I have a cloud Ubuntu VM which is in some resource group of company's subscription.
I do not have access to azure portal.
I had opened up the ports whichever relevant in azure portal while choosing Virutal Machine. Now I need some more ports to gets opened up, wherein I have hurdles and complications regards to that.
Command ip address gives following ip for eth0 as it is default configuration.
inet 10.0.0.4/24
Wherein some dynamic ip assigned to this host 13.71.17.175 by azure, using which we access services whichever we run. I do not know how this routing happens. Now I need to open up few more ports, and I do not have access to azure portal.
I observed uncomplicated firewall,- ufw enablement works but leads to complication, as it overrides firewall configurations, I need to completely port all firewall configurations including ssh port,- 22 provisioning.
So sudo ufw enable is very dangerous on azure cloud Linux variant VMs. On the same pact we should do sudo ufw disable, else it is lockout situation if ssh port not provisioned by ufw. Once in fact I had requested my Senior Folk and ran the command sudo ufw disable through some Azure Virtual Machine Serial Console for the UbuntuVM
Now my question is basically,
sudo ufw allow from any to any port 18081 proto tcp
is not working.
After it is done, as per my observation, I am not able to access http:\\13.71.17.175:18081\
What ufw command I have to run in order to bridge 10.0.0.4 with dynamic ip assigned to host in azure portal,- 13.71.17.175
Service runs on 0.0.0.0:18081 and it is nexus service
$ netstat -tuplen|grep 18081
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:18081 0.0.0.0:* LISTEN 0 114209 -
From my machine, somehow test-netconnection 13.71.17.175 -p 18081 succeeded in powershell. But I do not know why http:\\13.71.17.175:18081\ didn't turn up.
And one more important thing, even restart of UbuntuVM in azure portal didn't turn off ufw.
Once this port is up & running, I have to port all firewall configuration to uncomplicated firewall,- ufw, that's how I could succeed with my config. and I do not have any other choice.
Now I had configured all the ports and enable ufw, but it looks like it requires restart. And I didn't do any bridging or routing to any other ip, rather opened up the ports in the present system. In order to enable ufw, system restart is required.
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
I had opened all the required ports say,
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow from any to any port 3306
sudo ufw allow from any to any port 18081
sudo ufw allow from any to any port 15672
sudo ufw allow from any to any port 8081
sudo ufw allow from any to any port 5672
sudo ufw allow from any to any port 5671
Here if ssh is not provisioned, then I have to go back to Azure portal to disable ufw :(
Related
I am trying to set remote access for my fresh installed mongod service but it is turning impossible by now.
Database works just fine local but there is no way to make it works remote. These are the steps I have already tried it:
1- I set up Oracle subnet to allow 27017/tcp traffic.
2- Able 27017/tcp traffic in the Oracle Compute firewall.
3- Set up the mongod.conf bindIp property to 0.0.0.0
After that mongod service fails to startup.
Then I changed the bindIp property to my public Oracle Compute ip address and it fails as well.
After that I used the internal ip address of the Oracle Compute, bindIp: 10.0.0.151
$ ip a | grep "net"
Output:
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 10.0.0.151/24 brd 10.0.0.255 scope global enp0s3
inet6 fe80::17ff:fe0c:78d6/64 scope link
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
The mongod service now startup properly but it is not possible to connect to the database from a remote system. I get the following error when trying to connect from my desktop system using mongosh on windows 11.
MongoServerSelectionError: connect ETIMEDOUT server_ip:27017
I would really appreciate any help. Thanks.
Do you have egress security rule? Is there an NSG in place? Do you have IG and proper routing?
Can you create a network stack and post it?
PS: Autonomous DB now comes with MongoDB API, you can try that as well.
I don't know if you still need help, but just in case if you do and for anyone in the future that may have a similar issue, I just got my remote connection to my OCI (Oracle Cloud instance) MongoDB server working.
Here are the steps I took to get it working.
You first need to have an Ingress Rule in the Default Security List for your OCI's subnet to allow TCP connections from your remote computer IP (the computer that will connect remotely to your OCI) to port number 27017 (Mongo's default port unless you changed it).
To get to the page to setup an Ingress Rule follow this article from steps 1-7:
When you've reached step 7, the page should be similar to the image below.
In the input for "Source CIDR", type the public IP address of the computer that will connect to your OCI remotely. If you don't know it's public IP, then on the computer that will connect remotely to your OCI, go to this website. The public IP address will be next to IPV4. Back in the Source CIDR input, following the public IP address, add the IP subnet mask to determine the amount of IPs the rule is for. For example, 100.0.0.0/24 will cover the IPs 100.0.0.0 - 100.0.0.255 while 100.0.0.23/32 will only cover that one specific IP.
Under IP Protocol, select TCP if it's not already selected.
Under Destination Port Range, type 27017 (or the port number your MongoDB server is using if you changed it from its default).
Under Description, you can write whatever you want or leave it blank.
