Tried forwarding HTTP port to my linux desktop running lighttpd but it isn't working. Server is running perfectly, works with nginx also. I can access the page from localhost but not through my public IP.
Firewall-Zone settings:
Zone > Forwardings
Input
Output
Forward
lan > wan
accept
accept
accept
wan > reject
reject
accept
accept
and Port Forwarding Config :
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP'
option src 'wan'
option src_dport '80'
option dest_port '80'
option dest_ip '192.168.1.100'
Also here are the screenshots of current settings. What am I doing wrong?
OpenWRT Firewall-Zone Settings
OpenWRT Port Forwards
I am attempting to use Python3 to iterate through a list of IP addresses, and then block them using firewalld.
Note: I am a complete novice with Python, so please excuse any simple errors.
import subprocess
with open("ips.txt") as ipList:
ips = ipList.readlines()
for ip in ips:
process = subprocess.Popen(['firewall-cmd',
'--permanent',
'--add-rich-rule=\'rule family=\"ipv4\" source address=\"{0}\" reject\''.format(ip.rstrip())
])
I'm using format.rstrip to remove the line breaks after each IP address in the list.
When running the script I receive the following error;
root#mediaserver:~# python3 block.py
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4" source address="1.56.0.0/13" reject
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4" source address="1.48.0.0/15" reject
This error message iterates through all of the IP blocks in my list.
If I run the firewall-cmd outside of my script I do not receive any error messages and the rule is properly added.
root#mediaserver:~# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="223.198.0.0/15" reject'
success
root#mediaserver:~# firewall-cmd --reload
success
root#mediaserver:~# firewall-cmd --zone=public --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="223.198.0.0/15" reject
root#mediaserver:~# iptables -L IN_public_deny
Chain IN_public_deny (1 references)
target prot opt source destination
REJECT all -- 223.198.0.0/15 anywhere reject-with icmp-port-unreachable
root#mediaserver:~# which python3
/usr/bin/python3
root#mediaserver:~# firewall-cmd --version
0.3.7
I think the issue could be related to how I've escaped the characters in my python script, but as far as I can tell, they are being escaped correctly. If there is any additional debug info I could provide please let me know.
The solution was multi-part. We organized the formatting by declaring part of the command argument and using line continuation to split everything apart. This helps keep everything organized and reduces character escaping errors. Additionally, we switched from Popen to Run as Popen was excessive for this usage, and added the shell=True value to our subprocess.
import subprocess
with open("ips.txt") as ip_list:
ips = ip_list.readlines()
ips = (ip.strip() for ip in ips)
rules = ('rule family="ipv4" source address="{0}" reject'.format(ip) for ip in ips)
for rule in rules:
process = subprocess.run("firewall-cmd "
"--permanent "
" --add-rich-rule=\'{0}\'".format(rule),
shell=True)
in windows 10 IoT i want to accept TCP packets on a port (eg:- 49856) from a remote machine.
You can have a try the following command:
netsh advfirewall firewall add rule name="Open mongod port 49856" dir=in action=allow protocol=TCP localport=49856
I'm running a "hello world" http server using node.js on Fedora 20.
I can see "hello world" using my Firefox by typing any of the following in my address bar: 192.168.2.85, localhost, 0.0.0.0, 192.168.122.1
I thought I would be able to open a browser on my wife's computer when she's connected to the same DCHP NAT router, type 192.168.2.85 in the address bar, and see "hello world".
However, her Chrome33 says "This webpage is not available" or "Oops! ...could not connect to 192.168.2.25." Her IE9 says "...cannot display the webpage." But from her command prompt I can ping 192.168.2.85.
On her computer (Windows 7), I tried turning off Windows Firewall and turning off antivirus.
On my computer, I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
On our microsoft router, I tried Persistent Port Forwarding (inbound port range 80-80, private port range 80-80, type TCP, Private ip 192.168.2.85) and Enable virtual DMZ for 192.168.2.85. (I hope I'm not giving enough info to allow an attack?) I saw no reference to WDS in my router.
what should I do to make my node.js app available to other computers in my home? I'm new to all this.
Here's some more details . . .
netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4566/node
cat test.js
var http = require("http");
var app = http.createServer(function(request, response) {
response.writeHead(200, {
"Content-Type": "text/plain"
});
response.end("hello world\n");
});
app.listen(80); //192.168.2.85
console.log("Server running...");
I've looked at:
Cannot browse site hosted on local machine from a mobile
Node.js connect only works on localhost
How do I run Node.js on port 80?
connecting to node.js http server on linux machine from windows machine
Node.JS Not working on the internet
and others.
If you have a Linux server without a GUI, you can set up the firewall manually using the firewall-cmd command...
# list current settings prior to changes; this is your baseline
firewall-cmd --zone=internal --list-all
# add the http services (https is optional based on your needs)
firewall-cmd --zone=internal --add-service=http
firewall-cmd --zone=internal --add-service=https
# I am using port 8080 with node.js just to differentiate it (optional)
firewall-cmd --zone=internal --add-port=8080/tcp
# the zone 'public' is the default zone on my machine but it is not
# associated with the eth0 network adapter. however, the zone 'internal' is,
# therefore, make 'internal' the default zone
firewall-cmd --set-default-zone=internal
# make the changes permanent so that they are present between reboots
firewall-cmd --runtime-to-permanent
# reload all of the firewall rules for good measure
firewall-cmd --complete-reload
# list out the current settings after changes
firewall-cmd --zone=internal --list-all
That's it. Hope this helps someone.
First, I added a zone line to the ifcfg file for the home network.
# vi /etc/sysconfig/network-scripts/ifcfg-<router-ssid-name>
. . .
ZONE=internal
Then I rebooted to ensure change took place.
Then in terminal I typed
firewall-config
It opens in the public zone, which is default, and allows the administrator to select trusted services.
(If I get 10 reputation points I can include my screenshot here.)
If the ZONE is not set in ifcfg as above, then selecting the (public) http checkbox will still work.
But if ZONE=internal in the ifcfg file, then click on internal zone and select http there, for the added security. (Or I could have used ZONE=home or ZONE=work or ZONE=trusted. Same idea.) The change is immediately applied. The other computer's browser could see my "hello world".
Finally, at the top, I changed Runtime to Permanent from the dropdown list and closed the window.
I had thought I was accomplishing the same thing earlier when I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
so I guess I need to look into what the difference is.
Thanks to jfriend00 for pointing me in the right direction. (If I had reputation I would upvote your comment.)
I know that Windows allow blocking IP addresses through netsh like so:
netsh advfirewall firewall add rule name="Block some stuff" dir=in action=block remoteip=xxx.xxx.xxx.xxx enable=yes
But is there any way to use netsh (or is there any other Windows utility) to block URLs like how ipfw and iptables allows? I know there's wipfw, but I'd like to use something built in if possible.
Use nslookup to resolve dns/ip of the url and block that ip using netsh.
Or, you may add an exception in hosts file in Windows.