I've never used FreeBSD in my life but it's neccesary for me to deploy an HTTP API on FreeBSD. The API is deployed on port 3002.
What do I need to do to forward requests from port 80 to port 3002?
I tried adding this to my /etc/natd.conf file:
interface le0
use_sockets yes
dynamic yes
redirect_port tcp 192.168.1.8:80 192.168.1.8:3002
I also have this in my /etc/ipfw.rules file:
ipfw add 1000 fwd 127.0.0.1,80 tcp from any to any 3002
When I run ipfw -q -f flush I get:
ipfw: setsockopt(IP_FW_XDEL): Protocol not available
I don't know what any of this means, but it's not working.
Can somebody please tell me (in simple newbie terms) how to forward requests from 80 to 3002 in FreeBSD?
(I'm assuming port 80 is both open and the default port for HTTTP requests on a brand new FreeBSD installation)
The easiest way would be to use Nginx or HAproxy to listen on port 80 and then forward/proxy your requests to your API, by doing this you could also benefit from terminating SSL port 443 and just forward traffic to your API
For example to install nginx:
# pkg install nginx-lite
Then edit the /usr/local/etc/nginx/nginx.conf and use this in the server section:
server {
listen 80 default_server;
server_name _;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_http_version 1.1; # for keep-alive
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
This will forward the request to your API on port 3002 without the need to use NAT or any firewall like ipfw or pf, also works if you have your app running within a jail.
Remember you need to put in /etc/rc.conf: gateway_enable="YES".You may also need to create a pipe(check ipfw man), and load a dummynet module.
In my opinion an easier option would be to use PF. Let me quote an example from the handbook
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html
... redirection and NAT rules need to be defined before the filtering rules. Insert this rdr rule immediately after the nat rule:
rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
FWIW, I've published Ansible role to configure PF
https://galaxy.ansible.com/vbotka/freebsd-pf/
almost done !!!!
should be
[was] ipfw add 1000 fwd 127.0.0.1,80 tcp from any to any 3002
ipfw add 1000 allow ipv4 from any to 127.0.0.1 via eth2
ipfw add 1010 fwd 127.0.0.1,3002 ipv4 from any to any 80,443 via eth2
Related
I'm trying to deploy a NodeJS/React app on an ec2 instance on AWS.
My app runs fine on port 3000, but is not being forwarded to port 80.
Neither modifying proxy_pass or modifying iptables seems to work in this scenario.
I've tried the following:
Modifying Nginx's server configuration to forward port 3000 to port 80. My Nginx configuration:
server {
listen 80;
location / {
proxy_pass http://[My Private ec2 IP]:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
server_name example.com www.example.com;
}
}
Modifying iptables to forward port 3000 to port 80.
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
My directory is structured as follows:
- appname/
- /api (node.js server-side code)
- /client (React client-side code)
I have tried running npm start from within appname/client/ as well as npm build. sudo netstat -lntp | grep 80 shows no processes listening on port 80, so the port is available.
The app renders on [public IP]:3000. When I try to access [public IP], the browser displays 'This site can't be reached'.
This seems like a fairly straightforward thing to do, yet nginx and iptables configurations both are ignored. Am I missing something?
Ports are also needed to forward from Amazon EC2 instance's console panel. In order to enable ports from EC2 instance console panel, perform the below mentioned steps:
Login to Amazon EC2 Dashboard
Select your EC2 instance machine
After selecting your EC2 machine, find the section Security groups in bottom panel
Click on the assigned security group name, it should something like launch-wizard-{number}
Then, open inbound tab from the bottom panel
Click on the edit button and add your ports (80, 3000) which needs to be open in the instance machine
You can check the below URL to get more info about Amazon EC2 Port Forwarding
https://aws.amazon.com/premiumsupport/knowledge-center/connect-http-https-ec2/
I have an Azure VM running Ubuntu 14.04. It is running a basic NGINX configuration listening on port 8443 and proxying to localhost 8080 which is being listened to by a service running a script which I am working on.
In my inbound port rules I have opened port 8443 with source IP as my office IP, and destination IP as the VM's private IP, over TCP.
