Tried forwarding HTTP port to my linux desktop running lighttpd but it isn't working. Server is running perfectly, works with nginx also. I can access the page from localhost but not through my public IP.
Firewall-Zone settings:
Zone > Forwardings
Input
Output
Forward
lan > wan
accept
accept
accept
wan > reject
reject
accept
accept
and Port Forwarding Config :
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP'
option src 'wan'
option src_dport '80'
option dest_port '80'
option dest_ip '192.168.1.100'
Also here are the screenshots of current settings. What am I doing wrong?
OpenWRT Firewall-Zone Settings
OpenWRT Port Forwards
Related
I am using AWS lightsail for the first time. I cloned my git repository to my htdocs and opened port 3000 on my networking ipv4 firewall. What im trying to do is load my node site with my aws static IP. It currently works when I specify the specific port like: 98.222.124.4:3000 but I wanted it to load the site without having to specify the port so I followed the steps found here https://docs.bitnami.com/ibm/infrastructure/nodejs/administration/create-custom-application-nodejs/ under "Create A Custom Virtual Host" but the specified method is not working. I still need to specify the port in order for the site to load. What I basically did was edit the documentRoot and directory paths to my repositories location then restarted apache but this didn't let me access the site without the port. Where did I go wrong. How can I load the site without specifying a port in the url?
It took me a minute to land on this solution but the only method that worked was this:
First try this after installing iptables:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
What you basically did is forward all port 80 traffic to port 3000. Then check and see if site is loading without specifying the port in URL. If it works go to step 2.
Step 2:
open the /etc/rc.local file with vim or other editor and add
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000 to the file. Notice sudo is not included because the file already runs as root. We are implementing step 2 because we want the port redirected when the machine boots up.
I have configured gitlab so that I can only connect to it from a specific ip address. In gitlab.rb file I configured the url this way:
external_url 'gitlab.example.pl:2000'
and also configured ufw:
[ 1] 2000 ALLOW IN 192.169.0.1/24
When I want to access gitlab by browser I have to type additionally port 2000, so I would like to port forwarding to 443. I can't give access to port 443 only to a specific ip address in ufw because i configured mattermost in this same server and must be access from everywhere. I tried port forwarding with apache2 or ngnix but gitlab listens on port 80 and because of this apache2 and nginx are not working. I also tried find solution in file gitlab.rb
nginx['listen_port'] = 443
nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = false
Please give me a solution to this problem.
You do you not have to configure listeners for gitlab and mattermost separately. Both your mattermost and gitlab URL will point to the same IP address and port and both should route to NGINX.
NGINX will route traffic appropriately to gitlab or mattermost based on the hostname header. Just configure the external_url for gitlab and mattermost_external_url for mattermost appropriately within the same gitlab installation. There's no particular need to put apache in front of gitlab's nginx.
external_url 'https://gitlab.example.com'
mattermost_external_url 'https://mattermost.example.com'
nginx['listen_port'] = 443
nginx['listen_https'] = true
As long as your firewall allows traffic on port 443 to nginx, you're OK. If you need that to be a specific IP address, set nginx['listen_address'].
I have a running AWS EC2 instance on an Ubuntu machine running a Nodejs server.
Everything works fine then opening the website via its public ip on port 3000 likes this:
http://XX.XXX.XXX.XXX:3000
Now I want to redirect all requests from port 80 to this port 3000 via iptables like described in this video: https://www.youtube.com/watch?v=WxhFq64FQzA via
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000.
Unfortunately I am getting this error: http://prntscr.com/lja6hx when opening the site like this: http://XX.XXX.XXX.XXX (without port 3000 specified)
P.S.: I'm not really sure if my approach is correct. I am open to other ways of achieving a redirect from port 80 (http) to port 3000
As #Vorsprung suggested I should use an Application Load Balancer. I did this but it's still not working. Here is my setup:
My Application Load Balancer Listener
The Target Group I'm forwarding to in my ALB
My hosted zone (I've added the alias for the ALB here)
Please let me know if something is missing
either use nginx see https://nodebb.readthedocs.io/en/latest/configuring/proxies/nginx.html
or
you are on AWS! Use an ALB.. see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-tutorials.html
I have website working fine on my local machine as host name hml.frontend in the hosts file: 127.0.0.1 hml.frontend
In IIS I have bindings as hml.frontend 127.0.0.1 and hml.frontend 192.168.1.94. The latter I used ipconfig to get my local ip address issued to me by my BT Home Hub 5 router.
In windows 10 firewall I have allowed App/Feature NetLogon service and World Wide Web services (HTTP).
In advanced settings in Inbound Rules I have added a rule which allow the connection from all sources to ports 80 and 443. Scope is any IP addresses.
