iptables configuration to work with apache2 mod_proxy
Well, if you're redirecting to port 8901 and you haven't marked your lo interface as "trusted" by accepting all from it, then you're probably just blocking yourself at your own firewall.
Assuming you've set up the site to correctly listen at 8901, you should add another line:
iptables -A INPUT -p tcp --dport 8901 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8901 -j ACCEPT
Or just add:
iptables -A INPUT -i lo -j ACCEPT
So your machine will know to accept localhost packets on all ports.
Related videos on Youtube
Admin
Updated on September 17, 2022Comments
-
Admin over 1 year
I have iptables config like this:
iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
Also, I have apache virtual host:
<VirtualHost *:80> ServerName wiki.myite.com <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8901/ ProxyPassReverse / http://localhost:8901/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost>
My primary domain www.mysite.com is working well with this configuration (I don't use proxy redirect on it). But my virtual host wiki.mysite.com is not responding.
Please, help me to setup iptables config to allow wiki.mysite.com working too. I think, I need to setup iptables FORWARDING options, but I don't know how.
update:
I have 1 server with 1 IP. On server I have apache2.2 on 80 port. Also I have tomcat6 on 8901 port. In apache I setup to forwarding domain wiki.mysite.com to tomcat (mysite.com:8901).
I want to secure my server by disabling all ports, except 80, 22 and 443.
-
Antoine Benkemoun over 14 yearswe're going to need to know a little more about your network topology
-
-
Jake over 14 yearsNo, man, I want to close all ports, except 80, 22 and 443
-
Satanicpuppy over 14 yearsIt should be all ports FROM the localhost. Not all ports from any external interface. Check it from a second machine.
-
George Tasioulis over 12 years@Satanicpuppy is right
iptables -A INPUT -i lo -j ACCEPT
just allows local loopback services. It doesn't open all ports for all.