Enabling http access on port 80 for centos 6.3 from console

Question

Have a centos 6.3 box running on Parallels

and I'm trying to open port 80 to be accesible from outside

tried the gui solution from this post and it works, but I need to get it done from a script.

Tried to do this:

sudo /sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
sudo /sbin/iptables-save
sudo /sbin/service iptables restart

This creates exactly the same iptables entries as the GUI tool except it does not work:

$ telnet xx.xxx.xx.xx 80
Trying xx.xxx.xx.xx...
telnet: connect to address xx.xxx.xx.xx: Connection refused
telnet: Unable to connect to remote host

UPDATE:

$ netstat -ntlp
(No info could be read for "-p": geteuid()=500 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State              PID/Program name   
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:6379              0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:37439               0.0.0.0:*                   LISTEN      -                   
tcp        0      0 :::111                      :::*                        LISTEN      -                   
tcp        0      0 :::22                       :::*                        LISTEN      -                   
tcp        0      0 ::1:631                     :::*                        LISTEN      -                   
tcp        0      0 :::60472                    :::*                        LISTEN      -   

$ sudo cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed Dec 12 18:04:25 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:640]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Dec 12 18:04:25 2012

Answer 1

I would say your rule is at the end of your INPUT iptables list. Try this iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT and then run service iptables save. The A in your command appends the rule to the current INPUT list. This is after a rule that may have an explicit REJECT. The I in my command, places the rule in a line position, in this case line 5. Which should be BEFORE the default reject rule. Rules in IPTABLES work from top down and if a rule is match, the firewall applies the rule to the connection. I use this -iptables-rules-examples- really helpful

Answer 2

Command service iptables restart don't save your current iptables rules.

Execute service iptables save before restart it.

Answer 3

Rule matching going from up to down. So iptables make actions when first match. You have:

-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

1st rule doesn't have any condition, so there is no packets that could reach 2nd rule.