I'm getting crazy over this problem for over a week now.
I have a Raspberry Pi (Raspbian lite) directly connected with an ethernet cable to my laptop (Ubuntu), and I want to communicate with my application (running on the pi) over a tcp socket. My Laptop has the ip-adress 10.42.0.1, the pi has the ip-adress 10.42.0.241, I want to send data from to laptop to the pi on port 3000. I'm able log into the pi over ssh (ssh pi#10.42.0.241), and I'm able to ping the ip adress (ping 10.42.0.241 has a positive result).
To test if the port is open and I can send data from my latop to the pi I did on my laptop
$ nc -vl 10.42.0.241 3000
But I got the error
nc: Cannot assing requested adress
I understood that I have to open the port on my laptop and on the pi, so I did on my laptop
$ sudo iptables -A OUTPUT -p tcp --dport 3000 -j ACCEPT
and on the pi
$ sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
and I got an entry in my iptable (on my laptop in the CHAIN output, and on the pi in the CHAIN input) with the following entries
target = ACCEPT; prot = tcp; opt = --; source = anywhere; destination = anywhere; tcp dpt:3000
but the error message stays the same. I can see that there is nothing else blocking the port, because i can do on my laptop (remember, laptop-ip is 10.42.0.1)
$ nc -vl 10.42.0.1 3000
and then in another terminal
$ nc -v 10.42.0.1 3000
which is basically a localhost-connection - this is working perfect.
How do I get this working the pi? Any help is so much appreciated!
I also played around with ufw and some ip-routes, but nothing has helped.
Thanks a lot!
Mario
Related
I have tried to connect to MSSQl Database from raspberry pi. However, I have a few errors coming. I try to telnet the server ip address like that.
telnet 192.168.10.70 1433
Trying 192.168.10.70
Connected to 192.168.10.70
Escape character is '^]'
However,to check if a server has port 1433 listening, I run netstat -ano -p |find “1433” in command prompt but the error is No such file or directory.
So I think running the netstat command on Pi returns no result because there is no port 1433 open on Pi, not server. So anyone knows how to open the port in Pi?
I have used ufw but after it is enabled, I cannot ssh. Do we really need ufw? That's the part I am confusing.
What I want to do is setup two web servers. One will simply deliver normal content to people that request it and one will put minimal strain on the system and strictly deliver an access denied type of message for hackers.
I looked at http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/ for ideas on how to create this redirection based on a bad IP address and its suggesting:
iptables -t nat -A PREROUTING --src <source address> -p tcp --dport <new server port number> -j REDIRECT --to-port <new server port number>
I then tested that theory by trying the following on a computer without internet but with apache server running on port 80 and nothing on port 81:
iptables -t nat -A PREROUTING --src 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-port 81
I then typed in 127.0.0.1 in my web browser and received the same apache response as usual. Instead, I expected a browser message that it could not connect to the remote server.
How to I adjust the iptables command to make computers from listed IP in --src redirect from 127.0.0.1 port 80 to 127.0.0.1 port 81?
I understand I can use apache or php and even apache modules and all that for the redirection but I'm trying to use the least system-intensive approach and I want hackers to have the least amount of system resources available to them so that real visitors can enjoy a quality website, however
I want them to be able to see a message because if a real person gets blocked by accident then at least they can understand what's going on from an error message instead of a connection drop.
Packets on the loopback interface (127.0.0.0/8) don't pass through the NAT tables. Try using an external computer for the test.
So I'm using AWS using EC2 and I'm trying to open up a port for Postgresql. In AWS I already have it open:
TCP
Port (Service) Source Action
0 - 65535 sg-92aadda2 (default) Delete
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
5432 0.0.0.0/0 Delete
When I do netstat it looks as though the port is listening:
# netstat -an | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
When I do a localhost nmap I get the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp open postgresql
And here's where the fun begins. When I do an nmap from an alternative host I get the following:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp closed postgresql
I also looked at my iptables to see if I was missing something, but the iptables look empty (which should mean they aren't really doing much)
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Am I missing something cause I can't seem to figure out how to access the ip. Whenever I try I get the following error:
Is the server running on host "xx.xx.xx.xx" and accepting TCP/IP connections on port 5432?
