Adjusting IPTables to accept requests on port 80

Enable clients to access a Repository on standard ports by configuring the server to redirect traffic received on standard HTTP port 80 to the standard Repository HTTP port 8080.

NOTE: These commands assume the default state of IPTables, which is on and allowing inbound SSH access on port 22. This is the factory default state for CentOS 6.7. If this default has been changed, you can reset it:

sudo iptables -L

CAUTION: Mistakes with IPTables rules can render a remote machine inaccessible.

1. Allow inbound access to tcp port 80:

   sudo iptables -I INPUT -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j ACCEPT
   

2. Allow inbound access to tcp port 8080:

   sudo iptables -I INPUT -i eth0 -p tcp --dport 8080 -m comment --comment "# Anaconda Repo #" -j ACCEPT
   

3. Redirect inbound requests to port 80 to port 8080:

   sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j REDIRECT --to-port 8080
   

4. Display the current IPTables rules:

   iptables -L -n
   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination
   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 /* # Anaconda Repo # */
   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 /* # Anaconda Repo # */
   ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
   ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
   
   Chain FORWARD (policy ACCEPT)
   target     prot opt source               destination
   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination
   

   NOTE: The PREROUTING (nat) IPTables chain is not displayed by default. To display the chain:

   iptables -L -n -t nat
   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination
   REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 /* # Anaconda Repo # */ redir ports 8080
   
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination
   
   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination
   

5. Save the running IPTables configuration to /etc/sysconfig/iptables:

   sudo service iptables save