After research I have discovered that you can not ping an Azure VM, though with tools such as psping you can check access to specific ports.
Due to being on OSX I have been trying to use TCPing, trying both DNS and public IP along with port number. I get the response 'port 8443 closed'.
I have checked ports on my VM with netstat and can confirm that nginx is listening on port 8443 and python (my service running a script) is listening on port 8080.
Here is my sites-enabled nginx configuration:
server {
listen 8443;
server_name myServer;
index index.html index.htm index.php;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 600;
proxy_connect_timeout 90;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
}
Anything else I can check? Thanks.
You should check all the following :
Network Security Groups
Load Balancer configuration (if exists)
Configure the Linux Firewall
You can also try to ping the VM port using PsPing (If your OS is Windows)
My site shows always a blank page when I run Nginx on port 80. However if I run Nginx on an other port e.g. port 8080 and I go to mypage.com:8080 it shows my Meteor App. I have no idea why Nginx work on all ports but 80.
Here are my configs.
Nginx
server {
listen *:80 default_server;
server_name mypage.de;
access_log /var/log/nginx/app.dev.access.log;
error_log /var/log/nginx/app.dev.error.log;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Meteor App started with
sudo PORT=5000 MONGO_URL=mongodb://user:pwd#127.0.0.1:27017/mypage
ROOT_URL=http://mypage.de forever start -a -o out.log -e err.log main.js
netstat -tulpn shows
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11214/nginx -g daem
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 10853/node
but as I said before mypage.de shows blank page... The same configs with Nginx on Port 8080 works. I working on Ubuntu. How can I fix this?
Your IP Tables seem to be blocking port 80. That or a firewall in between you and your server.
These are the IP Table rules for web traffic. Just run these commands on the command line:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
I would also drop any rules that aren't needed like allowing port 5000. You only want people going to the web ports and that's it.
I am running a Ripple-Rest server on a CrunchBang Linux (Debian) computer. It runs on the port 5990. I ran the server on this computer and it works fine when i view it via localhost but after port forwarding 5990 on my router I cannot acces this server from any other computer via public IP. I have given full permissions to all of the files the server uses as well.
Below are links to screen shots of what I have done:
https://dl.dropboxusercontent.com/u/108273736/capture.png
Please let me know what I can do to get this to work!
I found the best way to do this is proxy it through nginx. That way you can use standard port for accessing the service and leave the ripple-rest service as local.
apt-get install nginx
change /etc/nginx/sites_enabled/default
... add in the following..
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name yourservername.com;
location / {
proxy_pass http://localhost:5990;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
It seems that port 5990 is blocked either from your isp or iptables. You could check on remote if connections to 5990 are allowed by iptables if it is running thst is.
If you would like to run a listener on 80 that forwsrds to 5990 on remote or you could run local port forwarding.
http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
Assuming ssh on 22 is almost always open.
We faced a similar issue on amazon ec2 and our data center:
http://khanna111.com/wordPressBlog/2013/01/05/amazon-web-service-aws-and-vnc/
I'm running a WebSockets application on a node server. Everything works fine, except that my application is used in schools, and some of their firewalls apparently block WebSockets on port 80. I read that some ports like 843 are usually unblocked, but I want to test this before making any switch.
How to test for open WebSockets ports? e.g. try ports 80, 443 & 843 from the client-side and report which ones work? Any tutorials or code snippets would be great...
I've been using http://websocketstest.com/ to see blocking of my socket.io websockets. I just now came across a scenario too where a client had a firewall blocking traffic on port 80. Rather than insisting on them jumping through hoops I am now listen on 443, not necessary to use SSL either on that port for this purpose.
In nginx I am first redirecting all traffic to socket.test.com port 80 to port 443 thus:
server {
listen 80;
server_name socket.test.com;
rewrite ^ http://test.com:443$request_uri?;
}
then
server {
listen 443;
server_name socket.test.com
location / {
proxy_pass http://127.0.0.1:3004;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
On port 3004 a socket.io server is accepting connections. Works!
2018 update: thanks to letsencrypt.com it's now trivial to add https certs so all this can be done with encryption on 443