Port 80 blocked - apache

So I've been trying for the past several hours to get my port 80 opened, so that I can access my Apache server. I'm running RHEL 6.5, and below is the configuration for my iptables.
# Generated by iptables-save v1.4.7 on Wed Jul 2 12:59:50 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:1332]
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
## Open 443 port i.e. HTTPS
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
# Completed on Wed Jul 2 12:59:50 2014
I've saved them and restarted, to no avail. I am using a port checker (http://www.checkmyports.net/) to check if it is open, but it isn't. Before you mark this as a duplicate, I have tried everything online. I've reconfigured my iptables multiple times, removed additional firewalls, disabled and re-enabled, and multiple other solutions, all to no avail. Any ideas on where I'm going wrong? Thanks.
Output of ps aux | grep 'httpd'
:
root 20353 0.0 0.7 175704 3668 ? Ss 12:59 0:00 /usr/sbin/httpd
apache 20355 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20356 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20357 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20358 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20359 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20360 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20361 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
apache 20362 0.0 0.4 175704 2408 ? S 12:59 0:00 /usr/sbin/httpd
root 21624 0.0 0.1 103244 856 pts/0 S+ 13:55 0:00 grep httpd
Output of netstat -tulpn:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 960/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 28361/sshd
tcp 0 0 0.0.0.0:36088 0.0.0.0:* LISTEN 978/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1108/sendmail
tcp 0 0 :::111 :::* LISTEN 960/rpcbind
tcp 0 0 :::80 :::* LISTEN 20353/httpd
tcp 0 0 :::51733 :::* LISTEN 978/rpc.statd
tcp 0 0 :::22 :::* LISTEN 28361/sshd
udp 0 0 0.0.0.0:111 0.0.0.0:* 960/rpcbind
udp 0 0 0.0.0.0:39182 0.0.0.0:* 978/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 20708/dhclient
udp 0 0 0.0.0.0:711 0.0.0.0:* 960/rpcbind
udp 0 0 0.0.0.0:730 0.0.0.0:* 978/rpc.statd
udp 0 0 :::111 :::* 960/rpcbind
udp 0 0 :::711 :::* 960/rpcbind
udp 0 0 :::35278 :::* 978/rpc.statd

Ensure there is something running on that port.
If you have port 80 open on your firewall but nothing is listening on that port (apache,http) then the port will show as closed.
Whats the output of
ps aux | grep 'httpd'
and
netstat -tulpn

You could try clearing out iptables entirely, get the web access working, and then turn it back on.
I have an iptables-clear.sh script that I run to do this.
Note this doesn't use the /etc/init.d version of iptables which you might have to turn off while you're fixing this. Just remember to turn it back on once you're done.
# Flush all tables
iptables -F
iptables -t nat -F
# Default policy to ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

