I want to connect to my server via limited ip adresses. I thought that may be I can connect to my server via OPENVPN that is installed on my server. I have modified hosts.allow and hosts.deny files in /etc
/etc/hosts.allow file :
sshd : x.x.x.x (server ip )
/etc/hosts.deny file :
sshd : ALL
But I cant connect to my server via OpenVPN at the moment. OpenVPN has different ip adress like 10.8.0.x.
How I can set SSH connection to my server via OpenVpn?
You can use the ListenAddress directive in /etc/ssh/sshd_config to force SSHD to only listen on a specific IP address, namely the OpenVPN private address of your server, e.g.:
ListenAddress 10.8.0.1
This prevents sshd from listening on any other interfaces, including the public ones (by default sshd listens on all the available interfaces). Just make sure you restart sshd after updating the configuration.
After that to connect to SSH you will need to first establish the OpenVPN connection and then ssh into 10.8.0.1.
i suggest using iptables to limit IP addresses
iptables -A INPUT -s x.x.x.x -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
Related
General information:
IP: 1.2.3.4
Server: Raspian Stretch (Debian 9)
On the server is running apache2 with 2 website.
mosquitto user: user
moquittto password: psw
I've installed mosquitto on my server and set a user and a password.
When I use it in localhost I've no problem:
mosquitto_pub -h localhost -p 1883 -t topic -u "user" -P "psw" -m "new message"
mosquitto_sub -h localhost -p 1883 -t topic -u "user" -P "psw"
I receive new message without any problems
Unfortunately if I use my public ip it doesn't work anymore:
mosquitto_pub -h 1.2.3.4 -p 1883 -t topic -u "user" -P "psw" -m "new message"
mosquitto_sub -h 1.2.3.4 -p 1883 -t topic -u "user" -P "psw"
After few seconds both the subscriber and the publisher print this error: Error: Connection timed out
I can imagine is something like a closed port but I don't know how to unlock it.
I tried this but didn't change anything: sudo iptables -A INPUT -p tcp -m tcp --dport 1883 -j ACCEPT
These are my configuration file:
/etc/mosquitto/conf.d/default.conf
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883
/etc/mosquitto/mosquitto.conf
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
I presume that the IP you're using is not actually 1.2.3.4 - if you don't own it and it's not listed as a private / internal IP, don't use it internally.
Equally, if you don't own it, don't try to use it externally / on the internet.
If you are behind a consumer NAT'ing router, and using the router's external IP address, then there are a couple of potential issues:
Most consumer routers do not support hairpin NAT - i.e: you cannot access services (even if you've setup port forwarding correctly) by using your external IP from behind the router.
To test this out, try connecting from a friend's house or via another internet connection (e.g: your phone).
The solution is to just connect to your internal server directly. If you're lucky your router can be configured to handle hairpinning, or you could upgrade your router.
You might need to setup port forwarding on the router so that incoming connections on port 1883 are forwarded to your server internally.
Suppose if my ip address is : 192.65.35.12. In this machine I'm running node server. I can access the webpages by using this url: http://localhost:3000/ in the same machine.
But, if I'm trying to access the node server from a remote machine having the ip 192.65.35.11. It does not work. I used the below url to access the url from the remote machine:
http://192.65.35.12:3000/
I'm facing network connectivity issues.
Do, I need to change any settings in node.js for remote access.
Then, how can I access the node server from the remote machine.
Use this IP 0.0.0.0 to open your app on all interfaces provided by your computer.
On linux server you need to open port for outside client to reach it.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
$ sudo service iptables save
$ sudo service iptables restart
Then start your server
I am currently trying to open port 8787 for rstudio server. I have set this up on an ubuntu host, and want to point my browser at the ip address of the ubuntu host, using port 8787 to direct it to rstudio. I can do this from the host machine, but no such luck using a different computer.
When I do
netstat - peantl | grep ":8787"
I get nothing returned, unlike when checking port 22 which is confirmed as listening. I can there ssh from external machines into the ubuntu host.
So I tried to open up port 8787 with iptables:
sudo iptables -A INPUT -p tcp --dport 8787 -j ACCEPT
command runs fine, but then re-checking with netstat I still do not get any output (I was expecting similar output to port 22 as mentioned previously)
I also allowed port 8787 on ufw:
sudo ufw allow 8787
using gufw it confirms port 8787 is open.
What could be the issue? If my network has restricted port 8787 how can I tell? Am I allowing port 8787 correctly with iptables?
Thanks.
All your iptables and ufw commands are doing is opening ports in the firewall itself. The fact that there is no output from the netstat|grep line means that the rstudio software does not actually have the port open for anyone to connect to. This is the issue you need to fix first.
I have created a debian wheezy virtual machine in google compute engine but I am unable to connect to it with vnc.
Here is what I have done
Installed gnome and the rebooted the VM
install tightvncserver and started it
I have tried to connect using the static ip that I've attached to the VM but I'm getting the error: "the connection was refused by the host computer".
I thought it was the firewall that was the issue so I disabled iptable using the following commands
$ sudo iptables-save > /root/firewall.rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
and I have created rules in google firewall to allow ports 0-65535 for tcp and udp but it still does not work.
Anyone knows how to do it?
Thanks in advance
By default, all incoming traffic from outside a network is blocked and no packet is allowed into an instance without an appropriate firewall rule. To allow incoming network traffic, you need to set up firewall rules to permit these connections:
start the VNC service
look at VNC server settings or netstat -nap to find out the listening port of vnc server
under Google Developer console -> Compute Engine -> Networks -> default -> Firewall rules
create a new rule and open appropriate ports for incoming vnc connections.
VNC uses by default port 5901. In the 'VNC server' field, specify the ip address and the port 5901.
Example: VNC ***Server: 123.123.123.123:5901
Encryption: let VNC Server choose***
Be aware that the free edition of VNC doesn't support encryption, it only encrypts your user name and password. One thing also to configure is /etc/sysconfig/vncservers file where you have to specify the user and the port that VNC server should listen to, and make sure it's not commented
Example:
VNCSERVERS="1:USERNAME"
VNCSERVERAR0GS[1]="-geometry 800x600 -listen tcp -5901"
I have a webservice running on a remote machine available to me through ssh tunneling. Therefore I will be able to access the webservice through http://[local machine ip]:8888. But the problem here is, My source code trying to access the webservice through the public ip (http://[remote server ip]:7777). So I need all the traffic originated from my local machine to the remote machine should be redirected to http://[local machine ip]:8888.
For eg http://[remote server ip]:7777 Redirected to http://[local machine ip]:8888
Please note: the ports are different and my OS is ubuntu 12.04
Try a rule like this:
iptables -t nat -A OUTPUT -p tcp -d [remote server ip] --dport 7777 \
-j DNAT --to-destination [local machine ip]:8888