You should enable stateful packet inspection on both INPUT an OUTPUT, as the communications between your reverse proxy and the origin server are not included in your rules: OUTPUT any, but responses (received on INPUT) are only accepted if sent to... Port 80 or 443. Responses are sent to the original source port (>1024)
Iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT Envoyé de mon iPad Le 18 May 2015 à 08:35, "Kevin Caliati" <kcali...@gmail.com<mailto:kcali...@gmail.com>> a écrit : Hi everyone, I posted my issue on stackoverflow but nobody answer me. I have a webserver secured with iptables : iptables -L -v Chain INPUT (policy DROP 67 packets, 8002 bytes) pkts bytes target prot opt in out source destination 62 4648 ACCEPT tcp -- any any 192.168.200.0/24 anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any 192.168.200.0/24 anywhere tcp dpt:ndmp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 ACCEPT all -- lo any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 30 packets, 4600 bytes) pkts bytes target prot opt in out source destination I also have some ProxyPass and ProxyPassReverse configurations in httpd.conf file. If I stop iptables service, the ProxyPass configuration is working but when it's up it failed. Which iptables configuration should I set ?