To save the new rule, click on Add Ingress Rules.
Inside of your OCI (aka you've SSH into it), setup Mongo's config file.
Mongo's configuration file should be located at /etc/mongod.conf
Open the file and under net, set the bindIp to 0.0.0.0
Restart Mongo Service and check that it's running.
Restart command: sudo systemctl restart mongod
Status check command: sudo systemctl status mongod
(If not running) Start service command: sudo systemctl start mongod
You should see the service as active.
Lastly, we need to set up the firewall permissions.
I've made the mistake of spending hours on hours trying to figure out why my firewall rules weren't working when I knew I had set things up correctly. Well, it turns out that using ufw is ineffective and that you should use firewalld instead.
Make sure that ufw is disabled by typing the command sudo ufw status. It should show it as inactive. If it's active, you can disable it with the command sudo ufw disable. Then check the status of it again to make sure it's disabled.
To install firewalld, enter the command sudo apt install firewalld
To open port 27017 (or the port you set your Mongo server to), type in the command sudo firewall-cmd --add-port PORT#/tcp --permanent while changing PORT# to the port of your Mongo server. The --permanent tag makes the rule exist even after the firewall is reloaded or if the OCI is rebooted. An example of the command using the default Mongo server port is sudo firewall-cmd --add-port 27017/tcp --permanent
If you need to undo the command, type the same command but change --add-port to --remove-port. An example of that is sudo firewall-cmd --remove-port 27017/tcp --permanent
Lastly, we just need to restart firewalld with the command sudo firewall-cmd --reload
To make sure that the port was added, type in sudo firewall-cmd --list-all and under ports, you should see the port you added. Now from your remote computer, you should be able to connect to the Mongo server on your OCI by using the public IP address of your OCI (the same address you used to connect to the OCI through SSH).
I've successfully installed MongoDB on Windows (on a local machine) as a service, but now I want to move MongoDb to a separate server. So I extracted the tarball to a virtual server on network (running linux).
When I connected to the server ("testmongoserver") using PuTTY from my local machine, I started the mongod server and it told me that it was listening to the default 28017 port. The mongo console is also working and allowed me to create a new database (testdb) and add users to it.
However, I could not access the server from remote. When I type testmongoserver:28017 it doesn't open the HTTP console as localhost:28017 on my local machine does. I also can't connect using official drivers and providing a connectionstring.
What are the neccesarry steps to install MongoDB on Linux, so that I could access it from a remote machine with a connectionstring and use its HTTP console via testmongoserver:28017
Thanks!
1. Bind IP option
Bind IP is a MongoDB option that restricts connections to specifics IPs.
Have a look at your mongod configuration file, most of the time bind_ip is set to 127.0.0.1 for obvious security reasons. You can:
Add your desired IP by concatenating a list of comma separated values to bind MongoDB to multiple IP addresses.
Remove or comment (with # character) the bind_ip line. But be aware that all remote connection will be able to connect your MongoDB server!
More about bind_ip configuration option: https://docs.mongodb.com/manual/reference/configuration-options/#net.bindIp
Bind IP can also be set as a command argument: http://docs.mongodb.org/manual/reference/program/mongod/#cmdoption--bind_ip
2. Firewall
Check that you are not running behind a firewall
Make sure in your /etc/mongodb.conf file you have the following line,
bind_ip = 0.0.0.0
http://jitu-blog.blogspot.com.br/2013/06/allow-mongo-to-connect-from-remote-ip.html
Run netstat -a on mongo server and check a port.
Check DNS settings and check that linux server allows external connections.
Check that mongodb can accept external/remote connection.
Default port for mongo is 27017.
28017 - port for webstats.
See http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-Ports
Just had this issue and this fixed it:
Edit /etc/mongod.conf with sudo nano /etc/mongod.conf ensure that the net section looks like below (localhost binding by default doesn't allow for remote access):
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
Make sure to restart mongod when you are done with above with below (assuming systemd ubuntu 16.04+ etc.):
sudo service mongod restart
Obviously from a security perspective if you are going to be opening up mongo to your network/the world be aware of the implications of this (if any)
Another problem may be that the mongodb port is not enabled. Check, from another host, the ports enabled on your server. For that you can use the command:
sudo nmap -P0 your_server_ip
You can get an answer like this:
Host is up (0.052s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
If you use a virtual server in the cloud, as AWS, you need to add a new rule to add mongodb port (27017 by default).
Important: Note that with this configuration anyone can have access to your database
I fixed by below reference :
https://medium.com/founding-ithaka/setting-up-and-connecting-to-a-remote-mongodb-database-5df754a4da89
Actually, first i changed my bindIp from 127.0.0.1 to 0.0.0.0 in mongod.conf,
and enable security:
security:
authorization: "enabled"
then i restarted mongod using sudo service mongod restart.(because of new changes in mongod.conf), after that set firewall to open mongod running port (by iptables) and create a new user in admin db with new access (based on this link : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac), finally test open ports in my server from outside with (https://www.yougetsignal.com/tools/open-ports/) and connected successfully to remote mongod using mongocompass.exe.
