Prologue:
I would like to make my site live from my PC(Just for some testing).
In Windows, I just click on the WAMP icon in my tray and it gives me an option to "Put Online", meaning anyone on the internet can access the site if I give them the link(with my ip in it)
Current Situation:
I have switched to CentOS and can't find an option to make it online. I thought that there will be a switch in httpd.exe like
/etc/init.d/httpd restart
But I cant find proper answer with google. Help me out
One question, local your server work?
If so take a look at Small overview for iptables and Port 80
First of all make sure that the following is given:
I) In your httpd.conf look for:
#Listen 12.34.56.78:80
Listen 80
Make sure that Listen 80 is active (or the Port you want to use for)
II) Check your IPTABLES or your Firewall if the Port 80 is free to connect
You have to be a super user to accomplish it.
Open flle /etc/sysconfig/iptables:
vi /etc/sysconfig/iptables
This is the standard procedure
Append the following line and save
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
However this did not work for me so I deleted the lines which had "REJECT" in it and it worked
Do not forget to restart iptables service
service iptables restart
Thanks to donald123
Related
I have a container setup with LXD running several wordpress webpages (apache2)
All is working fine.
I added portforwarding by:
lxc config device add CONTAINER lxd_proxy_port80 proxy listen=tcp:0.0.0.0:80 connect=tcp:INTERNALIP:80
…and same for port 443. Thats all working correctly.
Unfortunately I cannot see originating IP’s in my apache2 logs (var/log/apache2/access.log) but only see the local IP.
By using iptables I wanted to change this. I did:
iptables -A FORWARD -p tcp -d LOCALIP --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d LOCALIP --dport 80 -j ACCEPT
and deleting my proxy device with
lxc config device remove CONTAINER lxd_proxy_port80
lxc config device remove CONTAINER lxd_proxy_port443
I can actually access files on my server correctly and I also see now my external IP in the apache2 access logs.
However, wordpress does not reach update-servers anymore (external) and seems to have problems reaching the outside world and one of my wordpress pages cannot access the index.php file anymore (it hangs loading). I suppose the latter effect is due to some external content not being loaded correctly.
Could you help me understand what is going on?
This conversation answers the questions:
https://discuss.linuxcontainers.org/t/iptables-apache-in-lxd-container/6143
A good video on this:
https://www.youtube.com/watch?v=1p-fbS_OYTg
My solution did end up working by adding a -d MYIP/32 in the iptables rule to only make it apply for incoming traffic.
I have a GCE Instance a Debian 1v CPU & 1.7GB. Then I followed the below tutorial and installed webmin on it.
https://www.howtoforge.com/tutorial/how-to-install-webmin-on-ubuntu-15-04/
The installation went successfully. Then I Created a Firewall exception on using the UFW and allowed port 10000.
sudo ufw allow 10000/tcp
But I was not able to access Webmin through the browser.
https://my-gce-instance-ip-address:10000.
Then i created firewall exception using the Google Cloud Console. Again tried the url it didnt work.
Then i thought this might be because of webmin is https mode. So i open the /etc/webmin/miniserv.conf and changed ssl=0. After that i restarted the webmin.
/etc/init.d/webmin restart
Then I tried the the url with Http, still I can't access.
I tried below command and checked the output. Accordingly Webmin is correctly running and listening on port 10000.
netstat -tulpn | grep :10000.
I can't seem to think what I am doing wrong. I have now spent several days on this without and solution in sight. Hope someone can kindly help me?
try this ... it's working for me
iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT
service iptables save
/etc/init.d/iptables restart
open both link in Browser
https://your-IP:10000
and
http://your-IP:10000
you need to allow port 10000 from iptables
sudo iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
this work for me
i'm using ubuntu 16.04
You don't need to do any firewall configuration in the instance itself. All firewall configuration is done in the Google Cloud console.
