The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Opening port in firewall

Discussion in 'General Discussion' started by duckxtales, Jan 6, 2007.

  1. duckxtales

    duckxtales Member

    Joined:
    Dec 15, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Hi, I'm trying to set up svn on a system with apache1, so I'll be running apache1 and apache2 side by side.

    I'm trying to set up apache2 to listen on a different port, but I'm not sure how to open the port in my firewall, or even the process to set up a new port for the apache2 http connection.

    What I've done so far is to edit my apache2 httpd.conf to listen on my new port number, and set up my virtual hosts there to match. However, I still couldn't access the site via the new port, so I was told I needed to open the port first in my firewall.

    For this, I've edited the iptables for a the new port on utp and tcp protocols:
    iptables -A INPUT -d [my.ip] -p tcp --dport [my.port] -j ACCEPT
    iptables -A INPUT -d [my.ip]-p utp --dport [my.port] -j ACCEPT

    Then I did a save and restart.

    Still unable to access on the new port.

    Can someone give me a clue on what I'm missing or how to open the port and set up apache conf to the new port properly?

    Your help is much appreciated, thanks in advance.
     
  2. dafut

    dafut Well-Known Member

    Joined:
    Dec 14, 2005
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I'd suggest CSF by ConfigServer. ConfigServer Firewall integrates well with WHM, provides awesome flexibility, has a feature set that continues to grow and is well supported. It's also very well priced!

    You can then open the proper inbound/outbound ports with much less concern about syntax.

    Then again, if you really like configuring IPTABLES...
     
  3. duckxtales

    duckxtales Member

    Joined:
    Dec 15, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your help, Dafut. I'd really like to learn how to configure all of this via the shell, though.

    I'm trying to learn my way around the shell better.

    Any help with this is much appreciated.
     
  4. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Try using -I instead of -A. -I will insert the rule into the top of the chain, whereas -A will simply append it to the end of the chain. As such, if there is a rule to block the traffic to the new port somewhere in the chain, -I will make sure your new rule is acted upon first.

    This is how I would approach the situation:

    1. Remove the old rules (use -D instead of -A)

    2. Add a new rule via the following syntax:

    /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

    8080 should be replaced with the port apache2 is listening on.

    If that doesn't work, then the issue could either be with a local firewall policy on your end, or that of your ISP, or with the firewall on the server. I'd run tcptraceroute locally to determine if the port were being blocked outbound locally (there's a win32 port which can be found via Google), and if you see the traffic being blocked at your server, then I'd double check your server's firewall.
     
  5. duckxtales

    duckxtales Member

    Joined:
    Dec 15, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Thanks jpeterson! That worked, I really appreciate your help.
     
Loading...

Share This Page