On my macbook I have added the 192.168.1.94 as hml.frontend to the hosts file.
I can ping hml.frontend OK from the macbook.
However from a web browser the http://hml.frontend site cannot be reached from the macbook.
telnet 192.168.1.94 80 from the macbook says unable to connect to remote host.
Back on the PC I have done netstat -na to see which ports IIS is listening on and 127.0.0.1:80 is there and so is 192.168.1.94:139 and many more ports against that IP address but not port 80.
Any ideas what I can check to get my PC to listen for that website hostname on port 80?
I got it to work, I was on the right track that the IP address was not being listened to.
In order to add the ip address I have to be listened to, I went into cmd as adminstrator, did
netsh
http
show iplisten
'show' result shows that just 127.0.0.1 was being listened on port 80
add iplisten ipaddress=192.168.1.94
show iplisten
quit
'show' result shows that now additionally 192.168.1.94 is being listened on port 80
Then I went back in with
netstat -na
And now I see the line I want:
TCP 192.168.1.94:80 0.0.0.0:0 LISTENING
Some information was gained from this article.
http://windowsitpro.com/windows-server/solve-iis-listener-problems
The site is now reachable from my macbook using the hostname http://hml.frontend
I'm running a "hello world" http server using node.js on Fedora 20.
I can see "hello world" using my Firefox by typing any of the following in my address bar: 192.168.2.85, localhost, 0.0.0.0, 192.168.122.1
I thought I would be able to open a browser on my wife's computer when she's connected to the same DCHP NAT router, type 192.168.2.85 in the address bar, and see "hello world".
However, her Chrome33 says "This webpage is not available" or "Oops! ...could not connect to 192.168.2.25." Her IE9 says "...cannot display the webpage." But from her command prompt I can ping 192.168.2.85.
On her computer (Windows 7), I tried turning off Windows Firewall and turning off antivirus.
On my computer, I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
On our microsoft router, I tried Persistent Port Forwarding (inbound port range 80-80, private port range 80-80, type TCP, Private ip 192.168.2.85) and Enable virtual DMZ for 192.168.2.85. (I hope I'm not giving enough info to allow an attack?) I saw no reference to WDS in my router.
what should I do to make my node.js app available to other computers in my home? I'm new to all this.
Here's some more details . . .
netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4566/node
cat test.js
var http = require("http");
var app = http.createServer(function(request, response) {
response.writeHead(200, {
"Content-Type": "text/plain"
});
response.end("hello world\n");
});
app.listen(80); //192.168.2.85
console.log("Server running...");
I've looked at:
Cannot browse site hosted on local machine from a mobile
Node.js connect only works on localhost
How do I run Node.js on port 80?
connecting to node.js http server on linux machine from windows machine
Node.JS Not working on the internet
and others.
If you have a Linux server without a GUI, you can set up the firewall manually using the firewall-cmd command...
# list current settings prior to changes; this is your baseline
firewall-cmd --zone=internal --list-all
# add the http services (https is optional based on your needs)
firewall-cmd --zone=internal --add-service=http
firewall-cmd --zone=internal --add-service=https
# I am using port 8080 with node.js just to differentiate it (optional)
firewall-cmd --zone=internal --add-port=8080/tcp
# the zone 'public' is the default zone on my machine but it is not
# associated with the eth0 network adapter. however, the zone 'internal' is,
# therefore, make 'internal' the default zone
firewall-cmd --set-default-zone=internal
# make the changes permanent so that they are present between reboots
firewall-cmd --runtime-to-permanent
# reload all of the firewall rules for good measure
firewall-cmd --complete-reload
# list out the current settings after changes
firewall-cmd --zone=internal --list-all
That's it. Hope this helps someone.
First, I added a zone line to the ifcfg file for the home network.
# vi /etc/sysconfig/network-scripts/ifcfg-<router-ssid-name>
. . .
ZONE=internal
Then I rebooted to ensure change took place.
Then in terminal I typed
firewall-config
It opens in the public zone, which is default, and allows the administrator to select trusted services.
(If I get 10 reputation points I can include my screenshot here.)
If the ZONE is not set in ifcfg as above, then selecting the (public) http checkbox will still work.
But if ZONE=internal in the ifcfg file, then click on internal zone and select http there, for the added security. (Or I could have used ZONE=home or ZONE=work or ZONE=trusted. Same idea.) The change is immediately applied. The other computer's browser could see my "hello world".
Finally, at the top, I changed Runtime to Permanent from the dropdown list and closed the window.
I had thought I was accomplishing the same thing earlier when I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
so I guess I need to look into what the difference is.
Thanks to jfriend00 for pointing me in the right direction. (If I had reputation I would upvote your comment.)