I'm trying to setup LAMP to CentOS7 with a guide. I tried to run these commands to allow HTTP and HTTPS traffic:
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
But system give this error:
FirewallD is not running
So I searched for it then apply these commands:
systemctl enable firewalld
systemctl start firewalld
Then it printed "completed" output but my connection was aborted and I cannot connect to the server with IP:Port with PuTTy anymore.
What should I do? The only access to the server was that way for me. I have no physical access to the server.
It looks like you locked yourself out, as you did not specify that ssh should also be allowed:
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --reload
The guide above seems to assume that ssh is already allowed.
What should I do? The only access to the server was that way for me. I have no physical access to the server.
So at this point the only way to access the server will typically be via the VM console of your hosting provider / virtualisation solution. Almost all providers will allow you access to that console, so you should try to do that. Once logged in via the console, you can then run the above command to allow SSH to regain access via SSH.
Open below file
Vi /usr/sbin/firewalld
#!/usr/bin/python2.7 -Es
-- coding: utf-8 --
Note if your python version is only python o another version then rename it python2.7
then
systemctl start firewalld
Related
I'm trying to configure firewalld on my VPS server and I'm trying to open a port for my postgresql server.
So far, I have done the following:
sudo firewall-cmd --new-zone=postgresqlrule --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=postgresqlrule --add-port=5432/tcp
sudo firewall-cmd --reload
How do I use --add-source to add a wildcard for all ips?
sudo firewall-cmd --permanent --zone=postgresqlrule --add-source= *
The above returns the following error:
[root#centos-s-1vcpu-512mb-10gb-sfo3-01 ~]# sudo firewall-cmd --permanent --zone=postgresqlrule --add-source= *
usage: see firewall-cmd man page
firewall-cmd: error: unrecognized arguments: mysql80-community-release-el9-1.noarch.rpm steam-game-scraper
I basically have to give some classmates access to this database, but I don't want to have to find out each of their IPs. I couldn't find anything related to opening connections to all IPs online.
Go to pg_hba.conf file in this location (/etc/postgresql/12/main) and add the following line at the end:
host all all 0.0.0.0/0 md5
It allows access to all databases for all users.
Restart Postgresql by writing this command service postgresql restart
Resolved! I added my public IP to a different zone so it was already tied to that zone thus refusing connections to anything else.
I removed that source IP, and it's now accepting connections on that port.
I'm running an Oracle Linux 8 instance which I connect to via ssh public key authentication. There I've installed PostgreSQL but I can't seem to access it locally (from DBeaver for example).
I've made these following changes:
set listen_addreses to '*' at the postgresql.conf
added "host all postgres 0.0.0.0/0 md5" at the end of pg_hba.conf
I added postgresql to the firewall by running
sudo firewall-cmd --add-service=postgresql --permanent
sudo firewall-cmd --reload
I even tried disabling the firewall with
sudo systemctl stop firewalld
sudo systemctl disable firewalld
without any success.
And of course I restarted postgresql after the changes with
sudo systemctl restart postgresql.service
However nothing was successful. I've had success by making these changes on other servers previously, but not this time.
And yes postgresql is definitely running
Any help would be appreciated. Thank you.
EDIT:
Error message:
OperationalError: connection to server at "<ip address>", port 5432 failed: Connection timed out (0x0000274C/10060)
Is the server running on that host and accepting TCP/IP connections?
Connection details:
I am trying to set remote access for my fresh installed mongod service but it is turning impossible by now.
Database works just fine local but there is no way to make it works remote. These are the steps I have already tried it:
1- I set up Oracle subnet to allow 27017/tcp traffic.
2- Able 27017/tcp traffic in the Oracle Compute firewall.
3- Set up the mongod.conf bindIp property to 0.0.0.0
After that mongod service fails to startup.
Then I changed the bindIp property to my public Oracle Compute ip address and it fails as well.
After that I used the internal ip address of the Oracle Compute, bindIp: 10.0.0.151
$ ip a | grep "net"
Output:
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 10.0.0.151/24 brd 10.0.0.255 scope global enp0s3
inet6 fe80::17ff:fe0c:78d6/64 scope link
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
The mongod service now startup properly but it is not possible to connect to the database from a remote system. I get the following error when trying to connect from my desktop system using mongosh on windows 11.
MongoServerSelectionError: connect ETIMEDOUT server_ip:27017
I would really appreciate any help. Thanks.
Do you have egress security rule? Is there an NSG in place? Do you have IG and proper routing?
Can you create a network stack and post it?
PS: Autonomous DB now comes with MongoDB API, you can try that as well.
I don't know if you still need help, but just in case if you do and for anyone in the future that may have a similar issue, I just got my remote connection to my OCI (Oracle Cloud instance) MongoDB server working.
Here are the steps I took to get it working.
You first need to have an Ingress Rule in the Default Security List for your OCI's subnet to allow TCP connections from your remote computer IP (the computer that will connect remotely to your OCI) to port number 27017 (Mongo's default port unless you changed it).
