and -A adding them at the end.

@davidgo Re ur comment,I know that order can make a difference, and your -I idea and ESTABLISHED,RELATED idea is good(though a mystery what isn't going through).But the line you wrote in your post was as if appending a rule to a table after a policy that denies access, was a problem.When perhaps u meant appending a rule to a table after a rule that denies. (then regardless of policy,it won't work ./ will be denied). Bear in mind that as you know.. rules are followed then the policy. BTW you may mean -I INPUT 1 since -I is insertion(and anywhere), rather than prepending. You missed the 1`.