================================================
Adjusting IPTables to accept requests on port 80
================================================


Enable clients to access a Repository on standard ports by configuring
the server to redirect traffic received on standard HTTP port 80 to the
standard Repository HTTP port 8080.

NOTE: These commands assume the default state of IPTables, which is
``on`` and allowing inbound SSH access on port 22. This is the factory
default state for CentOS 6.7. If this default has been changed, you can
reset it::

  sudo iptables -L

CAUTION: Mistakes with IPTables rules can render a remote machine
inaccessible.

#. Allow inbound access to tcp port 80::

    sudo iptables -I INPUT -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j ACCEPT



#. Allow inbound access to tcp port 8080::

    sudo iptables -I INPUT -i eth0 -p tcp --dport 8080 -m comment --comment "# Anaconda Repo #" -j ACCEPT



#. Redirect inbound requests to port 80 to port 8080::

    sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j REDIRECT --to-port 8080



#. Display the current IPTables rules::

    iptables -L -n
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 /* # Anaconda Repo # */
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 /* # Anaconda Repo # */
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination



   NOTE: The PREROUTING (nat) IPTables chain is not displayed by
   default. To display the chain::

    iptables -L -n -t nat
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 /* # Anaconda Repo # */ redir ports 8080

    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination



#. Save the running IPTables configuration to
   ``/etc/sysconfig/iptables``::

    sudo service iptables save
