I'm working on a CentOS 6 machine. I've tried to follow the following guides:
How to open port in centOS
http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
If I run nmap ipofmachine on the target machine I have this strange result.
Host is up (0.0079s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
8080/tcp closed http-proxy
Still, when I run sudo iptables -L I have the following output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Am I missing something? Let me know if you need more information (I'm trying to open port 8080).
In order to allow connections on a specific port you must configure the CentoOS firewall:
> sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
> sudo firewall-cmd --reload
You need to configure privilege elevation with sudo
If you are using IPTables, add the following rule into etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
Then run the following command to save: iptables-restore < /etc/sysconfig/iptables
Related
I have installed turn server in my godaddy server. To see that my turn server is working or not i have used https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/.
ICE Trickle in chrome output:
Chrome Output
ICE Trickle in mozilla output (version-58.0.2(64bit)):
Mozilla output
Issues i am facing:
1.webrtc works only for chrome to chrome(webrtc doesnt work for mozilla to mozilla).
2.mozilla shows "ICE failed add STUN error".
3.why there is different ICE trickle output for both the browsers?
It seems to me that turn server is not working!!
Can anybody help me with these issue i dont know what i am doing wrong. I dont know if its NAT problem or godaddy server problem or anything else. Are godaddy servers behind NAT?
Configurations i have done:
Firewall changes:
iptables -A INPUT -p tcp --dport 3478 -j ACCEPT
iptables -A INPUT -p udp --dport 3478 -j ACCEPT
iptables -A INPUT -p tcp --dport 5349 -j ACCEPT
iptables -A INPUT -p udp --dport 5349 -j ACCEPT
iptables -A INPUT -p udp --dport 49152:65535 -j ACCEPT
service iptables save
Turnserver configuration:
listening-port=3478
listening-ip=1.2.3.4(example)
external-ip=same as listening ip i.e 1.2.3.4(example)
verbose
fingerprint
realm = mydomain.com
I am running turn server using these command :
turnserver -L listening-ip -o -a -f -r mydomain.com
I've been trying to make Postgres available over the network but so far have been unable to do so.
According to netstat, postgres is listening on the right port:
#netstat -anltp | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2385/postgres
But when I try to nmap from another device, the port appears to be closed.
#nmap -p 5432 marvin
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-31 10:31 CET
Nmap scan report for marvin (*.*.*.*)
Host is up (0.00048s latency).
rDNS record for *.*.*.*: marvin.*.*
PORT STATE SERVICE
5432/tcp closed postgresql
My guess is, it has to do something with the fact that I'm using a hostname instead of an IP, but since the IP changes here every so often, I'd rather use the hostname.
I've already set listen_addresses = '*', which was the solution to another similar problem I've found here, but to no avail. I've also experimented with different settings in the pg_hba.conf but the port remained closed.
host all all .jarvis trust
host all all jarvis trust
host all all 0.0.0.0/24 trust
I've also used several examples I've found for my iptables, but no luck there either.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresqlflags: FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere Marvin tcp spts:1024:65535 dpt:postgresql state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- Marvin anywhere tcp spt:postgresql dpts:1024:65535 state ESTABLISHED
And lastly, I've tried to connect via telnet, no luck there either
telnet marvin 5432
Trying *.*.*.*...
telnet: Unable to connect to remote host: Connection refusedo connect to the port
Yet, there are no issues on 22.
telnet marvin 22
Trying *.*.*.*...
Connected to marvin.*.*.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
Can anyone tell me if there's a setting somewhere I misinterpreted or of its an issue with using hostnames?
Look at your netstat output again. You are only listening on localhost (127.0.0.1). Check your config file and restart PostgreSQL.
I am testing the 0MQ library, but my problem may be an IPC general one (or not). The test is very basic, a server binds to a socket, a client connects to it and sends a request. The server replies. When the client receives the response, it ends.
If I launch the server in a console in background, and then the client in the same console, it works. If I launch the client in a different console (same user), it fails, either the server does not receive the request, or the client does not receive the response, I don't know.
The same applies if I use a named pipe (ipc), or a socket.
The same applies if I test the C code or the Python code.
I checked the firewall, but it could be an issue only for the socket trial :
# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- 127.0.0.0/24 0.0.0.0/0 udp dpts:80:65535
ACCEPT tcp -- 127.0.0.0/24 0.0.0.0/0 tcp dpts:80:65535
ACCEPT udp -- 127.0.0.0/24 0.0.0.0/0 udp dpt:80
ACCEPT tcp -- 127.0.0.0/24 0.0.0.0/0 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0
ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:631
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.99.0/24 !192.168.0.0/24
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The kernel looks alright for ipc :
# grep -i ipc /usr/src/linux/.config
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_IPC_NS=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_XFRM_IPCOMP=y
CONFIG_INET_IPCOMP=m
CONFIG_INET6_IPCOMP=y
# CONFIG_TIPC is not set
# CONFIG_SND_CMIPCI is not set
For information, the code I use is the flserver1 & flclient1 provided with 0MQ examples, and also in The Guide.
