Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have installed apache on my server however I can not browse my website through my server's IP. the setup of the apache is a single account server under /var/www/htdocs/.
Is there anything else I need to do to be able to see the account via my server's IP?
There are several possibilities.
firewall, iptables configuration
apache listen address / port
More information is needed about your configuration. What distro are you using? Can you connect via 127.0.0.1?
If the issue is with the firewall/iptables, you can add the following lines to /etc/sysconfig/iptables:
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(Second line is only needed for https)
Make sure this is above any lines that would globally restrict access, like the following:
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Tested on CentOS 6.3
And finally
service iptables restart
Did you restart the server after you changed the config file?
Can you telnet to the server from a different machine?
Can you telnet to the server from the server itself?
telnet <ip address> 80
telnet localhost 80
Related
I want to make sure that the only network traffic on my linux CentOS server is my own.
All my server runs is a Tomcat instance with one servlet. This servlet takes a parameter, which is a URL to download. It will download from that url, and pass the contents back to the calling program through the usual http response.
I want to block all network traffic to this server except
1) Ability to ssh
2) Ability to download from host abc.xyz.com
3) Ability for server with IP 111.222.333.444 to download from me
Can someone please tell me the commands to do this in iptables? I tried finding this out myself but I was a bit out my depth with the lingo.
thanks
Configuring a firewall is simple, first of all select what ports you want to be open.
For example Webserver ports:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
For example SSH port:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
In any way your server is able to download files from other server/hosts.
3) Ability for server with IP 111.222.333.444 to download from me
I suppose that must be port 80, (or any port where the server is downloading from) if your uploading files to your website.
After these steps you need to look if the firewall is configured right:
iptables -L -n
If it's looking good then you're able to save your iptables, and restart the service.
If there is any problem configureren your firewall, please let me know.
I have absolutely no doubt that this is human error due to the fact I have no real clue what I am doing.
I recently installed pptp on my ubuntu 12.04 server so that I can vpn as the server.
However I have obviously open/closed the wrong ports.
Apache starts perfectly as you would expect.
I followed these instructions, point being. I believe my 443 port is closed or similar.
Silly really wasn't it.
Port was closed as I suspected:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 443 -j ACCEPT
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 months ago.
Improve this question
How can I dynamically (programatically) block IP addresses using Config Server Security & Firewall?
I am on Centos (linux) with cPanel & WHM
You can deny an ip in csf as below but need to refresh csf because every service apply changes after restart or refresh.
Deny IP
csf -d IPaddress
Refresh:
csf -r
how to block IPs without restarting CSF
Restarting csf by csf -r is not an big deal. You don't need to do any precautions to do this. So blocking IP with or with out csf restart is of same effect.
csf works along with iptables so for denying IP you can use "csf -d IP" instead of writing iptable rules.
csf eases the firewall works. :)
The other answers here appear to be out of date now. It is no longer necessary to reload CSF after blocking an IP address. Here is some example output:
sudo csf -d 10.0.0.1 do not delete
Adding 10.0.0.1 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 10.0.0.1 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 10.0.0.1
And here is a thread on the CSF forum confirming it.
I have tested blocking few IPs without restarting and it works. You only need to restart if you remove IP from csf.deny eg:
csf -dr 1.1.1.1
csf -r
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When I ping my server, it responds:
user#localhost:~$ ping my.server
PING my.server (111.111.111.11) 56(84) bytes of data.
64 bytes from my.server (111.111.111.11): icmp_req=1 ttl=42 time=38.4 ms
64 bytes from my.server (111.111.111.11): icmp_req=2 ttl=42 time=50.0 ms
64 bytes from my.server (111.111.111.11): icmp_req=3 ttl=42 time=58.6 ms
^C
--- my.server ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 38.419/49.037/58.637/8.287 ms
but when I try to ssh (something that I always do, and have been doing for the past few hours on the same connection), it hangs:
user#localhost:~$ ssh my.server
http://speedtest.net says that my connection has 1.5 Mbps download and 0.4 Mbps upload speed.
Is there a reason that ssh hangs?
Results from suggestions provided in answers
from #nsfyn55
user#localhost:~$ telnetmy.server 22
Trying 111.111.111.11...
Connected to my.server
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
Connection closed by foreign host.
from #vahid:
user#localhost:~$ nc -v -w 1 111.111.111.111 -z 22
nc: timeout cannot be negative
ping (ICMP protocol) and ssh are two different protocols.
It could be that ssh service is not running or not installed
firewall restriction (local to server like iptables or even sshd config lock down ) or (external firewall that protects incomming traffic to network hosting 111.111.111.111)
First check is to see if ssh port is up
nc -v -w 1 111.111.111.111 -z 22
if it succeeds then ssh should communicate if not then it will never work until restriction is lifted or ssh is started
Find out two pieces of information
Whats the hostname or IP of the target ssh server
What port is the ssh daemon listening on (default is port 22)
$> telnet <hostname or ip> <port>
Assuming the daemon is up and running and listening on that port it should etablish a telnet session. Likely causes:
The ssh daemon is not running
The host is blocking the target port with its software firewall
Some intermediate network device is blocking or filtering the target port
The ssh daemon is listening on a non standard port
A TCP wrapper is configured and is filtering out your source host
On the server, try:
netstat -an
and look to see if tcp port 22 is opened (use findstr in Windows or grep in Unix).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Here is my situation
I could access Server A from my home laptop via ssh.
Server B is only accessible from Server A via ssh.
Server C is only accessible from Server B via ssh.
Is there anyway that I could configure my .ssh/config so that I could ssh to Server C directly from my laptop ? I need this because I need regularly transfer files from Server C back to my laptop. I'm using 'scp' but go through this ssh hierarchy manually is too painful. I'm wondering whether there's a more straight-forward to do this via the magic of ssh.
You want to set up SSH tunnels to to allow SSH like this:
A => B
B => C
Here's an example of how to setup the tunnel to B through A on Linux:
ssh -f myusername#hostA -N -L 4444:hostB:22
Then, you should be able to ssh to port 4444 on hostA, and have that forwarded to port 22 (where SSH commonly runs) on hostB. After running the above command, try this:
ssh -p 4444 hostA
That should connect you to hostB. You may have to change ports for this to work, if port 4444 on hostA is already being used you'll have to pick a different port. Assuming that this works, you can use the same command with different hostnames to set up the tunnel from B => C:
ssh -f myusername#hostA -N -L 4444:hostB:4444
ssh -f myusername#hostB -N -L 4444:hostC:22
This is also useful if you want to set up a SOCKS proxy for web browsing. I do this so that my web traffic looks like it's coming from my university, so that I can use online access to scientific journals.
References:
Tunneling protocol
Breaking firewalls with OpenSSH and Putty
How to create an SSH tunnel using Putty, and then use that tunnel as a Firefox SOCKS proxy