check whether port 80 is denied? - linux

I'm studying Iptables on linux, and try to reject all traffic coming to port 80.
I execute iptables -A INPUT --dport 80 -j REJECT on kali-linux.
But how can I testing the result that "all traffic to port 80 is rejected".
And what if allow traffic to port 80 and reject traffic going out through port 80.
I have Nginx on my PC.

There are many ways to check if port 80 is open.
Easiest way is to type telnet myserver.com 80 from a remote computer. It tries to open a port 80 on server. It timeout if unable to open.
Use netstat to show the processes listening on TCP or UDP ports. Scan and grep for port-80.
Something like this:
netstat -an | grep PORTNUMBER | grep -i listen
If you have an output, that means port 80 is open and listening.

External way
nmap example.com -p 80
Internal way
iptables -L -v -n --line-numbers

Related

How to make correct iptable rule like browser port configuration

After searching the forums with no matching results, I asking hear.
I want to redirect every browser request in destination port 80 to another port (for example 8080). all in the localhost.
My workplace is linux, and I want to use the iptables rules and python code server.
The rule I used is:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080.
I also tried some other flags like specific ip source and server etc.
The server listening on port 8080 is:
#!/usr/bin/env python
import SimpleHTTPServer
import SocketServer
def redirect_factory():
class RedirectServer(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
self.send_response(301)
self.send_header('Location', 'www.IdontCare.IdontKnow')
self.end_headers()
return RedirectServer
redirectServer = redirect_factory()
handler = SocketServer.TCPServer(('', 8080), redirectServer)
print("serving at port %s" % 8080)
handler.serve_forever()
The problem is that it works well when I configure my browser in the connection settings (without adding the iptables rules) like this:
But when I use the iptables rules it says that it have a broken pipe, and the browser request didn't received at all in the server. So if I write in the URL in the browser www.google.com I can't see it with the self.path value.
EDIT:
Here is the iptables -t nat -nvL --line-numbers output:
the rule is working, but it not done what I suppose.
I play a little with the rules, and if I put one of the next rules I can see in the CNAME in the self.headers value.
the rules is (I can just choose one of them):
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 80
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1
If I not mistake, both of them done the same thing.
what am I do wrong ?
and how to make it work with iptables rules like the configuration of the browser?
Thanks!

Understanding the netstat output

tcp 0 0 :::111 :::* LISTEN
Above is the output of netstat -nl | grep 111What is the meaning of :::111 segment?
technet.microsoft.com says that:
Displays active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics
(for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for
the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used
without parameters, netstat displays active TCP connections.
So you can find which addresses and ports are used and listening. for example you want to run a Tomcat server on port 8080. but it used. so you can run:
netstat -ano | find "8080"
output will be something like:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1185
TCP [::]:8080 [::]:0 LISTENING 1185
It says that process number 1185 is using this port. If it is necessary to use this port you can shutdown the app that use this port and run your server on it by this command:
taskkill /F /PID 1185
#echo off
:myline
netstat -nob
echo.
echo.
ping 127.0.0.1 > %temp%\pingio.txt
goto myline
Put this in a batch file and run it as Administrator to monitor network processes.

Opening a port with iptables doesn't work

I want to open a port on Debian with iptables -A INPUT -p tcp --dport 80 -j ACCEPT, but it's not working. When I scan the localhost:
root#debian:~# nmap -p 80 localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2014-08-27 12:38 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
I can't connect with netcat:
root#debian:~# nc -vv localhost 80
localhost [127.0.0.1] 80 (?) : Connection refused
sent 0, rcvd 0
But it's on the iptables:
root#debian:~# iptables -L
...
ACCEPT tcp -- anywhere anywhere tcp dpt:80
...
I've also opened the port to the internet with NAT on my router.
I'm using Debian 3.2.0-4 on i368.
You need something to listen this port to accept connections. Web server for example.
Run this to see if you have a running server that listen 80 port:
netstat -ntlup | grep 80

Is it necessary to open all used ports when using one Node.JS application to route from port 80 to apps on different ones?

I'm working with an Ubuntu 12.04 LTS, 64 Bit server there I have used the following commands to send all http request on port 80 to port 8080
Commands:
cat /proc/sys/net/ipv4/ip_forward #returns 1
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
From there I wanted to proxy the requests based on (sub)domain to some other ports (i.e. 9000, 3000, 9615) using http-master. I'm having some problems getting this done and had it right once on a VPS on amazon aws where those ports where opened.
So what I'm asking is if it's necessary to open every port and how I can do that on the command line?
After some further research and experimentation I concluded that it's only necessary to open the port that we use as entry points. If we then route it with a proxy or even with NAT configuration to another PORT, the latter will be used only to "listen".

Configuring IPtables for PHP-FPM

So I have a CentOS server with Nginx and now want to run Nginx with PHP-FPM. By default it's configured to port 9000 but I'm going to use 9001. I need to know how to open port 9001 for loopback in my iptables. Which of the following are correct, are they the same, or both wrong? Any help will be appreciated, thanks :)
iptables -A INPUT -p tcp -s 127.0.0.0 --dport 9001 -j ACCEPT
or
iptables -A INPUT -i lo --dport 9001 -j ACCEPT
You shouldn't need to open the firewall to connect to localhost, as it shouldn't be firewalled anyway (as a general rule).
But I would suggest following the above advice to use sockets instead.
Edit /etc/php5/fpm/php5-fpm.conf and search for these two lines:
listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000
Comment out the port one and uncomment the sock one - restart php-fpm :)

Resources