To get to the page to setup an Ingress Rule follow this article from steps 1-7:
When you've reached step 7, the page should be similar to the image below.
In the input for "Source CIDR", type the public IP address of the computer that will connect to your OCI remotely. If you don't know it's public IP, then on the computer that will connect remotely to your OCI, go to this website. The public IP address will be next to IPV4. Back in the Source CIDR input, following the public IP address, add the IP subnet mask to determine the amount of IPs the rule is for. For example, 100.0.0.0/24 will cover the IPs 100.0.0.0 - 100.0.0.255 while 100.0.0.23/32 will only cover that one specific IP.
Under IP Protocol, select TCP if it's not already selected.
Under Destination Port Range, type 27017 (or the port number your MongoDB server is using if you changed it from its default).
Under Description, you can write whatever you want or leave it blank.
To save the new rule, click on Add Ingress Rules.
Inside of your OCI (aka you've SSH into it), setup Mongo's config file.
Mongo's configuration file should be located at /etc/mongod.conf
Open the file and under net, set the bindIp to 0.0.0.0
Restart Mongo Service and check that it's running.
Restart command: sudo systemctl restart mongod
Status check command: sudo systemctl status mongod
(If not running) Start service command: sudo systemctl start mongod
You should see the service as active.
Lastly, we need to set up the firewall permissions.
I've made the mistake of spending hours on hours trying to figure out why my firewall rules weren't working when I knew I had set things up correctly. Well, it turns out that using ufw is ineffective and that you should use firewalld instead.
Make sure that ufw is disabled by typing the command sudo ufw status. It should show it as inactive. If it's active, you can disable it with the command sudo ufw disable. Then check the status of it again to make sure it's disabled.
To install firewalld, enter the command sudo apt install firewalld
To open port 27017 (or the port you set your Mongo server to), type in the command sudo firewall-cmd --add-port PORT#/tcp --permanent while changing PORT# to the port of your Mongo server. The --permanent tag makes the rule exist even after the firewall is reloaded or if the OCI is rebooted. An example of the command using the default Mongo server port is sudo firewall-cmd --add-port 27017/tcp --permanent
If you need to undo the command, type the same command but change --add-port to --remove-port. An example of that is sudo firewall-cmd --remove-port 27017/tcp --permanent
Lastly, we just need to restart firewalld with the command sudo firewall-cmd --reload
To make sure that the port was added, type in sudo firewall-cmd --list-all and under ports, you should see the port you added. Now from your remote computer, you should be able to connect to the Mongo server on your OCI by using the public IP address of your OCI (the same address you used to connect to the OCI through SSH).
I am trying to use mongoDB in Linux mint 19. But I am getting below error.
What is the solution ?
You're starting the mongo shell client, which by default tries to connect to a mongod server running on localhost and listening on port 27017. However, there is no server listening there so the mongo shell notes that and exits.
You'll need to investigate why there was no mongod server listening there:
The MongoDB Server package isn't installed
You're specifying a non-default port in e.g. /etc/mongod.conf
The mongod process/service is not running
...
First verify that the Server package is installed:
sudo dpkg -l | grep -i ".*mongodb.*server"
Then check the status of the mongod service and go from there. That will tell you if it's running, what port it's listening on, what config file is used, etc.
sudo systemctl status mongod
If it's not running then try to start it:
sudo systemctl start mongod
If it's still not running then look at the log messages:
sudo journalctl -u mongod.service
We have installed couchdb on Centos 7 and we are having issues connecting to it from the internal IP address or public IP address on an Amazon Centos Image. This message I am getting:
curl: (7) Failed connect to <public_ip>:5984; Connection refused
curl: (7) Failed connect to <internal_ip>:5984; Connection refused
But if I hit it locally it will work no problem:
curl 0.0.0.0:5984
Response: {"couchdb":"Welcome","uuid":"b320fd3c83007007ce2a620ef8930df4","version":"1.6.1","vendor":{"name":"The Apache Software Foundation","version":"1.6.1"}}
So I'm confident it's either a network issue or firewall issue.
This is what I did:
Centos 7 (AMI: ami-96a818fe)
Installed erlang and couchdb
yum update
Setup a firewall:
sudo yum install firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --get-active-zones (made sure we have public available)
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --permanent --zone=public --add-port=5984/tcp
Implement changes:
sudo firewall-cmd --reload
Made sure it's all there:
sudo firewall-cmd --permanent --list-all
Created a security group opened to the world:
Type Protocol Port Range Source
All TCP TCP 0 - 65535 0.0.0.0/0
Anything else I am missing? Seems like Amazon is all set but why can't I hit this machine from the public IP for this port or internal IP on the machine for this port?
Thanks
I believe your --add-* commands are not taking immediate effect, due to the --perm options. The --reload may not pull in permanent changes. Try this again without --perm and see if the port actually opens:
sudo firewall-cmd --zone=public --add-port=5984/tcp
You usually want to experiment with commands like that, and then only add --permanent once you know they’re working as intended.