CentOS 5.2 in my environment, by default, the Apache had been installed.

There is a Netfilter packet filtering system, setting the destination port 80 because it had been set not to allow packets to unlock it first.

First, from the command line,
iptables-L – line-number
When you run
(iptables is the command name Netfilter)

————————————————– —–
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all – anywhere anywhere
2 ACCEPT icmp – anywhere anywhere icmp any
3 ACCEPT esp – anywhere anywhere
4 ACCEPT ah – anywhere anywhere
5 ACCEPT udp – anywhere 224.0.0.251 udp dpt: mdns
6 ACCEPT udp – anywhere anywhere udp dpt: ipp
7 ACCEPT tcp – anywhere anywhere tcp dpt: ipp
8 ACCEPT all – anywhere anywhere state RELATED, ESTABLISHED
9 ACCEPT tcp – anywhere anywhere state NEW tcp dpt: ssh
10 REJECT all – anywhere anywhere reject-with icmp-host-prohibited

————————————————– —–

And came.

Because we want to allow access from the outside, first noteworthy that the INPUT chain, INPUT chain as a target in the RH-Firewall-1-INPUT is specified so that the chain, try moving your eyes in the section there . Then, http (80 port) shows that are not allowed to pass from the outside of the packet. By default, your environment is being allowed to pass from the outside seems only ssh and ipp. Otherwise the packet is the last line is set to REJECT.

Here, http add a description to allow the passage of the packet.
The simplest fact is, CentOS GUI to login to the system from the desktop menu ->Administration-> Security Level and Firewall settings, the “reliable service” from the WWW (HTTP) check ? It’s a way to change the settings by pressing the Apply button, where you put Netfileter from the command line way to change the settings.

But this example, RH-Firewall-1-INPUT chain in the last line, because the proof is not configured to allow packets at the top, you need to add a rule above it.

In normal

iptables-I RH-Firewall-1-INPUT 10-p tcp – dport 80-j ACCEPT
(In this example the REJECT RH-Firewall-1-INPUT chain is set to 10 so that the first line-I optional second argument is 10. To change from time to time in some cases)

Is good, but the GUI is referred to the above results were changed from time tweaking,

iptables-I RH-Firewall-1-INPUT 10-m state – state NEW-p tcp – dport http-j ACCEPT

RH-Firewall-1-INPUT chain in line 8, state module using the tcp ESTABLISHED and RELATED connection, so all that is already permitted, NEW only sufficient to allow passage of a new packet,