On Ubuntu if I use the command: sudo disable ufw then it can access my server on any port.
Once I enable firewall again then I run command: sudo ufw allow 9090/tcp then I start my spring boot website on port 9090. Now I use the command: curl http://server_id:9090 => It still block me. If I disable firewall then It can run
Who know root cause? How can I enable firewall and allow on a particular port.
Thanks
Related
I just tried to create 3 ubuntu VMs on Virtualbox. then I tried to connect each machine to another machine using ssh but it failed.
"I noticed that the 3 VMs has the same IP, So I made static IP to each machine"
So kindly find the below steps:
$ sudo apt install ssh
$ sudo systemctl enable ssh
$ sudo systemctl start ssh
$ sudo ufw allow ssh
$ ssh username#ip
do a test of communication with these vms through ping.
If the communication is ok your problem must be related to the firewall.
You can disable your linux environment's firewall temporarily to test if this is really the problem.
If the problem is due to the firewall, you must create the release rule for a specific port. By default it is port 22.
Test suggestion: Stop SELinux and FirewallD or any other firewall in your distribution and retest
I am a starting level at linux...
I got node JS to listen to port 80 and everything works well.
But when trying different ports it doesn't work.
Firewalld is not enabled...
and when trying in the browser I try localhost:8080
Any Ideas?
Stop firewall if already running
sudo systemctl stop firewalld
Check the status of iptable
If not already installed then install it using
yum install iptables-services
sudo systemctl status iptables
Enable the service at boot-time:
systemctl enable iptables
Managing the service
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:
service iptables save
Start and Enable Firewall with this command
sudo systemctl start firewalld
sudo systemctl enable firewalld
Configure firewall and add Ip and range of ports to be enabled (optional)
firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" port port="11224-12224" protocol="tcp" accept'
The above command takes the range of IPs and ports. You need to replace the IP and port range in the above command, make sure to change the x.x.x.x/n , here n is the number of ports.
I try to access my node.js server running on Ubuntu. My PC is connected with TP-link router. Now, I want to access node services from other IP(not from my local host or local IPs). What can I do? I used following code.
Note: This server works fine and accessible from local IP but can't access from my public IP
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
You have to use :-
iptables -A OUTPUT -p tcp --sport 8080 -j ACCEPT
for the outgoing rule (not dport). Apart from that, maybe there's an earlier rule that blocks the traffic? Try iptables -L.
Ubuntu have very good firewall and default system is not allow to external IP to response
In express and node js or any server like that
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
It will work on your IP, localhost and public IP
but on external IP can't access it
first of all replace
localhost -> 0.0.0.0
when you want to run frontend and backend simultaneously
then it is better to use public IP directly instead of 0.0.0.0
If you are using ubuntu then we need to change in firewall settings using ufw
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with apt-get:
sudo apt-get install ufw
then
sudo nano /etc/default/ufw
check this line and make it yes
IPV6=yes
save file using Ctrl-X to exit the file, then shift + y to save the changes that you made, then ENTER
At any time, you can check the status of UFW with this command:
sudo ufw status verbose
By default, UFW is disabled so you should see something like this:
Output:
Status: inactive
Not most important point
sudo ufw allow portNumber // here portNumber is port-number in integer
in your case
sudo ufw allow 6000
and allow
sudo ufw allow http
for more rules and firewall on ubuntu click here
I have got installed CentOS 7 under virtual envirment.
It has proper hostname so I can ping it and it has acccess to internet inside of it and I can ping by IP and host name outside of it. Also It has working Apache and its test page is fine that has been checked locally.
Now I would like to get access to this test page from the MS Windows but I cannot. (I can ping CentOS by IP and hostname.)
Has it something to do with Iptables or firewall?
And this link doesnt help as well https://serverfault.com/questions/459267/enabling-http-access-on-port-80-for-centos-6-3-from-console
I assume some settings should be changed under CentOS but I am not sure which of them.
My question is which steps I have to execute to allow all those things?
Either disable firewalld.service
systemctl disable firewalld.service
systemctl stop firewalld.service
Or allow access to port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
Also disable SELINUX:
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
So the answer is a simple one.
I just used Firewall settings to allow http and httpd.
I am wondering if the vanilla installation of MongoDB on Ubuntu can be accessed by the outside world? I have sensitive information thats being written to the database via Node.js (all running on the same box) and want to make sure it is safe.
I would recommend using UFW - Uncomplicated Firewall
Install UFW and enable, enter:
sudo apt-get install ufw
Check the status:
sudo ufw status verbose
Allow MongoDB and HTTP services (assuming default Mongo port):
sudo ufw allow 27017
sudo ufw allow 80
Enable the firewall:
sudo ufw enable
If you do not need connections from another instance, set the following in the configuration (which is probably the default anyway):
bind_ip = 127.0.0.1
If you need access (for example to connect to the database from your own machine for debugging,...) you can either use an SSH tunnel or set up a firewall rule (if you have a static IP; you'll obviously need to disable bind_ip).
Firewalling is a good idea in general, but if your service does not need remote connections, simply disable them. And probably use a firewall with default deny.