I try to access my node.js server running on Ubuntu. My PC is connected with TP-link router. Now, I want to access node services from other IP(not from my local host or local IPs). What can I do? I used following code.
Note: This server works fine and accessible from local IP but can't access from my public IP
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
You have to use :-
iptables -A OUTPUT -p tcp --sport 8080 -j ACCEPT
for the outgoing rule (not dport). Apart from that, maybe there's an earlier rule that blocks the traffic? Try iptables -L.
Ubuntu have very good firewall and default system is not allow to external IP to response
In express and node js or any server like that
http.listen(6000,"0.0.0.0",function(){
log.info("server started");
})
It will work on your IP, localhost and public IP
but on external IP can't access it
first of all replace
localhost -> 0.0.0.0
when you want to run frontend and backend simultaneously
then it is better to use public IP directly instead of 0.0.0.0
If you are using ubuntu then we need to change in firewall settings using ufw
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with apt-get:
sudo apt-get install ufw
then
sudo nano /etc/default/ufw
check this line and make it yes
IPV6=yes
save file using Ctrl-X to exit the file, then shift + y to save the changes that you made, then ENTER
At any time, you can check the status of UFW with this command:
sudo ufw status verbose
By default, UFW is disabled so you should see something like this:
Output:
Status: inactive
Not most important point
sudo ufw allow portNumber // here portNumber is port-number in integer
in your case
sudo ufw allow 6000
and allow
sudo ufw allow http
for more rules and firewall on ubuntu click here
Related
On Ubuntu if I use the command: sudo disable ufw then it can access my server on any port.
Once I enable firewall again then I run command: sudo ufw allow 9090/tcp then I start my spring boot website on port 9090. Now I use the command: curl http://server_id:9090 => It still block me. If I disable firewall then It can run
Who know root cause? How can I enable firewall and allow on a particular port.
Thanks
I am a starting level at linux...
I got node JS to listen to port 80 and everything works well.
But when trying different ports it doesn't work.
Firewalld is not enabled...
and when trying in the browser I try localhost:8080
Any Ideas?
Stop firewall if already running
sudo systemctl stop firewalld
Check the status of iptable
If not already installed then install it using
yum install iptables-services
sudo systemctl status iptables
Enable the service at boot-time:
systemctl enable iptables
Managing the service
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:
service iptables save
Start and Enable Firewall with this command
sudo systemctl start firewalld
sudo systemctl enable firewalld
Configure firewall and add Ip and range of ports to be enabled (optional)
firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" port port="11224-12224" protocol="tcp" accept'
The above command takes the range of IPs and ports. You need to replace the IP and port range in the above command, make sure to change the x.x.x.x/n , here n is the number of ports.
Suppose if my ip address is : 192.65.35.12. In this machine I'm running node server. I can access the webpages by using this url: http://localhost:3000/ in the same machine.
But, if I'm trying to access the node server from a remote machine having the ip 192.65.35.11. It does not work. I used the below url to access the url from the remote machine:
http://192.65.35.12:3000/
I'm facing network connectivity issues.
Do, I need to change any settings in node.js for remote access.
Then, how can I access the node server from the remote machine.
Use this IP 0.0.0.0 to open your app on all interfaces provided by your computer.
On linux server you need to open port for outside client to reach it.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
$ sudo service iptables save
$ sudo service iptables restart
Then start your server
I'm running a "hello world" http server using node.js on Fedora 20.
I can see "hello world" using my Firefox by typing any of the following in my address bar: 192.168.2.85, localhost, 0.0.0.0, 192.168.122.1
I thought I would be able to open a browser on my wife's computer when she's connected to the same DCHP NAT router, type 192.168.2.85 in the address bar, and see "hello world".
However, her Chrome33 says "This webpage is not available" or "Oops! ...could not connect to 192.168.2.25." Her IE9 says "...cannot display the webpage." But from her command prompt I can ping 192.168.2.85.
