Return-Path: 
 <couchdb-user-return-312-apmail-incubator-couchdb-user-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-couchdb-user-archive@locus.apache.org
Received: (qmail 11209 invoked from network); 28 Apr 2008 18:13:00 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 28 Apr 2008 18:13:00 -0000
Received: (qmail 89808 invoked by uid 500); 28 Apr 2008 18:13:01 -0000
Delivered-To: apmail-incubator-couchdb-user-archive@incubator.apache.org
Received: (qmail 89777 invoked by uid 500); 28 Apr 2008 18:13:01 -0000
Mailing-List: contact couchdb-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:couchdb-user-help@incubator.apache.org>
List-Unsubscribe: <mailto:couchdb-user-unsubscribe@incubator.apache.org>
List-Post: <mailto:couchdb-user@incubator.apache.org>
List-Id: <couchdb-user.incubator.apache.org>
Reply-To: couchdb-user@incubator.apache.org
Delivered-To: mailing list couchdb-user@incubator.apache.org
Received: (qmail 89766 invoked by uid 99); 28 Apr 2008 18:13:01 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Apr 2008 11:13:01 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of paul.joseph.davis@gmail.com
 designates 74.125.46.158 as permitted sender)
Received: from [74.125.46.158] (HELO yw-out-1718.google.com) (74.125.46.158)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Apr 2008 18:12:17 +0000
Received: by yw-out-1718.google.com with SMTP id 5so400906ywm.0
        for <couchdb-user@incubator.apache.org>;
 Mon, 28 Apr 2008 11:12:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=ctW6xv99t99PvNN6YF/5AZM3X6nfz9UtiS1AYGBdK2o=;
        b=aBrKw/e6g1wXyaW715z58hG2bvVx+n0EfytUdiSWMv1PGD2Go4z1vGrIE+JtZfTgbyN6ZihWqbQqV5DzijjksvmcSefgEaXM//szZOoE5se9bW+KlehfSCenoRsapuYoOi3Nfu6PPIQRykxuEsrIQTzMN/oGTQLLfqyelCho9e8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=HSfaAYOvwjFJqXBab4YRNFLmCNgz+JKgUmNX5VCyOTm+KqH6LRWAl+lFOoYlsJjnZ4jXMYrFbJej9KfBMoudiIsxgBNn5dSactbR8ReFGRc5vz5/p6PlA/jCMC+lkPEjKH7MOJXyZinKEJFG0YR/1HP80wWZwUyNo/VOGioBg1Q=
Received: by 10.150.86.10 with SMTP id j10mr4099855ybb.212.1209406340760;
        Mon, 28 Apr 2008 11:12:20 -0700 (PDT)
Received: by 10.150.147.9 with HTTP; Mon, 28 Apr 2008 11:12:20 -0700 (PDT)
Message-ID: <e2111bbb0804281112h15e79a9cp427602f39f010c8c@mail.gmail.com>
Date: Mon, 28 Apr 2008 14:12:20 -0400
From: "Paul Davis" <paul.joseph.davis@gmail.com>
To: couchdb-user@incubator.apache.org
Subject: Re: firewall
In-Reply-To: <5FB9C551-BBB5-4AD8-8BAE-528E28FC1C25@uci.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <FC4513C5-7896-4F65-9A8B-4CCB32F2372B@gmail.com>
	 <94947A5A-28C0-4ED2-98F4-0C780A9970FA@apache.org>
	 <43B3557F-C8DB-4580-A70E-8B5DCAF94C91@gmail.com>
	 <ACCA1844-974E-43A1-B665-D66695D9EE27@gmail.com>
	 <1DBCBFC4-6A33-4DAC-8981-7286773A623E@gmail.com>
	 <4624B2E1-C462-4191-BFBC-417267659399@apache.org>
	 <D8218852-48CC-40ED-86EC-EF18C6A0ED16@gmail.com>
	 <F1141FAC-F195-4743-8F08-236A4C959334@gmail.com>
	 <5FB9C551-BBB5-4AD8-8BAE-528E28FC1C25@uci.edu>
X-Virus-Checked: Checked by ClamAV on apache.org

On Mon, Apr 28, 2008 at 2:03 PM, Tommy Chheng <tchheng@uci.edu> wrote:
> Hi,
>  I'm trying to get CouchDB to work as a server. I got it install and
> everything works from the same machine, ie, wget localhost:5984 gives a
> response.
>
>  but i want to access this server over the internet. I set an allow in
> iptables:
>  /sbin/iptables -A INPUT -p tcp -m tcp --sport 5984 -j ACCEPT
>  /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT
>
>  /sbin/iptables -L
>  Chain INPUT (policy ACCEPT)
>  target     prot opt source               destination
>  RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>  ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5984
>  ACCEPT     tcp  --  anywhere             anywhere            tcp spt:5984
>
>
>  I'm able to connect to my webserver on this same machine fine. Just no
> response on 5984.
>
>  Any ideas what's wrong?
>
>  thanks,
>  tommy

I think this is your problem:
-A OUTPUT -p tcp -m tcp --dport 5984 -j ACCEPT

Try chaning the --dport to --sport. Or, also, you could just not
filter outbound traffic. Unless for some reason you don't trust code
running behind your firewall.

HTH,
Paul