ec2 instance is getting down while monitoring via nagios server and another digitalocean droplet being monitor via same nagios server while port 5666 TCP port enable on ec2 instance.
I followed this documentation for set up Nagios Server & client
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-ubuntu-14-04
Nagios server does is an ICMP request to the client a.k.a ( ping ) to check the client healthy. With that said, we need to allow the ICMP (in security group add: All ICMP - IPv4 with source anywhere) protocol on your instance, by doing that i abled to check the client health and check the instance status.
Related
I'm trying to connect to openfire server using spark. I have dynamic dns, made port forwarding on port 5222 in d-link router. When i'm logging with host name as private ip for example "192.168.0.101" - connection is established, but when i'm setting my domain (pizokas.hopto.org) as host name i get the following error
Unknown connection error. Please review logs for the following information.
But there are no logs in openfire server, so i assume packets are dropped in router. I have firewall turned off. At this point i can't find information why the connection cannot be established. I'm using my own laptop as server and as a client, os win 10. Maybe somebody had similar issue?
The connection was established when i was trying to connect to server from outside of lan
I have a web server running CentOS and a separate mail server running Microsoft Exchange. I have the web server connecting to the mail server via SMTP on port 587 to send emails.
Sometimes the connection to the mail server refuses, but it's rare. Could an intermittent failure be related to port settings? I would have thought it's all or nothing.
For the CentOS web server, what rules should I be looking to configure in the iptables if any? Do I need to add an entry for port 587 on this server? Or do I just need to allow incoming connections on the mail server for 587?
Thanks in advance.
You don't need to set up any iptables rules on your webserver, since outgoing connections are allowed by default. Your occasional drops won't have anything to do with the webserver's firewall, so you'll want to look at tuning your Exchange server, if the error is impactful enough to worry about it.
I have my own web site hosted on a dedicated server. I have 2 IP addresses set up.
One is for my web server and the other is for my web socket.
I did this so that my web socket clients can access my server using port 80.
However, when I run my server application I get the error:
An attempt was made to access a socket in a way forbidden by its access permissions
Now if I switch it to a different port it works (which I have allowed through the firewall). There is nothing entered in the Windows Logs.
I am running as an Administrator. I am using Windows server 2012.
Is there anything I can check?
I checked using netstat etc but this IP address is not being used on port 80 anywhere else
I have 2 IP addresses pointing to my server hosted at FastHosts.
So I have a web site (using IIS)
Originally I had a web socket connection/listener listing on port 8090.
I had created a rule in my firewall settings to allow access to this connection.
Indeed for over a year now I have been using this connection using port 8090.
It occurred to me last week that using a clients PC that they could not access the socket over port 8090. I assumed because of firewall issues.
So, I figured if i switched to port 80 for this socket it will not need an exception to that clients firewall rules.
The trouble is I cannot have a web server listening on port 80 and a web socket so I purchased another IP address from my host and 'added' to my network adapter.
I have made sure nothing else is using port 80 for this new IP address. But I get the access denied
As a test I created a default.html page which said 'hi' all with no issues. I then 'stopped' the web server for that IP address
I plan to set the Secure Gateway Client at DMZ at on-premise environment, so I need to open Outbound ports for SG Client to connect to SG on Bluemix. The following question is similar to my question, but the answer doesn't show the needed ports.
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
For the Bluemix Secure Gateway service, how does the data center's network need to be configured?
The following Bluemix Doc shows Outbound 443 is needed.
https://www.ng.bluemix.net/docs/troubleshoot/SecureGateway/ts_index-gentopic1.html#ts_sg_006
What are the best practices for running the Secure Gateway client?
Before you install the Docker client into your environment, ensure that both the internet and your on-premises assets are accessible and all host names are resolvable by a DNS. The client uses outbound port 443 to connect to the IBM Bluemix environment, normally this port is open since its secure. Ensure you check or modify additional firewall and IP Table rules that might apply.
But, the tcpdump, which I got when I executed "docker run -it ibmcom/secure-gateway-client XXXX", showed that SG Client used Outbound 443 and 9000. Is it collect that all ports SG Client uses are Outbound 443 and 9000 ?
Correct, if you are closing down both outbound and inbound ports using your firewall, then for outbound allow ports 443/9000. So your initial assertion is correct.
I have chosen QuteCom SIP client for windows to chat.I have installed and configured the account with my public server. My SIP server is kamailio.The connection to the server is not established. The application is connecting to the server for a long time.
Any help is appreciated.
If looks like keep connecting, then I guess the SIP messages don't get to the server.
You can install Wireshark to monitor traffic on windows host on port 5060 (the SIP port) in order to see if SIP messages are sent to the server.
On server, you can install ngrep for the purpose of seeing if traffic from the phone comes there. The command would be like:
ngrep -d any -qt -W byline port 5060
If you don't see traffic coming to the SIP server, then might be a firewall or an ALG between the client and the server, or, a firewall even on client host or server itself.
If it is something in between (not on client host or server), then you should try to use TCP or better TLS.
Note that if you have the firewall on the server, you will see the SIP packets coming on the network, but they will be dropped by the kernel before getting to application layer. Typically on Linux you can see the firewall rules with:
iptables -L
If the SIP packets come to the server, then set debug=3 in kamailio.cfg, restart kamailio and watch the syslog file (e.g., /var/log/syslog or /var/log/messgaes) for kamailio-specific debug messages -- you should get hints of what happens during processing.