Port Forwarding works only localy - linux

I have Tomcat server (on Ubuntu) running on port 8080 and I want to connect externally, but Port-Forwarding works only in LAN. port fw :
HTTP Server 0.0.0.0 80 192.168.1.246 8080 TCP
and when put req. on my router WAN IP it wont respond (timeout).
I m not even sure where the problem could be..
netstat:
tcp6 0 0 :::8080 :::* LISTEN 7767/java

You have to point *:80 to 192.168.1.246:8080 and it will be fine. Right now you try authorize the IP 0.0.0.0 on the port 80 to access your IP 192.168.1.246 on the port 8080 which is not correct.

Related

Why my website hosted on aws refuses to connect?

I have a node app which runs on localhost perfectly, I hosted it on AWS ec2 instance on port 80 and it worked fine too, after 7 days of inactivity when I searched public IP address of my ec2 instance(on any browser), it says <public_ipv4> refused to connect.
Here are a few things I did for troubleshooting which I read from AWS forums but not getting any luck:
deleted the node_modules/ directory and reinstalled using npm
install command
Have correctly allowed HTTP traffic on port 80 inside inbound rules of security groups for that instance(i have only one instance running)
Ran netstat -nplt | grep 80 , which gave me output :
tcp6 0 0 :::80 :::* LISTEN
I have added a script in package.json file, through which app.js file will run
In my app.js file i am listening to port 80:
app.listen(80, async function(){
console.log("server has started");
})
What else am I missing?
Screenshot of inbound rules :
it seems you have allowed only IP v6 address on Inbound traffic of Security Groups..
Not added allow permission for IPv4 address..
Add below rule
HTTP tcp 0.0.0.0/0 80
if you have added both rule ( IPV4 and IPV6) then
sudo netstat -tnlp | grep :80
should show below both lines..
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
but in your case it showing only tcp6
See if the steps below helps.
Did you stop your ec2 instance start and it again if you did it would have changed your public ip if that is case use the new public ip.
Check your security groups attached to the ec2 instance if it allows in bound traffic on port 80.
If the first step does not work connect to your ec2 instance and run a curl command to see if your app is running.
In my app.js file i have used port 80 :
app.listen(80, async function(){
console.log("server has started");
})
but when i changed port number to 3000 in app.listen , it worked , i dont't know how did this happen though.
There was no issue with security groups.

Unable to access express/node server on port 3001 despite enabling via firewall-cmd

I've been searching around this morning trying to figure out how to resolve my issue but nothing appears to suit my situation or solve my problem and so here I am.
I have a server running on CentOS Linux release 7.5.1804 (Core) and I have installed node v10.11.0 in order to host a website. I have a domain foo.ca whereby I have two separate web servers running (one for client, one for server). The client runs on port 3000, and I used iptables to forward port 80 to port 3000 so I can actually view my website without explicitly listing the port (i.e. by entering foo.ca in the address bar)
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
This works fine, and I can see foo.ca
My problem arises when I try to access the server which is running on port 3001. I have enabled the port via tcp using firewall-cmd:
sudo firewall-cmd --zone=public --add-port=3000/tcp --permanent
sudo firewall-cmd --zone=public --add-port=3001/tcp --permanent
sudo firewall-cmd --reload
If I type foo.ca:3001 chrome tells me the site can't be reached, foo.ca took too long to respond.
I tested port 3001 via an online tool and it says that it is open, I also checked netstat:
netstat -tuplen
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 995 12161 -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 12066 -
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 1000 56647615 4926/node
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 1000 56671635 6195/node
Some online suggestions included using 0.0.0.0 rather than localhost but as you can see I already have that implemented. I don't really know what my options are at this point, I've tried enabling the port via iptables as well but I am not sure that did anything:
iptables -A INPUT -p tcp --dport 3001 -j ACCEPT
One last thing, my express server code is like so:
const express = require('express')
const app = express()
const port = 3001
app.get('/', (req, res) => res.send('Hello World!'))
app.listen(port, '0.0.0.0', () => console.log(`Example app listening on port ${port}!`))
And I run it like node test
Anyone have any ideas? I'm not much of a network guru
The solution was my network was blocking it for some reason

