I have an issue that I have been trying to resolve but cannot figure out what is going on. I have various web servers and they all have apache installed on them. They are all on the same network but one is giving me an issue.
I have servers (.44, .45 and .46)
I can ssh into .44 and ping .45 and .46 with no issues. However when I try to test and see if port 80 is open, .45 gives me this message.
someadminuser#somelocation:/var/www$ telnet 10.0.0.45 80
Trying 10.0.0.45...
telnet: Unable to connect to remote host: Connection refused
Here is the same test on .46
someadminuser#somelocation:/var/www$ telnet 10.0.0.46 80
Trying 10.0.0.46...
Connected to 10.0.0.46.
Escape character is '^]'.
So I ssh into .45 to see the port.
someadminuser#somelocation:~$ netstat -tulpn | grep :80
(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
someadminuser#somelocation:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:httpflags:
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Any help will be greatly appreciated.
****************UPDATE****************
I saved my ipv4 table and this is what i got:
# Generated by iptables-save v1.4.12 on Thu May 29 14:05:31 2014
*nat
:PREROUTING ACCEPT [3416:231940]
:INPUT ACCEPT [1175:75880]
:OUTPUT ACCEPT [337:25196]
:POSTROUTING ACCEPT [337:25196]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
Of course, there is more to it but this part look suspicious.
So the server is redirecting connections to local port 80 to local port 3000. Presumably there is nothing listening on port 3000 and that is why you are seeing the "connection refused".
If the working servers don't have this configuration, then you need to remove (or fix) the iptables. If the other servers do have that, then you need to figure out what they have running on port 3000 and why the failing server does not have the same.
Related
i deploy website on Apache server and curl IP address to give 200 status.
**But ** i try to open website in browser, the website took too long respond
My Setting:
Server : Centos 7
already run command
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT&
&
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
network:
Proto localaddress State Program name
tcp 0.0.0.0:80 LISTEN httpd
tcp 0.0.0.0:443 LISTEN httpd
how do i troubleshoot where is wrong & fix the problem?
I am trying to receive data on port 443 and forward that to my coturn server listening to port 5349.
I want this set up so that my webRTC app can connect over 443 but without my coturn server having root access(for privilege port 443).
In my /etc/ufw/before.rules I have below entries
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5349
COMMIT
When I test my turn setup at https://test.webrtc.org/ using 443 port I get:
Udp disabled
Relay connectivity timed out
Reflexive connectivity timed out
But using using port 5349 it seems to work.
I have all needed ports open in ufw. I tried with ufw disabled too.
Do I need to add any other changes for port forwarding like adding entry OUTPUT(which I don't know how to add, though).
Do I need to add the rule entry for IPv6 too (/etc/ufw/before6.rules)?
I added these to the before.rules file
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5349
-A PREROUTING -p udp --dport 443 -j REDIRECT --to-port 5349
:OUTPUT ACCEPT [0:0]
-A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 5349
-A OUTPUT -o lo -p udp --dport 443 -j REDIRECT --to-port 5349
COMMIT
I am not sure if it is ok. But at the moment this seems to work. I am still open for suggestion. Please give me suggestions to improve what I have done so far
I am getting hit with small HTTP floods on my apache server running port 80 which is proxying tomcat on port 8080.
Now what is happening is this is causing tomcat to create 100s - 1000s of sessions depending on how many clients get passed the cloudflare firewall(s) and my server ones (I have libapache2-mod-qos installed for my Apache server).
IPTABLES:
/sbin/iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-upto 50/min \
--hashlimit-burst 500 --hashlimit-mode srcip --hashlimit-name http -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
example:
Now this is causing major issues for me and if someone could help shed some light on how to get around this I would be greatful.
mod-qos conf:
<IfModule qos_module>
# handle connections from up to 100000 different IPs
QS_ClientEntries 100000
# allow only 50 connections per IP
QS_SrvMaxConnPerIP 10
# limit maximum number of active TCP connections limited to 256
MaxClients 256
# disables keep-alive when 180 (70%) TCP connections are occupied
QS_SrvMaxConnClose 180
# minimum request/response speed
# (deny slow clients blocking the server, keeping connections open without requesting anything
QS_SrvMinDataRate 150 1200
</IfModule>
As far as you know is this legitimate traffic and not part of a DOS / DDOS?
I assume with cloudflare involved it is not however if so then it is best to have an IPS inspect the traffic at an application level and to deny it based on a matching attack signature.
If ligitmate then you will need to assess how the tomcat application is operating based on its code and logs being produced.
Maybe the Tomcat application is requiring the clients to send this data inbound.
My question is for general understanding and not for fixing an issue that I have.
I managed to run iptables -A OUTPUT -p tcp --dport 80 -j REJECT and block http requests. When I ran curl http://b.scorecardresearch.com/beacon.js I've got curl: (7) Failed to connect to b.scorecardresearch.com port 80: Connection refused
Then I deleted the OUTPUT rule and created an INPUT rule iptables -A INPUT -p tcp --dport 80 -j REJECT. I could then access curl http://b.scorecardresearch.com/beacon.js with no problems at all.
I understand why the outgoing request was not blocked but when I make an http request, doesn't the response return on the same port (80) and should be blocked by the INPUT REJECT of port 80?
When you create a TCP connection, the client port is random and different than the destination port (80 here). You can see that by running: netstat -pant in your terminal:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.41:39878 201.15.39.91:80 ESTABLISHED 2270/firefox
That's why blocking the incoming packets that target port 80 doesn't forbid you to reach HTTP servers. However, if you have an HTTP server, it won't be accessible anymore on port 80.
I am trying to run AMQP with bunny and event machine. Whenever I try to use a worker, bunny complains about the following: Could not establish TCP connection to any of the configured hosts
I don't see port 5672 anywhere when I run netstat. Further, the output of nmap -p 5672 0.0.0.0 gives the following:
Nmap scan report for 0.0.0.0
Host is up (0.000092s latency).
PORT STATE SERVICE
5672/tcp closed amqp
My configuration file ($HOME/etc/rabbitmq/rabbitmq.config is as follows:
[{mnesia, [{dump_log_write_threshold, 1000}]},
{rabbit, [{tcp_listeners, [5672]},
{cluster_nodes, {['rabbit#jordan-dev'], disc}}
]}].
Could anybody explain to me why rabbitmq can not connect to the tcp port specified in the configuration file?
Is your firewall configured properly?
Try telnet ip port from some machine is see if it's reachable. If it's not reachable then add the firewall rule.
iptables -A INPUT -p tcp --dport 5672 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 5672 -j ACCEPT