0
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

followed by a 

netstat -tln

shows

tcp        0      0 0.0.0.0:2822            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2812            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN     
tcp6       0      0 :::2822                 :::*                    LISTEN     
tcp6       0      0 :::587                  :::*                    LISTEN     
tcp6       0      0 :::110                  :::*                    LISTEN     
tcp6       0      0 :::143                  :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::25                   :::*                    LISTEN     
tcp6       0      0 :::993                  :::*                    LISTEN     
tcp6       0      0 :::995                  :::*                    LISTEN

(Nothing about 443.) It's Debian wheezy.

What am I doing wrong? Syntax?

instamattic
  • 31
  • 1
  • 1
  • 4
  • Which service is it you expect to be listening on 443? Is that service running? – jscott Jan 14 '17 at 03:14
  • When you do curl -kv https://IP What error do you get? If it's connection refused,then no app is listening on port 443. I don't see 443 on netstat output as well. If it's connection timeout then your iptable is affecting it – kalyan Jan 14 '17 at 05:24
  • 3
    You aren't running a program that is listening on port 443. – Michael Hampton Jan 14 '17 at 06:23

2 Answers2

2

Your command likely went through just fine. The second output is expected behaviour: Pretty much nothing you can configure via iptables directly affects what netstat will display.

  • netstat -tlpn shows you services ready to accept connections (you have none for port 443 running). Add the -p and it will also tell you the name of the program, which makes it much more helpful.
  • iptables -vnL lists rules by which packets will be processed/blocked before reaching any such server. This is the list that tells you "which ports are opened".

What you want to do for further testing is actually start the server you wish to make available. A web server, i assume. If that server has not started, you want to examine its logs. Its likely a webserver will not occupy port 443 if certificate configuration is broken.

anx
  • 6,875
  • 4
  • 22
  • 45
0

If you are wanting to receive on port 443, try:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
service iptables save
service iptables restart

http://www.linuxquestions.org/

Troy Osborne
  • 106
  • 1
  • 11
  • You could also do: `sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT` to put the rule at the top of the list. [Jenkins Wiki](https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+on+Port+80+or+443+using+iptables) – Troy Osborne Jan 14 '17 at 04:34