How do I make it so that I can open up the port so that external servers have access to it? Thanks in advance =) Lemme know if you need any additional data.
EDIT: As asked below, I tested telnetting, and I was able to telnet into the localhost, but when attempting from the outside I get:
$ telnet xx.xx.xx.xx 5432
Trying xx.xx.xx.xx...
telnet: Unable to connect to remote host: Connection refused
Also, I double checked and I was properly able to telnet into ssh:
$ telnet xx.xx.xx.xx 22
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
Edit /etc/postgresql/<version>/main/postgresql.conf and set the listen_addresses to your outgoing interface or all. Restart postgresql: sudo service postgresql restart.
It works for me the last method (thks Julio):
Edit: postgresql.conf
sudo nano /etc/postgresql/9.3/main/postgresql.conf
Enable or add:
listen_addresses = '*'
Restart the database engine:
sudo service postgresql restart
Besides, you can check the file: pg_hba.conf
sudo nano /etc/postgresql/9.3/main/pg_hba.conf
And add your network or host address:
host all all 192.168.1.0/24 md5
If you have edited postgresql.conf and main/pg_hba.conf and still having a problem, please try
sudo ufw allow 5432/tcp
to unblock psql port
In case you are using docker to connect to the host's postgresql you have to use the host's ip which you can obtain by running ip addr show docker0 hope it helps someone.
I'm trying to test the demos provided by the Red5 media server. I'm interested more exactly in the Simple Broadcaster app.It works fine when I test it on my machine (OS Ubuntu 12.04 - Mozilla Firefox), but when I try to connect from a different machine on the local network the connect button on that machine does nothing (Windows 7 - Mozilla Firefox/Internet Explorer). I know flash player is installed and updated to the latest version.
Do you have any suggestions? Thanks!
The ports that the Red5 server uses need to be opened on your local machine for others to be able and connect to it. So basically what you need to do is open ports 5080 and 1935.
I used these commands in the terminal:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5080 -j ACCEPT
and
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 1935 -j ACCEPT
I'm running memcached, but can't connect. How should I start to debug this? Something appears to be stopping me connecting.
ps -elf | grep memcached
0 S lee 10744 529 0 80 0 - 30529 ep_pol 03:36 pts/22 00:00:00 /usr/bin/memcached -m 512 -p 11211 -u nobody -l 127.0.0.1
(Memcached is definitely running)
But when I try to telnet in, I get a timeout.
telnet 127.0.0.1 11211
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection timed out
Any advice would be appreciated.
Ensure that the local loopback network interface is running. It sounds like you're using a Unix system, so I would recommend running /sbin/ifconfig to see if a section labeled lo with the IP address (labeled as the inet addr) 127.0.0.1 is up and running. If not, run ifdown lo then ifup lo, this should get it going. Read your /etc/hosts file to make sure that localhost or you machine's name is bound to 127.0.0.1. And if your machine is using ipchains or iptables, ensure that those are configured to let traffic pass to 127.0.0.1 from 127.0.0.1.
These things are all fine 99% of the time, but being unable to connect to localhost is indeed odd, so a sanity check is in order.
Make sure you don't have any firewall enabled. In my case I found following entries for iptables:
target prot opt source destination
ACCEPT tcp -- example.com.internal anywhere tcp dpt:11211
ACCEPT udp -- example.com.internal anywhere udp dpt:11211
DROP tcp -- anywhere anywhere tcp dpt:11211
DROP udp -- anywhere anywhere udp dpt:11211
They allow connection only from the example.com.internal and deny from anywhere else, including localhost. To fix that I added specific rule for localhost:
ACCEPT tcp -- localhost anywhere tcp dpt:11211
ACCEPT udp -- localhost anywhere udp dpt:11211