Over the weekend I’ve been playing around with the Raspberry Pi and lighttpd in order to get a little webserver running. lighttpd seemed to be a common choice, thanks to it’s simplicity and lightweightness (*possibly not a real word). There’s a plethora of examples of getting it up and running, which isn’t too difficult, most notably the one over at Penguin Tutor covers most everything. This gets you to the point where you have the webserver with mySql and php set up.
However, for me at least, this was only accessible from localhost, i.e I could only view the webserver on the Pi itself. After a few hours messing around, setting up a static ip on the router and making sure that port 80 was open on the router, and configuring lighttpd.conf, I realised that it was certainly a network issue. On further investigation, I discovered that iptables (the linux kernel firewall) was to blame. In order to get the server viewable from outside localhost, and also globally I needed to allow the port in iptables rules, which I did with the following command (ran on the Pi):
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
Now, this command isn’t set in stone, after a reboot it’ll disappear. In order to save the configuration, once it’s working, just run the following commands:
Save the iptables to firewall.conf and place it in /etc/
sudo iptables-save > firewall.conf sudo cp firewall.conf /etc/firewall.conf sudo rm firewall.conf
Now create a file in /etc/network/if-up.d/ called iptables:
sudo nano /etc/network/if-up.d/iptables
And add this content, this will load the iptables config file you saved earlier on boot:
#!/bin/sh iptables-restore < /etc/firewall.conf
Save and exit (Ctrl+X then press Y and hit return)
Next, make the file executable:
sudo chmod +x /etc/network/if-up.d/iptables
Now you're done, it should be safe to reboot and the iptables will be loaded.