Cant access webserver remotely cent os

Question

I have recently installed the centos server. I have configured apache and all the mysql packages.

I have also one live IP. When I run the webserver with the live IP on the centos webserver itself all looks good. But when I try to access remotely via another IP, it says "unable to connect".

I have also set up iptables. yet i am not able to access the server - please, can any one help? This is my iptable file:

 # Generated by iptables-save v1.4.7 on Sat Mar 16 21:12:18 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20928:2320365]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Mar 16 21:12:18 201

And here's the output from netstat:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2109/mysqld         
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1575/rpcbind        
tcp        0      0 0.0.0.0:54354               0.0.0.0:*                   LISTEN      1770/rpc.statd      
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      1971/vsftpd         
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1828/cupsd          
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2205/master         
tcp        0      0 :::51272                    :::*                        LISTEN      1770/rpc.statd      
tcp        0      0 :::111                      :::*                        LISTEN      1575/rpcbind        
tcp        0      0 :::80                       :::*                        LISTEN      3026/httpd          
tcp        0      0 ::1:631                     :::*                        LISTEN      1828/cupsd          
udp        0      0 0.0.0.0:43728               0.0.0.0:*                               1770/rpc.statd      
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               1751/avahi-daemon   
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1575/rpcbind        
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               1828/cupsd          
udp        0      0 0.0.0.0:902                 0.0.0.0:*                               1575/rpcbind        
udp        0      0 0.0.0.0:674                 0.0.0.0:*                               1770/rpc.statd      
udp        0      0 0.0.0.0:39847               0.0.0.0:*                               1751/avahi-daemon   
udp        0      0 :::33127                    :::*                                    1770/rpc.statd      
udp        0      0 :::111                      :::*                                    1575/rpcbind        
udp        0      0 :::902                      :::*                                    1575/rpcbind    

I'm also having port 80 listen.

Answer 1

Your iptables rules are in the wrong order, this rules

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

should be before this one

-A INPUT -j REJECT --reject-with icmp-host-prohibited

What you probably did was use the -A option to the iptables command. This Adds rules to the end of the chain. The rules in iptables are executed from top to bottom, with first rule to match winning. In your setup the blanket reject will be actioned before the allow on port 80.

The most straightforward way to solve this would be to save the current configuratioN

service iptables save

then edit the /etc/sysconfig/iptables file and swap the position of the rules then restart iptables

service iptables restart.