I have absolutely no doubt that this is human error due to the fact I have no real clue what I am doing.
I recently installed pptp on my ubuntu 12.04 server so that I can vpn as the server.
However I have obviously open/closed the wrong ports.
Apache starts perfectly as you would expect.
I followed these instructions, point being. I believe my 443 port is closed or similar.
Silly really wasn't it.
Port was closed as I suspected:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 443 -j ACCEPT
Related
I have a webapp running on a Raspberry Pi, which is behind a NAT, and I'm trying to make a tunnel to the company's server so that I can access it from the web. Right now I've been able to establish a tunnel using ssh -fN -R 192.168.0.28:54321:localhost:443 username#192.168.0.28 (both the server and the RPi are in the same LAN at the time), and doing curl -k https://192.168.0.28:54321 returns the contents of the webpage hosted in the RPi, but only if I do it from the server. I have set GatewayPorts yes and AllowTcpForwarding yes (which anyway is the default).
It was the firewall on the server blocking the port. ¬¬
To open said port, the command is sudo iptables -I INPUT -p tcp --dport 54321 -j ACCEPT, which says that any connection comming to the TCP port 54321 must be accepted.
I have a GCE Instance a Debian 1v CPU & 1.7GB. Then I followed the below tutorial and installed webmin on it.
https://www.howtoforge.com/tutorial/how-to-install-webmin-on-ubuntu-15-04/
The installation went successfully. Then I Created a Firewall exception on using the UFW and allowed port 10000.
sudo ufw allow 10000/tcp
But I was not able to access Webmin through the browser.
https://my-gce-instance-ip-address:10000.
Then i created firewall exception using the Google Cloud Console. Again tried the url it didnt work.
Then i thought this might be because of webmin is https mode. So i open the /etc/webmin/miniserv.conf and changed ssl=0. After that i restarted the webmin.
/etc/init.d/webmin restart
Then I tried the the url with Http, still I can't access.
I tried below command and checked the output. Accordingly Webmin is correctly running and listening on port 10000.
netstat -tulpn | grep :10000.
I can't seem to think what I am doing wrong. I have now spent several days on this without and solution in sight. Hope someone can kindly help me?
try this ... it's working for me
iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT
service iptables save
/etc/init.d/iptables restart
open both link in Browser
https://your-IP:10000
and
http://your-IP:10000
you need to allow port 10000 from iptables
sudo iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
this work for me
i'm using ubuntu 16.04
You don't need to do any firewall configuration in the instance itself. All firewall configuration is done in the Google Cloud console.
The steps I typically follow, as you show to have figured out in your comment, are:
Create the firewall rule, in it opening the particular port you need (10000 in the case of Webmin) for ingress TCP traffic, accepting connections from some IP range (e.g. 0.0.0.0/0), and specifying target tags to be later assigned to instances to which that rule shall apply.
Add one of those tags to the "network tags" section of some particular instance.
This alone should work, opening the port for your instance in the firewall.
I was almost creating another question here on SO when yours was suggested as a possible duplicate. I had followed the steps above on my Webmin machine, and yet the machine refused to connect on port 10000. As I kept writing the question, I figured out my particular problem: in the firewall rule, in the source IP range filter, I set the single meta-address 0.0.0.0 instead of the range 0.0.0.0/0. So, to anyone who has followed the steps above and still can't connect to their webmin installation, do check if your source range filter is correctly set.
I want to make sure that the only network traffic on my linux CentOS server is my own.
All my server runs is a Tomcat instance with one servlet. This servlet takes a parameter, which is a URL to download. It will download from that url, and pass the contents back to the calling program through the usual http response.
I want to block all network traffic to this server except
1) Ability to ssh
2) Ability to download from host abc.xyz.com
3) Ability for server with IP 111.222.333.444 to download from me
Can someone please tell me the commands to do this in iptables? I tried finding this out myself but I was a bit out my depth with the lingo.
thanks
Configuring a firewall is simple, first of all select what ports you want to be open.
For example Webserver ports:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
For example SSH port:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
In any way your server is able to download files from other server/hosts.
3) Ability for server with IP 111.222.333.444 to download from me
I suppose that must be port 80, (or any port where the server is downloading from) if your uploading files to your website.
After these steps you need to look if the firewall is configured right:
iptables -L -n
If it's looking good then you're able to save your iptables, and restart the service.
If there is any problem configureren your firewall, please let me know.
I have a self hosted Nancy application running on a Raspberry Pi and I can't get it to bind to port 80!
It works on port 81, 8090 and I even tried other "reserved" ports such as 443. They all work except 80.
I'm starting the app with sudo so it shouldn't be permissions and 81 works too.
sudo mono Lambda.Console.exe
The obvious culprit for this is that something else is using port 80 but I can't find out what it is. I have tried the usual;
netstat -ln - nothing is listening on port 80
telnet port 80 - connection is refused, suggesting nothing is listening
Does anyone have other suggestions? Can a process still be using the port? I'm stuck at this point.
Cheers
Dave
This is bug in Mono HttpListener I created pull request here: https://github.com/mono/mono/pull/891
Unfortunately I did not find workaround I will try to find robust workaround in Nancy since versions releases are more frequent.
I also found a work around for the issue that involves mapping port 80 to the port your Nacy app has actually bound too.
sudo /sbin/iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
You can undo this using the same command but using -D instead of -A and if you want to check it exists then use -C
Ideally it would be best to use the Nancy patch from #david-karlas or if it comes along a mono fix but if you have to use an old mono version with old Nancy version then this works too.
I am running Fedora 18 with KDE. I opened port 5900 via the GUI yesterday and was using VNC just fine, but then tried to open the port for SMTP via a couple of different methods and now the VNC connection is "closing unexpectedly."
That's a vague error but I'm thinking it is a firewall issue. The problem is that I don't have any graphical way to access the firewall now, just via ssh. I tried adding an IPTABLES line, iptables -A INPUT -p tcp --dport 5900 -j ACCEPT, but that didn't seem to make a difference and when I tried iptables --List there was nothing that appeared to be about port 5900. Did I do the iptables line wrong? Should it be OUTPUT instead of INPUT? -I instead of -A? udp instead of tcp?
I would also like to know why "iptables --List" did not seem to have anything about port 5900 in it. Is it possible that Fedora 18 no longer uses iptables?
Anyone have suggestions? It's been hours since I've had no GUI access and I'm getting desperate... :-)
/sbin/service iptables restart
was the missing ingredient to this puzzle. For some reason /sbin/service firewall restart did not work...
Did you save the iptable before you restarted it with
/sbin/service iptables save