incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Davis" <paul.joseph.da...@gmail.com>
Subject Re: firewall
Date Mon, 28 Apr 2008 18:12:20 GMT
On Mon, Apr 28, 2008 at 2:03 PM, Tommy Chheng <tchheng@uci.edu> wrote:
> Hi,
>  I'm trying to get CouchDB to work as a server. I got it install and
> everything works from the same machine, ie, wget localhost:5984 gives a
> response.
>
>  but i want to access this server over the internet. I set an allow in
> iptables:
>  /sbin/iptables -A INPUT -p tcp -m tcp --sport 5984 -j ACCEPT
>  /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>
>  /sbin/iptables -L
>  Chain INPUT (policy ACCEPT)
>  target     prot opt source               destination
>  RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5984
>  ACCEPT     tcp  --  anywhere             anywhere            tcp spt:5984
>
>
>  I'm able to connect to my webserver on this same machine fine. Just no
> response on 5984.
>
>  Any ideas what's wrong?
>
>  thanks,
>  tommy

I think this is your problem:
-A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT

Try chaning the --dport to --sport. Or, also, you could just not
filter outbound traffic. Unless for some reason you don't trust code
running behind your firewall.

HTH,
Paul

Mime
View raw message