Related

celery worker thread hangs indefinitely

I am running my spiders into celery worker. Spider scrape a website and then bunch of follow-up links. after some time spider stop processing any further.
lsof output shows that for thread , connection are in CLOSE_WAIT state
# lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
celery 10 root 32u IPv4 105621511 0t0 TCP 127.0.0.1:6023 (LISTEN)
celery 10 root 33u IPv4 105603949 0t0 TCP 10.1.195.250:38162->104.17.38.150:http (ESTABLISHED)
celery 10 root 34u IPv4 105610494 0t0 TCP 10.1.195.250:41864->185.230.61.195:https (CLOSE_WAIT)
celery 10 root 35u IPv4 105614120 0t0 TCP 10.1.195.250:39742->185.230.61.195:http (CLOSE_WAIT)
celery 10 root 36u IPv4 105603950 0t0 TCP 10.1.195.250:52672->185.230.61.96:http (CLOSE_WAIT)
celery 10 root 37u IPv4 105620542 0t0 TCP 10.1.195.250:38200->209.236.228.178:http (CLOSE_WAIT)
celery 10 root 38u IPv4 105603948 0t0 TCP 10.1.195.250:51848->35.208.181.87:http (CLOSE_WAIT)
celery 10 root 39u IPv4 105614124 0t0 TCP 10.1.195.250:56290->185.230.61.96:https (CLOSE_WAIT)
celery 10 root 40u IPv4 105604983 0t0 TCP 10.1.195.250:43118->216.185.90.112:http (CLOSE_WAIT)
celery 10 root 41u IPv4 105618465 0t0 TCP 10.1.195.250:55006->209.59.212.167:http (CLOSE_WAIT)
celery 10 root 45u IPv4 105600888 0t0 TCP 10.1.195.250:34572->23.227.38.74:http (ESTABLISHED)
celery 10 root 46u IPv4 105620539 0t0 TCP 10.1.195.250:35846->205.178.189.129:http (CLOSE_WAIT)
celery 10 root 48u IPv4 105620541 0t0 TCP 10.1.195.250:39674->185.230.61.195:http (CLOSE_WAIT)
celery 10 root 49u IPv4 105610495 0t0 TCP 10.1.195.250:49450->178.128.150.108:http (CLOSE_WAIT)
celery 10 root 51u IPv4 105614122 0t0 TCP 10.1.195.250:53770->23.227.38.74:https (ESTABLISHED)
celery 10 root 52u IPv4 105614123 0t0 TCP 10.1.195.250:52930->54.86.91.237:https (CLOSE_WAIT)
celery 10 root 53u IPv4 105614125 0t0 TCP 10.1.195.250:37998->209.236.228.178:https (CLOSE_WAIT)
celery 10 root 54u IPv4 105614126 0t0 TCP 10.1.195.250:59992->35.208.181.87:https (CLOSE_WAIT)
celery 10 root 55u IPv4 105605002 0t0 TCP 10.1.195.250:39692->192.124.249.18:http (CLOSE_WAIT)
celery 10 root 56u IPv4 105612653 0t0 TCP 10.1.195.250:41912->185.230.61.195:https (CLOSE_WAIT)
celery 10 root 57u IPv4 105612657 0t0 TCP 10.1.195.250:47560->104.197.82.118:http (CLOSE_WAIT)
celery 10 root 58u IPv4 105612656 0t0 TCP 10.1.195.250:33926->209.59.212.167:https (CLOSE_WAIT)
celery 10 root 59u IPv4 105614129 0t0 TCP 10.1.195.250:41614->178.128.150.108:https (CLOSE_WAIT)
celery 10 root 62u IPv4 105614131 0t0 TCP 10.1.195.250:37534->34.66.87.174:http (CLOSE_WAIT)
celery 10 root 63u IPv4 105600910 0t0 TCP 10.1.195.250:47682->166.62.115.136:https (CLOSE_WAIT)
celery 10 root 64u IPv4 105614141 0t0 TCP 10.1.195.250:43222->216.185.90.112:http (CLOSE_WAIT)
celery 10 root 65u IPv4 105600912 0t0 TCP 10.1.195.250:41060->50.63.7.227:http (CLOSE_WAIT)
celery 10 root 66u IPv4 105600913 0t0 TCP 10.1.195.250:41254->104.197.82.118:https (CLOSE_WAIT)
celery 10 root 69u IPv4 105614695 0t0 TCP 10.1.195.250:42766->104.112.162.8:https (ESTABLISHED
ps -aux shows that thread is in sleep and waiting for an event
# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.0 80024 62700 ? Ss 17:23 0:05 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 8 0.0 0.0 118892 76360 ? S 17:23 0:00 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 10 0.0 0.0 902592 100916 ? Sl 17:23 0:01 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 485 0.0 0.0 121900 79376 ? S 18:07 0:00 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 486 10.0 0.1 950312 144056 ? Sl 18:07 1:19 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 501 0.4 0.0 455868 62432 ? Sl 18:11 0:02 /usr/local/bin/python /usr/local/bin/celery flower -A
root 508 0.3 0.0 121916 79388 ? S 18:17 0:00 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 509 22.4 0.1 958724 154876 ? Sl 18:17 0:42 /usr/local/bin/python /usr/local/bin/celery -A data_ex
root 520 0.5 0.0 2388 700 pts/0 Ss 18:20 0:00 /bin/sh
root 526 0.0 0.0 9392 3048 pts/0 R+ 18:20 0:00 ps -aux
Starce shows that thread is waiting on fd 69
# strace -p 10
strace: Process 10 attached
read(69,
Seems like spider are not closing connection properly.
how do i solve this?
I thought of adding timeouts to celery task , but all thread will hit HARD_LIMIT eventually.
how to make sure that scrapy is closing each connection propery?
This most likely has to do with the code that you are using for spidering. You may have to set a timeout on the library that you are using to make your http / https requests.

