Hey Dave, let's tackle your questions step by step:

Here are a few reliable ways to check if port 80 is open and listening on your server:

• Use the netstat command: Run netstat -tulpn | grep :80 in your terminal. If you see output like tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1234/nginx, that means port 80 is actively being listened to by a process (1234 is the process ID, nginx is just an example web server).
• Use the ss command (more efficient than netstat): Execute ss -tulpn | grep :80. The output works the same way—look for a line showing LISTEN state for port 80.
• Test locally: Try curl http://localhost or telnet localhost 80. If you get a response from your web server or can establish a connection, port 80 is open locally.

Let's walk through the most common issues and fixes for this scenario:

1. Verify your iptables configuration first #

First, check your current iptables rules with iptables -L -n (the -n flag uses numeric IPs/ports for faster output). Focus on the INPUT chain:

• You need a rule that allows incoming TCP traffic on port 80 from any IP. It should look something like this:

  ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
  

• If this rule doesn't exist, add it with iptables -A INPUT -p tcp --dport 80 -j ACCEPT. Then save your iptables config to make it persist after reboot—this varies by distro:
  • For RHEL/CentOS: iptables-save > /etc/sysconfig/iptables
  • For Debian/Ubuntu: netfilter-persistent save
• Also check the default policy of the INPUT chain. If it's set to DROP, you must explicitly allow port 80 (and other necessary ports). If it's ACCEPT, the blockage is likely elsewhere, but double-check for any REJECT or DROP rules targeting port 80.

2. Check port forwarding and public IP (if on a local network) #

• If your server is on a private LAN, your router needs a port forwarding rule that maps external port 80 traffic to your server's internal IP and port 80. Without this, external requests can't reach your server.
• Confirm your server's public IP by running curl ifconfig.me (or similar tool). Make sure external clients are using this public IP to connect, not your server's local IP (like 192.168.x.x).

3. Cloud server? Check your provider's security group #

If you're using a cloud server (AWS, Alibaba Cloud, DigitalOcean, etc.), the provider's security group acts as an extra firewall layer. You need to add an inbound rule that allows TCP traffic on port 80 from 0.0.0.0/0 (all IPs). This is a super common oversight—don't skip this step!

4. Ensure your web server is listening on all interfaces #

Sometimes web servers are configured to only listen on localhost (127.0.0.1), which restricts access to the server itself. Check your web server's config:

• For Nginx: Look for the listen directive in your site config—it should be listen 80; or listen 0.0.0.0:80;, not listen 127.0.0.1:80;.
• For Apache: Check the Listen line in httpd.conf or apache2.conf—it should be Listen 80 or Listen 0.0.0.0:80.
  After updating the config, restart your web server (e.g., systemctl restart nginx or systemctl restart apache2).

5. Rule out intermediate firewalls or ISP restrictions #

• If your server is behind a corporate gateway or another network firewall, make sure those devices are configured to allow incoming port 80 traffic to your server.
• Some residential ISPs block port 80 to prevent home users from running public web servers. If you suspect this, try testing with a different port (like 8080) and see if external connections work. You can also reach out to your ISP to confirm.

内容的提问来源于stack exchange，提问作者Dave