Accessing Azure VM port from Outside of VM

As we know there are simple steps to give access to any VM-port from outside.
Here is the steps I have already covered :
Open VM instance and run the server on port 80 and checked the
localhost is running in the local browse,
added port 80 in the inbound of Network security group,
turned off all three types of firewall from the VM windows.
Still the public ip is not accisible from the outside. Ping ... is resulting "Request timeout" or the port "80" is not accessible from the browser using public IP.
Edit : Surprisingly i have found a Deny tag in the report ! Does it matter ?
Normally, add port 80 to NSG inbound rules and turn off VM's windows firewall, we will access website from outside.
In your scenario, maybe we should check web site work on IPv4 or IPv6 or both?
We can use this command to check it:
C:\Users\jason>netstat -ant
Active Connections
Proto Local Address Foreign Address State Offload State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING InHost
TCP [::]:80 [::]:0 LISTENING InHost
TCP [::]:135 [::]:0 LISTENING InHost
TCP [::]:445 [::]:0 LISTENING InHost
TCP [::]:3389 [::]:0 LISTENING InHost
We can find web service listen on port 80 and work on IPv4 and IPv6, so we can use IPv4(public IP address) and port 80 to access this web site.
We should make sure web service work on IPv4.
==========================
Update:
Please check your Vnet-->subnet, does this subnet associated with a NSG, if yes, we should modify this NSG's inbound rules, add port 80 to this NSG.
It seems a issue with node server for angular cli, more information please refer to this link below:
https://github.com/angular/angular-cli/issues/1793

Meteor app running on 127.0.0.1 instead of 0.0.0.0

I have my meteor app running on my production server. I have a reverse proxy setup on a different server.
A curl from my reverse proxy server to my app server gives me a Connection Refused.
My app is running on port 8080 and my firewall allows access to the port. I suspect the reason for the connection refused is that my app is running on 127.0.0.1 instead of 0.0.0.0
On running sudo netstat -tapn I get a
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 14391/node
How do I get the app to run on 0.0.0.0. If this is not the reason, what else could cause a connection refused?
127.0.0.1 is the loopback IP it's usually the same as localhost (as defined in your hosts file). you should never be able to connect to that IP from the outside. 0.0.0.0 binds to all IPs on the server, which is accessible from the outside.

Unable to get to node.js externally

I've looked everywhere for an answer on this, but haven't had any luck.
I've installed node.js on my server. I've created the standard "Hello World" example like:
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {'Content-Type': 'text/plain'});
response.end('Hello World\n');
}).listen(8080, "0.0.0.0");
console.log('Server running at http://0.0.0.0:8080/');
After running the script on the server:
node app.js
I can connect internal to port 808 and see the Hello World message, but when I try to connect to port 8080 my server externally I get a "Can't connect to server" error. I've also tried this in my listen function:
etc..
}).listen(8080, "204.xxx.xxx.xxx");
(with my real external IP address) and haven't had any luck.
I've tried to accept connections on 8080 by adding this to iptables:
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
but still have hit a wall. When I run netstat I get:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
which I think tells me that port 8080 is listening for connections.
So — what am I doing wrong here?
You are most likely behind network address translation (NAT).
If you're using a normal home internet connection and you have a gateway router, you can have multiple devices using your home's internet connection (connected via Ethernet or Wifi), no?
But you only have one IP address.
To accomplish this, the router lets you connect out - but doesn't let any connections initiated from the outside back in (simplification for relevance - read up if you want more information).
You're going to have to look at configuring port forwarding - you want external port 8080 to forward to your computer's internal IP address.

Resources