Ubuntu 14.01 Host / Ubuntu 14.01 Container; Postfix does not send mail; telnet does not connect to outside host

==== Basic information ====
iRedMail version (check /etc/iredmail-release): iRedMail-0.9.5-1
Linux/BSD distribution name and version: Ubuntu 14.01 container inside Ubuntu 14.01 TurnkeyLinux Core
Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
Web server (Apache or Nginx): Apache
Postfix log excerpt:
Jan 6 10:24:38 iredmail postfix/submission/smtpd[2631]: connect from x.y.z[127.0.0.1]
Jan 6 10:24:38 iredmail postfix/submission/smtpd[2631]: Anonymous TLS connection established from x.y.z[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jan 6 10:24:38 iredmail postfix/submission/smtpd[2631]: 6EEA060306: client=x.y.z[127.0.0.1], sasl_method=LOGIN, sasl_username=address#x.y.z
Jan 6 10:24:38 iredmail postfix/cleanup[2636]: 6EEA060306: message-id=
Jan 6 10:24:38 iredmail roundcube: User iaaberga [192.168.121.1]; Message for destination#gmail.com; 250: 2.0.0 Ok: queued as 6EEA060306
Jan 6 10:24:38 iredmail postfix/qmgr[2587]: 6EEA060306: from=, size=575, nrcpt=1 (queue active)
Jan 6 10:24:38 iredmail postfix/submission/smtpd[2631]: disconnect from x.y.z[127.0.0.1]
Jan 6 10:24:38 iredmail postfix/smtpd[2648]: connect from x.y.z[127.0.0.1]
Jan 6 10:24:38 iredmail postfix/smtpd[2648]: C97F262D1B: client=x.y.z[127.0.0.1]
Jan 6 10:24:38 iredmail postfix/cleanup[2636]: C97F262D1B: message-id=
Jan 6 10:24:38 iredmail postfix/qmgr[2587]: C97F262D1B: from=, size=1628, nrcpt=1 (queue active)
Jan 6 10:24:38 iredmail postfix/smtpd[2648]: disconnect from x.y.z[127.0.0.1]
Jan 6 10:24:38 iredmail amavis[1742]: (01742-01) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:35413 -> , Queue-ID: 6EEA060306, Message-ID: , mail_id: 4QjhhYZODSHf, Hits: -2.986, size: 575, queued_as: C97F262D1B, dkim_new=dkim:y.z, 328 ms, Tests: [ALL_TRUSTED=-1,RP_MATCHES_RCVD=-3.199,TVD_RCVD_SINGLE=1.213]
Jan 6 10:24:38 iredmail postfix/smtp[2642]: 6EEA060306: to=, relay=127.0.0.1[127.0.0.1]:10026, delay=0.4, delays=0.05/0.01/0.01/0.33, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C97F262D1B)
Jan 6 10:24:38 iredmail postfix/qmgr[2587]: 6EEA060306: removed
Jan 6 10:24:47 iredmail postfix/smtp[2618]: connect to mx6.mail.icloud.com[17.172.34.71]:25: Connection timed out
Jan 6 10:24:47 iredmail postfix/smtp[2622]: connect to alt1.gmail-smtp-in.l.google.com[173.194.69.27]:25: Connection timed out
====
Hi!
I did install iRedmail as an lxc container on an Ubuntu 14.01 / Ubuntu 14.01 host/container system.
While I can receive emails, Postfix does not send messages (that appear to be sent out in the webmail client, but do never arrive at dest).
From the container level connectivity seems to work in general: I can ssh to some host I have access to; I can use apt-get tools to install new sw, etc.
Trying to telnet alt1.gmail-smtp-in.l.google.com on port 25 does not succeed (if done from inside the container).
root#iredmail ~# telnet alt1.gmail-smtp-in.l.google.com 25
Trying 173.194.69.26...
Eventually the connection will fail.
If I do exit from the container and try the same telnet connection, all is well
root#lxc ~# telnet alt1.gmail-smtp-in.l.google.com 25
Trying 173.194.69.27...
Connected to alt1.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP t19si1302495wrb.232 - gsmtp
QUIT
221 2.0.0 closing connection t19si1302495wrb.232 - gsmtp
Connection closed by foreign host.
This is the container's iptables config:
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12320 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12321 -j ACCEPT
# Mail SMTP
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -p tcp -d 192.168.121.1 --dport 25 -j ACCEPT
# POP3
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# SMTPS
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
# IMAPS
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
# IMAPS - 2
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
COMMIT
I am not familiar with containers' networking, so I might very well missing anything obvious!
It does not look to be a problem with Postfix config..
Thanks for any help,
Aldo
As it often happens (once you know the solution) the problem was trivial...
In short: a wrong NAT setting in the host was intercepting and forwarding traffic from all sources, CONTAINERS INCLUDED!!
This is the relevant part of the HOST'S iptables rules as it was:
*nat
:PREROUTING ACCEPT [22532:1479233]
:INPUT ACCEPT [22432:1472721]
:OUTPUT ACCEPT [11623:812922]
:POSTROUTING ACCEPT [2959:155572]
-A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.121.174:25
-A PREROUTING -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.121.174:110
-A PREROUTING -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.121.174:143
-A PREROUTING -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.121.174:465
-A PREROUTING -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.121.174:587
-A PREROUTING -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.121.174:993
-A PREROUTING -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.121.174:995
-A POSTROUTING -o br0 -j MASQUERADE
-A POSTROUTING -s 192.168.121.0/24 ! -o natbr0 -j MASQUERADE
COMMIT
It tells iptables to pass all traffic say to port 25 to the virtual address of the mail server container.
This happens even for traffic from the container itself.
BINGO!!
Now this is the correct setting, where br0 is the AWS network interface that links to the outside world.
So, only packets arriving there first, should be routed to the NATted virtual address of the email server package.
*nat
:PREROUTING ACCEPT [22532:1479233]
:INPUT ACCEPT [22432:1472721]
:OUTPUT ACCEPT [11623:812922]
:POSTROUTING ACCEPT [2959:155572]
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 25 -j DNAT --to-destination 192.168.121.174:25
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 110 -j DNAT --to-destination 192.168.121.174:110
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 143 -j DNAT --to-destination 192.168.121.174:143
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 465 -j DNAT --to-destination 192.168.121.174:465
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 587 -j DNAT --to-destination 192.168.121.174:587
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 993 -j DNAT --to-destination 192.168.121.174:993
-A PREROUTING -p tcp -m tcp --in-interface br0 --dport 995 -j DNAT --to-destination 192.168.121.174:995
-A POSTROUTING -o br0 -j MASQUERADE
-A POSTROUTING -s 192.168.121.0/24 ! -o natbr0 -j MASQUERADE
COMMIT
Obviously without the interception loop the email server inside the container easily sends mail out!!

