I want to make a local port that serve a python http.server accessible to the internet without messing around with port-forwarding on my home router, tunnelling it on a digital ocean vps.
My local port is 8080, the port on the remote vps 4444, just for example
ssh -i .ssh/mykey -R 4444:localhost:8080 root#myvpsip
But still http://myvpsip:4444 is not accessible
ufw is disabled on the vps..What am I missing?
For the forwarded port to listen on any address (and not just localhost) you need to prepend an additional : to the forward specification.
ssh -i .ssh/mykey -R :4444:localhost:8080 root#myvpsip
Additionally, you must have GatewayPorts yes or GatewayPorts clientspecified on the server-side sshd configuration.
Related
I've trying to run my nodejs/expressjs application on my godaddy server, but any port I use times out. I've tried using the application on my local device and it works fine. I have a snippet of my connection below.
var app = express();
app.listen(8080, function() {
console.log("Listening on port " + 8080);
});
When I run the program through ssh, I get no errors
node index.js
Listening on port 8080
But when I go to the corresponding location in my browser, I get:
xxx took too long to respond.
ERR_CONNECTION_TIMED_OUT
I'm pretty sure it has to do with running on the godaddy server. If anyone has experience using this service with nodejs, is there a specific port I should be using, or is there any other setup I should do?
Do you have a VPS with GoDaddy right? So I assume you have also root access.
SSH into your GoDaddy server as root and check if the node.js app actually listens on that port:
netstat -tunlp | grep 8080
If you see any result there for the node.js app and that port then the port is open.
By default, there should be a firewall on your server which might block most of the ports and allows only the necessary incoming traffic.
You can check if there is any rule for that port by issuing the command bellow:
iptables -nvL | grep 8080
If any result is returned, then you have to add an iptables rule to allow access to that port. There are multiple methods to do that:
permit full access from your IP access to the server
permit your ip to access port 8080 on the godaddy server
permit outside world to access port 8080 on your server
You could read any iptables guy, it's pretty easy to add/edit/delete firewall rules. Most of the cPanel/WHM servers come with CSF Firewall (which is based on iptables and perl scripts).
In order to allow an ip address to your firewall (if you have CSF Firewall installed) you have to issue the following command:
csf -a ip-address
I hope that helps!
Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config
Suppose if my ip address is : 192.65.35.12. In this machine I'm running node server. I can access the webpages by using this url: http://localhost:3000/ in the same machine.
But, if I'm trying to access the node server from a remote machine having the ip 192.65.35.11. It does not work. I used the below url to access the url from the remote machine:
http://192.65.35.12:3000/
I'm facing network connectivity issues.
Do, I need to change any settings in node.js for remote access.
Then, how can I access the node server from the remote machine.
Use this IP 0.0.0.0 to open your app on all interfaces provided by your computer.
On linux server you need to open port for outside client to reach it.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
$ sudo service iptables save
$ sudo service iptables restart
Then start your server
I have a VPS with node.js installed, I already uploaded a basic example to test it on the server, so I tried doing this:
I access by SSH, navigate to my project folder and run
node app.js
I get this message
Express server listening on port 8080
I thought i could see my app here
example.com:8080 or server.example:8080... but nothing. Then I tried with the info from os.networkInterfaces(); and os.host(); and still nothing happen
could you help me out? as you can see I am a total noob on node.js. What I'm doing wrong? or what should I do before running my app? Something related to DNS's? i have no idea
How do you ssh to your host? with ip or name? Is it something like:
ssh root#example.com
if so then at least you know your DNS is ok.
Once on the server do a
netstat -a
if you find *:8080 then your server is listening in the default ip. If you see something like 12.23.45.67:8080 then this number is the ip your server is listening.
ifconfig
will give you the servers ip. This should be the same as the ip of example.com. If not then maybe there is some router/firewall in front of your server and you have to configure that to allow port 8080 to reach your server.
if someone ever has the same problem this is how i solved on CentOS:
Open this file
/ Etc / csf / csf.conf
Add the required port
Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"
Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"
Restart
# # Csf-r
I am running ssh on Amazon EC2 (linux) machine on Port 443.
Yet i am unable to ssh it, as i am behind a firewall.
When i do
http:// host:443
Following message is displayed:
SSH-2.0-OpenSSH_5.3
That means ssh is clearly listening on port 443, and the port is even reachable (via browser).
But yet when i do ssh from my desktop command-line (or putty), it just doesn't work.
Is it that firewall is examining packets and blocking it?
Any ideas?
Are you doing ssh -p 443 host? Sorry to state te obvious... but sometimes the obvious is what eludes us.
Worked!
The putty also required proxy entries :)