I have an external server that hosted in dreamcompute
Which it is can consider as virtual private server (vps)
I have test out using: https://ping.eu/port-chk/
the results:
xxx.xxx.xxx.xxx:443 port is closed
xxx.xxx.xxx.xxx:80 port is open
xxx.xxx.xxx.xxx:22 port is open
I have check my server port is open in linux:
username#server:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
3306/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
I'm able to access the web server internally by
http://localhost/
https://example.com/
http://example.com/
which all of them I set an index.php with a code:
<?=phpinfo()?>
From my experience, it was my router firewall problem, but I don't have the control to do it.
Maybe it was my dns or something else ?
Steps you need to do to check your port :
verify that you can connect from your local machine... you can just telnet to port 443, both on localhost (127.0.0.1) as well as on your machine's IP address.(You have already done this what I saw.) You should at least get an answer (ie. verification that there is a listener on that port).
Just for an example:
$ telnet 127.0.0.1 443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
This confirms port is listening
$ telnet 127.0.0.1 443
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
We can also do by checking NETSTAT
$ netstat -antl | grep 443
tcp 0 0 127.0.0.1:52421 127.0.0.1:443 TIME_WAIT
tcp6 0 0 :::443 :::* LISTEN
For SSL we can use openSSL
$ openssl s_client -connect 127.0.0.1:443
CONNECTED(00000003)
...
You may have to open and/or forward the address on your router or network firewall.
Hope it works fine!!
If not tell us, we will work on more solutions!
Related
This question is probably answered already and there are numerous articles showing how to do reverse ssh tunnel. I am however stuck on the last step.
I have a Linux box that runs a web service on port 8080. This is behind a NAT and I can not port-forward from the overlaying routers to it.
I have a fresh Ubuntu 18 ec2 instance on AWS and I am using the following command to reverse the tunnel from my Linux box.
ssh -i "key.pem" -R \*:8080:\*:8080 ubuntu#ec2 -p 45332
EC2 ssh server listening on port 45332
On the server:
$ sudo lsof -i -P -n | grep LISTEN
systemd-r 650 systemd-resolve 13u IPv4 15830 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 893 root 3u IPv4 18322 0t0 TCP *:45332 (LISTEN)
sshd 893 root 4u IPv6 18333 0t0 TCP *:45332 (LISTEN)
sshd 20731 ubuntu 9u IPv6 75581 0t0 TCP [::1]:8080 (LISTEN)
sshd 20731 ubuntu 10u IPv4 75582 0t0 TCP 127.0.0.1:8080 (LISTEN)
If I do curl localhost:8080 on Ec2, I get the correct web service response.
But when I do the curl using the Public IP/Public DNS name from same ec2 or a completely different device I get:
curl: (7) Failed to connect to <IP> port 8080: Connection refused
I have checked my VPC ACL and allowed ALL inbound and outbound traffic in the security group.
I made sure that there the firewall rules are not blocking it:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
45332/tcp ALLOW IN Anywhere
45332/udp ALLOW IN Anywhere
8080/tcp ALLOW IN Anywhere
8080/udp ALLOW IN Anywhere
45332/tcp (v6) ALLOW IN Anywhere (v6)
45332/udp (v6) ALLOW IN Anywhere (v6)
8080/tcp (v6) ALLOW IN Anywhere (v6)
8080/udp (v6) ALLOW IN Anywhere (v6)
When this didn't work, I removed the ssh tunnel and directly ran the same web service on the ec2.
This worked perfectly fine.
However, I want to run the service from my Linux box.
It is due to fact that by default SSH only listens for connections to the forwarded port on the loopback address for security purposes.
To change that behavior, open sshd configuration:
sudo nano /etc/ssh/sshd_config
Look up this flag and enable it:
GatewayPorts yes
References:
https://www.maketecheasier.com/reverse-ssh-tunnel-allow-external-connections/
http://www.snailbook.com/faq/gatewayports.auto.html
I had the same problem and this worked for me.
From you local Linux box:
ssh -i "key.pem" -R 8081:\*:8080 ubuntu#ec2 -p 45332
notice I use 8081 instead of 8080
Then in the EC2 instance, ssh to itself tunneling 8081 to 8080.
ssh locahlost -L 8080:localhost:8081
I don't really understand how, but after trying different combinations, this one worked for me.
I have bitcoin node installed and configured on Ubuntu 18.04 with the purpose of using RPC/JSON API calls and make a bitcoin service.
My application is built in Laravel 5.8, I use laravel-bitcoinrpc package to connect to the node. If the application is on the same server as the node is, I can connect and make RPC calls, but when I try to connect to node from my local machine (laptop) I receive connection refused.
I have allowed my local IP address.