The steps I typically follow, as you show to have figured out in your comment, are:
Create the firewall rule, in it opening the particular port you need (10000 in the case of Webmin) for ingress TCP traffic, accepting connections from some IP range (e.g. 0.0.0.0/0), and specifying target tags to be later assigned to instances to which that rule shall apply.
Add one of those tags to the "network tags" section of some particular instance.
This alone should work, opening the port for your instance in the firewall.
I was almost creating another question here on SO when yours was suggested as a possible duplicate. I had followed the steps above on my Webmin machine, and yet the machine refused to connect on port 10000. As I kept writing the question, I figured out my particular problem: in the firewall rule, in the source IP range filter, I set the single meta-address 0.0.0.0 instead of the range 0.0.0.0/0. So, to anyone who has followed the steps above and still can't connect to their webmin installation, do check if your source range filter is correctly set.
I want to make sure that the only network traffic on my linux CentOS server is my own.
All my server runs is a Tomcat instance with one servlet. This servlet takes a parameter, which is a URL to download. It will download from that url, and pass the contents back to the calling program through the usual http response.
I want to block all network traffic to this server except
1) Ability to ssh
2) Ability to download from host abc.xyz.com
3) Ability for server with IP 111.222.333.444 to download from me
Can someone please tell me the commands to do this in iptables? I tried finding this out myself but I was a bit out my depth with the lingo.
thanks
Configuring a firewall is simple, first of all select what ports you want to be open.
For example Webserver ports:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
For example SSH port:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
In any way your server is able to download files from other server/hosts.
3) Ability for server with IP 111.222.333.444 to download from me
I suppose that must be port 80, (or any port where the server is downloading from) if your uploading files to your website.
After these steps you need to look if the firewall is configured right:
iptables -L -n
If it's looking good then you're able to save your iptables, and restart the service.
If there is any problem configureren your firewall, please let me know.
I have a self hosted Nancy application running on a Raspberry Pi and I can't get it to bind to port 80!
It works on port 81, 8090 and I even tried other "reserved" ports such as 443. They all work except 80.
I'm starting the app with sudo so it shouldn't be permissions and 81 works too.
sudo mono Lambda.Console.exe
The obvious culprit for this is that something else is using port 80 but I can't find out what it is. I have tried the usual;
netstat -ln - nothing is listening on port 80
telnet port 80 - connection is refused, suggesting nothing is listening
Does anyone have other suggestions? Can a process still be using the port? I'm stuck at this point.
Cheers
Dave
This is bug in Mono HttpListener I created pull request here: https://github.com/mono/mono/pull/891
Unfortunately I did not find workaround I will try to find robust workaround in Nancy since versions releases are more frequent.
I also found a work around for the issue that involves mapping port 80 to the port your Nacy app has actually bound too.
sudo /sbin/iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
You can undo this using the same command but using -D instead of -A and if you want to check it exists then use -C
Ideally it would be best to use the Nancy patch from #david-karlas or if it comes along a mono fix but if you have to use an old mono version with old Nancy version then this works too.
I am running Fedora 18 with KDE. I opened port 5900 via the GUI yesterday and was using VNC just fine, but then tried to open the port for SMTP via a couple of different methods and now the VNC connection is "closing unexpectedly."
That's a vague error but I'm thinking it is a firewall issue. The problem is that I don't have any graphical way to access the firewall now, just via ssh. I tried adding an IPTABLES line, iptables -A INPUT -p tcp --dport 5900 -j ACCEPT, but that didn't seem to make a difference and when I tried iptables --List there was nothing that appeared to be about port 5900. Did I do the iptables line wrong? Should it be OUTPUT instead of INPUT? -I instead of -A? udp instead of tcp?
I would also like to know why "iptables --List" did not seem to have anything about port 5900 in it. Is it possible that Fedora 18 no longer uses iptables?
Anyone have suggestions? It's been hours since I've had no GUI access and I'm getting desperate... :-)
/sbin/service iptables restart
was the missing ingredient to this puzzle. For some reason /sbin/service firewall restart did not work...
Did you save the iptable before you restarted it with
/sbin/service iptables save