Port load balance with IPTables

If my clients connect to my server on port 5000, how would I set IPTables, to split them evenly between 5001 and 5002?
All of this must be done with caution and make sure you have serial/terminal access because there is a chance of you losing your network connection
First enable ipV4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 5000 -m statistic --mode nth --every 3 --packet 0 -j REDIRECT --to-port 5000
iptables -t nat -A PREROUTING -p tcp --dport 5000 -m statistic --mode nth --every 2 --packet 0 -j REDIRECT --to-port 5001
iptables -t nat -A PREROUTING -p tcp --dport 5000 -j REDIRECT --to-port 5002

How to run tomcat7 web app through https over port 8443?

I have a vaadin 7 app running on tomcat 7 on an EC2 server. The app runs through port 8080, so I redirect my domain from 80 to 8080 using:
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Now, I need to use an SSL certificate that should run on ports 8443 or 443, but checking my port using sudo netstat -nlp, I get this:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2332/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2371/sendmail
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2987/mysqld
tcp 0 0 :::8080 :::* LISTEN 3204/java
tcp 0 0 :::80 :::* LISTEN 3151/httpd
tcp 0 0 :::22 :::* LISTEN 2332/sshd
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 3204/java
tcp 0 0 :::8009 :::* LISTEN 3204/java
udp 0 0 0.0.0.0:68 0.0.0.0:* 2063/dhclient
udp 0 0 172.30.0.27:123 0.0.0.0:* 2356/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2356/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2356/ntpd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 1742 2987/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 10316 2151/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 9565 1/init #/com/ubuntu/upstart
unix 2 [ ACC ] SEQPACKET LISTENING 9820 1578/udevd #/org/kernel/udev/udevd
So, as I understand, those ports aren't even there...How can I "activate" them and then use them for my https connection?
You are supposed to configure your certificate in your tomcat as shown here .
Then you should open those ports in the EC2 console as shown here.

Squid 2.6 and https_port

I have a question about Squid configuration as trasparent proxy using SSL.
I would to use Squid 2.6 as trasparent proxy with http and https connection.
I followed this steps:
1) I configurated my iptables:
# Generated by iptables-save v1.4.7 on Wed Nov 9 13:37:50 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10363:2864591]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Nov 9 13:37:50 2011
# Generated by iptables-save v1.4.7 on Wed Nov 9 13:37:50 2011
*nat
:PREROUTING ACCEPT [4:650]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129
COMMIT
2) I configurated my squid.conf about http_port and it work well.
3) About SSL I setted this:
https_port 3129 transparent key=/etc/squid/ssl/myhost.com-private.pem
cert=/etc/squid/ssl/myhost.com-certificate.pem
but about https not work.
If I use this command lsof -n -i -P | grep squid
about the squid I see also:
squid 6483 squid 6u IPv4 155998 0t0 UDP *:43053
squid 6483 squid 13u IPv4 156001 0t0 TCP *:3128 (LISTEN)
squid 6483 squid 14u IPv4 156003 0t0 UDP *:3130
and I not see 3129 port. Is correct this way?
Any suggestions?