22/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
8332 ALLOW Anywhere
Anywhere ALLOW 89.165.xxx.xx - My IP address
8332 ALLOW 89.165.xxx.xx - - My IP address
8332/tcp ALLOW Anywhere
18332 ALLOW 89.165.xxx.xx - - My IP address
22/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
8332 (v6) ALLOW Anywhere (v6)
8332/tcp (v6) ALLOW Anywhere (v6)
This is my bitcoin.conf
prune=600
maxconnection=20
maxuploadtarget=20
daemon=1
server=1
rpcuser=username
rpcpassword=password
rpcport=18332
rpcallowip=127.0.0.1
rpcallowip=<my-local-ip->
rpcbind=<my-local-ip->
keypool=10000
rpctimeout=30
rpcallowip should allow me to connect to the node from the remote user but I still get connection refused.
I have also allowed the ports on my router.
You can try rpcallowip=0.0.0.0.
I changed bindIp setting to
bindIp: 127.0.0.1, 0.0.0.0
in mongod.conf on my ubuntu server hosted on Linode and restarted mongod and status looks ok.
I opened mongodb port on ufw
sudo ufw status
Status: active
To Action From
-- ------ ---- 22/tcp ALLOW Anywhere 10000
ALLOW Anywhere Nginx Full
ALLOW Anywhere 3333
ALLOW Anywhere 27017
ALLOW Anywhere 22/tcp (v6)
ALLOW Anywhere (v6) 10000 (v6)
ALLOW Anywhere (v6) Nginx Full (v6)
ALLOW Anywhere (v6) 3333 (v6)
ALLOW Anywhere (v6) 27017 (v6)
ALLOW Anywhere (v6)
Connecting to it from my mac throws error:
mongo mongodb://admin:secret#ubuntuipaddress/fielddb?authSource=admin
MongoDB shell version v3.6.2 connecting to:
mongodb://ubuntuipaddress/fielddb?authSource=admin
2018-04-08T13:47:32.212 W NETWORK [thread1] Failed to connect to
ubuntuipaddress:27017, in(checking socket for error after poll),
reason: Connection refused 2018-04-08T13:47:32.214 E QUERY
[thread1] Error: couldn't connect to server ubuntuipaddress:27017,
connection attempt failed : connect#src/mongo/shell/mongo.js:251:13
#(connect):1:6 exception: connect failed
How to fix this issue?
The basic steps for enabling remote access for Mongodb running on Ubuntu are:
Setup a minimum of one user in Mongodb (admin with root rights)
Edit the config file (i.e. sudo nano etc/mongodb.conf)
Make sure that
bind_ip = 0.0.0.0
port = 27017
auth = true
are set (and uncommented)
Add a firewall rule in UFW to allow 27017 from your remote IP address (or anywhere)
You should be good to go.
Disable your firewall and try to see if you can connect, if you can then it's your fw rules. Try this first to see if this helps.
The problem was wrong setting of bindIP in mmongod.conf. Changing to:
bindIp: 127.0.0.1,ip_address_of_host_running_mondgod
fixed the problem. Replace ip_address_of_host_running_mondgod
with ip address of host running mongod like 137.142.177.4
from this article: https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/networks
it suggests me to allow outgoing firewall with following ips and ports:
Networks
50.31.164.0/24
162.247.240.0/22
Ports
TCP 80
TCP 443
I'm using ufw, how can i do it?
I've tried this:
sudo ufw allow proto tcp from 50.31.164.0/24 port 80
sudo ufw allow proto tcp from 50.31.164.0/24 port 443
sudo ufw allow proto tcp from 162.247.240.0/22 port 80
sudo ufw allow proto tcp from 162.247.240.0/22 port 443
When I check my rules: they are like this:
Am I doing this right?
You already allow connections from anywhere to 80 & 443, so you don't need the extra allow statements for their specific IP ranges.
The request for outgoing connections is if you are running say your corporate site through it but are filtering outgoing traffic from your LAN (ie, only being able to get to a schools website from a kiosk in their hallway or from a lab) and you want people on your local network to be able to access it.
NOTE* there are a lot of question with similar titles but they either (1) do not have any good answer or (2) are not related to the following issue.
I am trying to run a simple chat/messaging demo via node.js on my Ubuntu ec2 instance running apache2. The application works great on my local machine but I am having some trouble with the setup on my server.
I am trying to listen to port 8080 but upon executing:
$ curl <ec2 public dns>:8080
I can the error:
curl: (7) Failed to connect to <ec2 public dns> port 8080: Connection refused
I went through the default troubleshooting steps:
(1) Quadruple check to make sure I am allowing incoming connections on port 8080 in my ec2 security group.
(2) Check my ufw firewall to make sure port 8080 is enabled:
ubuntu#ip-000-00-00-000:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
21/tcp ALLOW IN Anywhere
8080 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
21/tcp (v6) ALLOW IN Anywhere (v6)
8080 (v6) ALLOW IN Anywhere (v6)
I am newer to all of the concepts mentioned in this post so I may be missing something simple.
After consulting this post I realized that port 8080 wasn't listening for anything.
So I ran
node chat.js
Which somewhere in the code called .listen(8080). Then upon calling curl, it worked.