On her computer (Windows 7), I tried turning off Windows Firewall and turning off antivirus.
On my computer, I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
On our microsoft router, I tried Persistent Port Forwarding (inbound port range 80-80, private port range 80-80, type TCP, Private ip 192.168.2.85) and Enable virtual DMZ for 192.168.2.85. (I hope I'm not giving enough info to allow an attack?) I saw no reference to WDS in my router.
what should I do to make my node.js app available to other computers in my home? I'm new to all this.
Here's some more details . . .
netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4566/node
cat test.js
var http = require("http");
var app = http.createServer(function(request, response) {
response.writeHead(200, {
"Content-Type": "text/plain"
});
response.end("hello world\n");
});
app.listen(80); //192.168.2.85
console.log("Server running...");
I've looked at:
Cannot browse site hosted on local machine from a mobile
Node.js connect only works on localhost
How do I run Node.js on port 80?
connecting to node.js http server on linux machine from windows machine
Node.JS Not working on the internet
and others.
If you have a Linux server without a GUI, you can set up the firewall manually using the firewall-cmd command...
# list current settings prior to changes; this is your baseline
firewall-cmd --zone=internal --list-all
# add the http services (https is optional based on your needs)
firewall-cmd --zone=internal --add-service=http
firewall-cmd --zone=internal --add-service=https
# I am using port 8080 with node.js just to differentiate it (optional)
firewall-cmd --zone=internal --add-port=8080/tcp
# the zone 'public' is the default zone on my machine but it is not
# associated with the eth0 network adapter. however, the zone 'internal' is,
# therefore, make 'internal' the default zone
firewall-cmd --set-default-zone=internal
# make the changes permanent so that they are present between reboots
firewall-cmd --runtime-to-permanent
# reload all of the firewall rules for good measure
firewall-cmd --complete-reload
# list out the current settings after changes
firewall-cmd --zone=internal --list-all
That's it. Hope this helps someone.
First, I added a zone line to the ifcfg file for the home network.
# vi /etc/sysconfig/network-scripts/ifcfg-<router-ssid-name>
. . .
ZONE=internal
Then I rebooted to ensure change took place.
Then in terminal I typed
firewall-config
It opens in the public zone, which is default, and allows the administrator to select trusted services.
(If I get 10 reputation points I can include my screenshot here.)
If the ZONE is not set in ifcfg as above, then selecting the (public) http checkbox will still work.
But if ZONE=internal in the ifcfg file, then click on internal zone and select http there, for the added security. (Or I could have used ZONE=home or ZONE=work or ZONE=trusted. Same idea.) The change is immediately applied. The other computer's browser could see my "hello world".
Finally, at the top, I changed Runtime to Permanent from the dropdown list and closed the window.
I had thought I was accomplishing the same thing earlier when I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
so I guess I need to look into what the difference is.
Thanks to jfriend00 for pointing me in the right direction. (If I had reputation I would upvote your comment.)
I am wondering if the vanilla installation of MongoDB on Ubuntu can be accessed by the outside world? I have sensitive information thats being written to the database via Node.js (all running on the same box) and want to make sure it is safe.
I would recommend using UFW - Uncomplicated Firewall
Install UFW and enable, enter:
sudo apt-get install ufw
Check the status:
sudo ufw status verbose
Allow MongoDB and HTTP services (assuming default Mongo port):
sudo ufw allow 27017
sudo ufw allow 80
Enable the firewall:
sudo ufw enable
If you do not need connections from another instance, set the following in the configuration (which is probably the default anyway):
bind_ip = 127.0.0.1
If you need access (for example to connect to the database from your own machine for debugging,...) you can either use an SSH tunnel or set up a firewall rule (if you have a static IP; you'll obviously need to disable bind_ip).
Firewalling is a good idea in general, but if your service does not need remote connections, simply disable them. And probably use a firewall with default deny.