Is there a way to determine or trace how a port forwarding configuration is set up on a system running Ubuntu 14.04 LTS, on which there is a NodeJS service running and somehow accepting connections via port 80, although the service itself is running on port 8080, given that it's clear that port 80 connections are being handled by Apache (see details below)?
I have attempted to lsof -i :80 on the system, and according to lsof, there's no process running on port 80. Interestingly, though:
ubuntu#ip-***-**-**-***:~$ sudo netstat -anp | grep apache
tcp6 0 0 :::80 :::* LISTEN 10197/apache2
I have dug into the apache configuration, after determining that it is located at /etc/apache2/apache2.conf and have not been able to find any VirtualHost records, ProxyPass, or anything of the sort.
I have also checked iptables -L just in case.
Would httpry or something like it help figure out the port forwarding configuration and what running processes are responsible for the port forwarding?
iptables -L wouldn't answer the question (this lists the iptables filter table); you'd want to look at the nat table by running iptables -t nat -L (or iptables -t nat -S, which produces output in the format of iptables-save which I find much easier to read).
Typically Apache reads more than just /etc/apache2/apache2.conf, also, so there may be additional Apache config files under /etc/apache2 that you should check.
Related
I'm studying Iptables on linux, and try to reject all traffic coming to port 80.
I execute iptables -A INPUT --dport 80 -j REJECT on kali-linux.
But how can I testing the result that "all traffic to port 80 is rejected".
And what if allow traffic to port 80 and reject traffic going out through port 80.
I have Nginx on my PC.
There are many ways to check if port 80 is open.
Easiest way is to type telnet myserver.com 80 from a remote computer. It tries to open a port 80 on server. It timeout if unable to open.
Use netstat to show the processes listening on TCP or UDP ports. Scan and grep for port-80.
Something like this:
netstat -an | grep PORTNUMBER | grep -i listen
If you have an output, that means port 80 is open and listening.
External way
nmap example.com -p 80
Internal way
iptables -L -v -n --line-numbers
I have the following problem. I'm using Debian GNU/Linux Stretch and I am trying to use netcat as a simple server. I start it using following command:
$ netcat -l 127.0.0.1 33333
It starts just fine and accepts connections but on a different port than requested:
$ netstat -tulpn | grep netcat
tcp 0 0 0.0.0.0:38782 0.0.0.0:* LISTEN 2851/netcat
This behavior is independent of requested port, user or ufw status. Recently I installed LXC with following packages:
apparmor
bridge-utils
cgmanager
libapparmor-perl
lxc
All have been removed later, but somehow I feel like this behavior may be related to some changes in configuration.
It looks like you are using traditional netcat which requires providing -p argument for the listening port:
netcat -l 127.0.0.1 -p 33333
From nc -h:
-p port local port number
Syntax you use would work with OpenBSD netcat.
Following line is appears in several SO answers regarding how to serve node applications through port 80: the aadvice being given is to forward the traffic to an unprivileged port.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
However, when I try this on Ubuntu 12.04 iptables helpfully does absolutely SFA. Nothing. Am I running afoul of an iptables version thing here?
Has anyone got a proven solution that will work on Ubuntu 12.04 et al.? Much appreciated.
Note that the -i eth0, means it will only work for things coming from the network eth0. So it won't work if you test it from localhost, and it won't work if your hardware is slightly different. Try removing the -i eth0 entirely.
I have been using wire-shark to analyse the packets of socket programs, Now i want to see the traffic of other hosts traffic, as i found that i need to use monitor mode that is only supported in Linux platform, so i tried but i couldn't capture any packets that is transferred in my network, listing as 0 packets captured.
Scenario:
I'm having a network consisting of 50+ hosts (all are powered by windows Except mine), my IP address is 192.168.1.10, when i initiate a communication between any 192.168.1.xx it showing the captured traffic.
But my requirement is to monitor the traffic of 192.168.1.21 b/w 192.168.1.22 from my host i,e. from 192.168.1.10.
1: is it possible to capture the traffic as i mentioned?
2: If it is possible then is wire-shark is right tool for it (or should i have to use differnt one)?
3: if it is not possible, then why?
Just adapt this a bit with your own filters and ips : (on local host)
ssh -l root <REMOTE HOST> tshark -w - not tcp port 22 | wireshark -k -i -
or using bash :
wireshark -k -i <(ssh -l root <REMOTE HOST> tshark -w - not tcp port 22)
You can use tcpdump instead of tshark if needed :
ssh -l root <REMOTE HOST> tcpdump -U -s0 -w - -i eth0 'port 22' |
wireshark -k -i -
You are connected to a switch which is "switching" traffic. It bases the traffic you see on your mac address. It will NOT send you traffic that is not destined to your mac address. If you want to monitor all the traffic you need to configure your switch to use a "port mirror" and plug your sniffer into that port. There is no software that you can install on your machine that will circumvent the way network switching works.
http://en.wikipedia.org/wiki/Port_mirroring
So I have a CentOS server with Nginx and now want to run Nginx with PHP-FPM. By default it's configured to port 9000 but I'm going to use 9001. I need to know how to open port 9001 for loopback in my iptables. Which of the following are correct, are they the same, or both wrong? Any help will be appreciated, thanks :)
iptables -A INPUT -p tcp -s 127.0.0.0 --dport 9001 -j ACCEPT
or
iptables -A INPUT -i lo --dport 9001 -j ACCEPT
You shouldn't need to open the firewall to connect to localhost, as it shouldn't be firewalled anyway (as a general rule).
But I would suggest following the above advice to use sockets instead.
Edit /etc/php5/fpm/php5-fpm.conf and search for these two lines:
listen = /var/run/php5-fpm.sock
;listen = 127.0.0.1:9000
Comment out the port one and uncomment the sock one - restart php-fpm :)