I've successfully installed MongoDB on Windows (on a local machine) as a service, but now I want to move MongoDb to a separate server. So I extracted the tarball to a virtual server on network (running linux).
When I connected to the server ("testmongoserver") using PuTTY from my local machine, I started the mongod server and it told me that it was listening to the default 28017 port. The mongo console is also working and allowed me to create a new database (testdb) and add users to it.
However, I could not access the server from remote. When I type testmongoserver:28017 it doesn't open the HTTP console as localhost:28017 on my local machine does. I also can't connect using official drivers and providing a connectionstring.
What are the neccesarry steps to install MongoDB on Linux, so that I could access it from a remote machine with a connectionstring and use its HTTP console via testmongoserver:28017
Thanks!
1. Bind IP option
Bind IP is a MongoDB option that restricts connections to specifics IPs.
Have a look at your mongod configuration file, most of the time bind_ip is set to 127.0.0.1 for obvious security reasons. You can:
Add your desired IP by concatenating a list of comma separated values to bind MongoDB to multiple IP addresses.
Remove or comment (with # character) the bind_ip line. But be aware that all remote connection will be able to connect your MongoDB server!
More about bind_ip configuration option: https://docs.mongodb.com/manual/reference/configuration-options/#net.bindIp
Bind IP can also be set as a command argument: http://docs.mongodb.org/manual/reference/program/mongod/#cmdoption--bind_ip
2. Firewall
Check that you are not running behind a firewall
Make sure in your /etc/mongodb.conf file you have the following line,
bind_ip = 0.0.0.0
http://jitu-blog.blogspot.com.br/2013/06/allow-mongo-to-connect-from-remote-ip.html
Run netstat -a on mongo server and check a port.
Check DNS settings and check that linux server allows external connections.
Check that mongodb can accept external/remote connection.
Default port for mongo is 27017.
28017 - port for webstats.
See http://www.mongodb.org/display/DOCS/Security+and+Authentication#SecurityandAuthentication-Ports
Just had this issue and this fixed it:
Edit /etc/mongod.conf with sudo nano /etc/mongod.conf ensure that the net section looks like below (localhost binding by default doesn't allow for remote access):
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
Make sure to restart mongod when you are done with above with below (assuming systemd ubuntu 16.04+ etc.):
sudo service mongod restart
Obviously from a security perspective if you are going to be opening up mongo to your network/the world be aware of the implications of this (if any)
Another problem may be that the mongodb port is not enabled. Check, from another host, the ports enabled on your server. For that you can use the command:
sudo nmap -P0 your_server_ip
You can get an answer like this:
Host is up (0.052s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
If you use a virtual server in the cloud, as AWS, you need to add a new rule to add mongodb port (27017 by default).
Important: Note that with this configuration anyone can have access to your database
I fixed by below reference :
https://medium.com/founding-ithaka/setting-up-and-connecting-to-a-remote-mongodb-database-5df754a4da89
Actually, first i changed my bindIp from 127.0.0.1 to 0.0.0.0 in mongod.conf,
and enable security:
security:
authorization: "enabled"
then i restarted mongod using sudo service mongod restart.(because of new changes in mongod.conf), after that set firewall to open mongod running port (by iptables) and create a new user in admin db with new access (based on this link : https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac), finally test open ports in my server from outside with (https://www.yougetsignal.com/tools/open-ports/) and connected successfully to remote mongod using mongocompass.exe.
I'm use Linux server with vsftpd connection created successfully but i can't retrieve the files
Your screenshot shows that the connection timed out when trying to transfer something (LIST) after switching to Passive Mode (PASV). In my opinion, probably your firewall is not correctly configured for Passive Mode and therefore is blocking the connection.
Try allowing incoming (inbound) connections on port 40000 to 50000 for all IP address or the IP address of your FTP client. Configuring firewall is firewall-specific, therefore, I cannot give you detailed instruction on how to do this.
sudo ufw allow 40000:50000/tcp
sudo service vsftpd restart
I am trying to use my raspberry pi as a server, I have a java app using tcp port 1777 and mysql on 3306, however neither one or the other is accessible from lan (both works fine from the pi itself). When I scan the ports open on the pi from my laptop I only see the ssh and vnc ports, but when running the netstat on the pi both ports appear to be in listening state. I am running the latest version of raspbian (image had a ssh and vnc disabled by default, I enabled it in pi configuration (raspi-config)). Any ideas?
In my opinion, check which interface these services are listening on because the services listening on localhost are not 'binded' to the external network so try to make them listening on 192.**** ip address.
Example : Edit MySQL configuration
By default, MySQL is not configured to accept remote connections. You can enable remote connections by modifying the configuration file:
sudo nano /etc/mysql/my.cnf
and set bind-address = 192.** or bind-address = 0.0.0.0 then restart mysql servic:
sudo service mysql restart