I need to Configure My Server so that the ufw firewall running on it can redirect port 8080/TCP to port 80/TCP. From quick research, I know I can do it in Two ways; one is to run a command similar to;
sudo ufw allow 8080/tcp to port 80/tcp
On my Terminal. The other is to modify the /etc/ufw/before.rules file which is a file containing the iptables rules - underlying rules that ufw firewall is built on.
I am curious to know how to reconfigure the /etc/ufw/before.rules to achieve the same result.
Related
On Ubuntu if I use the command: sudo disable ufw then it can access my server on any port.
Once I enable firewall again then I run command: sudo ufw allow 9090/tcp then I start my spring boot website on port 9090. Now I use the command: curl http://server_id:9090 => It still block me. If I disable firewall then It can run
Who know root cause? How can I enable firewall and allow on a particular port.
Thanks
I'm trying to redirect my port 80 to 8080 because the user need not type the url as webapp:8080 to access the web site.
Here's the command that I came across to redirect from port 80 to 8080 :
sudo iptables -A PREROUTING -t nat -i enp0s25 -p tcp --dport 80 -j REDIRECT --to-port 8080
I'm now able to access the page as webapp/. But the problem now I'm facing is that I'm not able to access the page if I give webapp/ after I restart the system.
How do I fix this?
You can try this :
iptables-save > /etc/sysconfig/iptables
"/etc/sysconfig/iptables " is for centos, you need to find the same file on your linux OS :)
An other solution is to create a conf' file and use this file when the system boot :
Create a file like "Conf_iptables".
Add your rules to this file.
Add execute privilege to root
chkconfig Conf_iptables on
Moreover you have to create 2 iptables rules (for IPv4 and IPv6) if you want to use IPv6 :)
If you need help use this site (sorry but it's in french) : http://blog.sephirots.fr/?p=123
The only thing you need is to save iptables rules permanently. It can be various depend on linux distribution.
For Debian/Ubuntu see for instance here:
https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently
Ubuntu:
Install iptables-persistent. This will create 2 files in /etc/iptables/rules.v4 and rules.v6
Run netfilter-persistent save.
Try rebooting the machine.
I try to access my node.js server running on Ubuntu. My PC is connected with TP-link router. Now, I want to access node services from other IP(not from my local host or local IPs). What can I do? I used following code.
Note: This server works fine and accessible from local IP but can't access from my public IP
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
You have to use :-
iptables -A OUTPUT -p tcp --sport 8080 -j ACCEPT
for the outgoing rule (not dport). Apart from that, maybe there's an earlier rule that blocks the traffic? Try iptables -L.
Ubuntu have very good firewall and default system is not allow to external IP to response
In express and node js or any server like that
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
It will work on your IP, localhost and public IP
but on external IP can't access it
first of all replace
localhost -> 0.0.0.0
when you want to run frontend and backend simultaneously
then it is better to use public IP directly instead of 0.0.0.0
If you are using ubuntu then we need to change in firewall settings using ufw
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with apt-get:
sudo apt-get install ufw
then
sudo nano /etc/default/ufw
check this line and make it yes
IPV6=yes
save file using Ctrl-X to exit the file, then shift + y to save the changes that you made, then ENTER
At any time, you can check the status of UFW with this command:
sudo ufw status verbose
By default, UFW is disabled so you should see something like this:
Output:
Status: inactive
Not most important point
sudo ufw allow portNumber // here portNumber is port-number in integer
in your case
sudo ufw allow 6000
and allow
sudo ufw allow http
for more rules and firewall on ubuntu click here
I am currently trying to open port 8787 for rstudio server. I have set this up on an ubuntu host, and want to point my browser at the ip address of the ubuntu host, using port 8787 to direct it to rstudio. I can do this from the host machine, but no such luck using a different computer.
When I do
netstat - peantl | grep ":8787"
I get nothing returned, unlike when checking port 22 which is confirmed as listening. I can there ssh from external machines into the ubuntu host.
So I tried to open up port 8787 with iptables:
sudo iptables -A INPUT -p tcp --dport 8787 -j ACCEPT
command runs fine, but then re-checking with netstat I still do not get any output (I was expecting similar output to port 22 as mentioned previously)
I also allowed port 8787 on ufw:
sudo ufw allow 8787
using gufw it confirms port 8787 is open.
What could be the issue? If my network has restricted port 8787 how can I tell? Am I allowing port 8787 correctly with iptables?
Thanks.
All your iptables and ufw commands are doing is opening ports in the firewall itself. The fact that there is no output from the netstat|grep line means that the rstudio software does not actually have the port open for anyone to connect to. This is the issue you need to fix first.
I am wondering if the vanilla installation of MongoDB on Ubuntu can be accessed by the outside world? I have sensitive information thats being written to the database via Node.js (all running on the same box) and want to make sure it is safe.
I would recommend using UFW - Uncomplicated Firewall
Install UFW and enable, enter:
sudo apt-get install ufw
Check the status:
sudo ufw status verbose
Allow MongoDB and HTTP services (assuming default Mongo port):
sudo ufw allow 27017
sudo ufw allow 80
Enable the firewall:
sudo ufw enable
If you do not need connections from another instance, set the following in the configuration (which is probably the default anyway):
bind_ip = 127.0.0.1
If you need access (for example to connect to the database from your own machine for debugging,...) you can either use an SSH tunnel or set up a firewall rule (if you have a static IP; you'll obviously need to disable bind_ip).
Firewalling is a good idea in general, but if your service does not need remote connections, simply disable them. And probably use a firewall with default deny.