Elsewhere on the same PC in a home-made application, I make use of popen and then fork and pipes successfully.
What could be the problem origin please ?
EDIT 2013-06-26 18:22 CET
If I use tcp://127.0.0.1:5555 instead of tcp://localhost:5555, it works.
I don't understand since in my /etc/hosts, localhost is declared :
# grep localhost /etc/hosts
127.0.0.1 JANUS localhost
#::1 localhost
But it is not annoying, so for me the socket issue is closed. Remains the ipc transport which still does not work on my PC (except when both server & client are runned in the same console).
"localhost" endpoint is not supported by 0MQ. One shall use "127.0.0.1" instead. So tcp://localhost:5555 shall be written: tcp://127.0.0.1:5555
Reasons provided here. As a summary, 0MQ functions bind and connect supports numeric addresses, or symbolic addresses with wilcards.
So I'm using AWS using EC2 and I'm trying to open up a port for Postgresql. In AWS I already have it open:
TCP
Port (Service) Source Action
0 - 65535 sg-92aadda2 (default) Delete
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
5432 0.0.0.0/0 Delete
When I do netstat it looks as though the port is listening:
# netstat -an | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
When I do a localhost nmap I get the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp open postgresql
And here's where the fun begins. When I do an nmap from an alternative host I get the following:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp closed postgresql
I also looked at my iptables to see if I was missing something, but the iptables look empty (which should mean they aren't really doing much)
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Am I missing something cause I can't seem to figure out how to access the ip. Whenever I try I get the following error:
Is the server running on host "xx.xx.xx.xx" and accepting TCP/IP connections on port 5432?
How do I make it so that I can open up the port so that external servers have access to it? Thanks in advance =) Lemme know if you need any additional data.
EDIT: As asked below, I tested telnetting, and I was able to telnet into the localhost, but when attempting from the outside I get:
$ telnet xx.xx.xx.xx 5432
Trying xx.xx.xx.xx...
telnet: Unable to connect to remote host: Connection refused
Also, I double checked and I was properly able to telnet into ssh:
$ telnet xx.xx.xx.xx 22
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
Edit /etc/postgresql/<version>/main/postgresql.conf and set the listen_addresses to your outgoing interface or all. Restart postgresql: sudo service postgresql restart.
It works for me the last method (thks Julio):
Edit: postgresql.conf
sudo nano /etc/postgresql/9.3/main/postgresql.conf
Enable or add:
listen_addresses = '*'
Restart the database engine:
sudo service postgresql restart
Besides, you can check the file: pg_hba.conf
sudo nano /etc/postgresql/9.3/main/pg_hba.conf
And add your network or host address:
host all all 192.168.1.0/24 md5
If you have edited postgresql.conf and main/pg_hba.conf and still having a problem, please try
sudo ufw allow 5432/tcp
to unblock psql port
In case you are using docker to connect to the host's postgresql you have to use the host's ip which you can obtain by running ip addr show docker0 hope it helps someone.
I am attempting to connect to a remote mongodb service and cannot figure out how to get it to work. The remote mongod is running on an Ubuntu box. I am a very novice unix user, but I'm reasonably certain the problem is that I am not opening up the firewall probably with iptables, I've tried the commands in the mongodb docs and still no success.
mongodb.conf relevant rules
bind_ip = 0.0.0.0
port = 27017
auth = false
netstat -A
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:28017 *:* LISTEN
tcp 0 0 *:27017 *:* LISTEN
iptables -L -n
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:27017 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28017 state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:27017 state ESTABLISHED
iptables commands executed as documented in mongodb docs at - http://docs.mongodb.org/manual/tutorial/configure-linux-iptables-firewall/#patterns
Here is what I've tried:
browser: http://xx.xx.xx.xx:27017/ no response.
browser: http://xx.xx.xx.xx:28017/ no response.
browser: http://www.hostname.com:27017/ no reponse.
browser: http://www.hostname.com:28017/ no response.
mongo.exe xx.xx.xx.xx:27017 (remotely) couldn't connect to server xx.xx.xx.xx
mongo xx.xx.xx.xx:27017 (from localhost) connects properly
mongo www.hostname.com:27017 (from localhost) connects properly
The fact that it connects properly over localhost on the server hosting the mongodb, even when I specify the IP address, makes me think it has to be a firewall issue. Any ideas?
iptables rules are read in exactly in the order as they appear.
You now have DROP taking precedence over ACCEPT of your mongodb ports.
Shuffle the lines in your particular script that sets up iptables and flush and re-read them back in.
If you haven't saved your firewall yet, remove the DROP rule and re-add it again, it will shift it down the list and will also solve your issue.