I've searched around, watched the quick start videos and I'm not seeing many accepted answers.
I'm running Centos 7 on google compute engine. I'm using the default firewall and I've selected to allow http and https traffic during the setup. However I am not able to connect to the webservice and I believe the port is still closed.
here's the output from nmap:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 12:04 CST
Nmap scan report for xxxxxx
Host is up (0.072s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
646/tcp filtered ldp
Nmap done: 1 IP address (1 host up) scanned in 3.70 seconds
Is that correct considering the default firewall rules are to allow http, https, icmp, internal, rdp, and ssh?
One suggestion was to modify iptables rules or stop the service. I tried that and the service was not running.
I've also tried deleting and recreating the default firewall http rule to no effect. My instance has the same tags as the rule as well. I even tried starting another project in case something was wrong at that level. That didn't work either. I also tried another linux distribution in case it was a centos 7 issue, but that gave the same results.
If no service is running on port 80, nmap will not show it as open. Try to run an httpd service on port 80 and then try nmap, you will see the port as open
Related
I created compute engine instance in GCP to deploy my web app.It works fine inside the instance (localhost:8080).
However, using the external Ip address, I'm unable to access it even though I have allowed for 0.0.0.0/0 for all instances by the firewall rule.I added both port tcp:8080 and tcp :8444 but It does not allow to connect even 'Telnet'.
Connecting To 35.185.98.244...Could not open connection to the host, on port 8444: Connect failed
Connecting To 35.185.98.244...Could not open connection to the host, on port 8080: Connect failed
Anybody can help me to solve this issue?
my git url: https://github.com/ChkBuk/myexamples/tree/master/SyneBiz
Take a look at the Firewall Rule in the GCP. Make sure that you allow ingress traffic for the port 80 (since you are accessing it from the browser). The ports 8080 and 8444 are local ports accessed internally. These ports are not exposed to the public. You have to make sure that there is a forwarding rule that redirects the traffic from port 8080/8444 to port 80.
Eventually, try to test the URL connection and the ports within the compute engine instance, or outside the GCP. Below are some examples:
$ curl http://[external-IP-vm-address]:80
$ telnet localhost 80
$ nmap <external-ip-vm-address>
$ netstat -plant
There are other network tests that you could perform. You may consult this discussion thread from Stackexchange.
Lastly, it could be that the ports 8080 and 8444 are already being used by other processes. For this reason, you are unable to connect to them.
Try the following troubleshooting steps.Type:
$ netstat -tulpn
This command above will display a list of all processes running on their respective ports. If the port 8080/8444 are there, take a look at the existing process running on it. You may then kill that process. For more information on troubleshooting the processes running on port 8444 and 8080, you may consult this article.
I got a problem with Azure Endpoint using Ubuntu.
SYMPTOMS
Online port scanner reported that port 1194 is closed even though the End point was defined to be open at Azure Web Interface for that VM
SETTINGS:
UFW, aka Ubuntu Firewall is inactive.
No IP Table was defined in Ubuntu
On Azure web management interface, endpoint called VPN, port TCP 443 and UDP
1194 was set to open, bidirectional allowing direct return. Public and Private port is both 1194, and both 443
lfor and netstat on ubuntu reported thata service is listening on 1194, got NC to listen to 443
DIAGNOSIS
From Ubuntu, I can see the internet. Pinging Google, getting updates works fine.
I can remote into the machine using default port 22, which is a default open endpoint defined by Azure Ubuntu Image
Restarted Ubuntu everytime a setting change.
Tried deleting and re-creating Endpoint rule, failed
Tried shutting down the VM, and delete and recreate endpoint rule, failed
I CAN Telnet to my local host from Ubuntu via 443.
TROUBLESHOOTING STEPS DEFINED
From my local computer, unable to telnet to the Ubuntu server via 443. Ok on 22, terminated because of protocol mismatch, but that is of course fine.
Online port scanners all report that 1194 was closed and so is 443
Some help would be appreciated.
I think that you need to manually configure the endpoint.
Please check https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/?rnd=1 for more information.
I am setting up a failover server for our website using keepalive.
I have been following this tutorial that feets exactly my needs:
- http://blog.profitbricks.de/failover-und-loadbalancing-loesung-bei-profitbricks/
For a couple of days, everything worked well with keepalive and the virtual ip.
Suddently, the VIP is unreachable on port 80 but still reachable on port 443.
Facts:
ip addr show => i do see the VIP only in one of the frontends.
From the frontend itself, if i query it using it's public IP (the
non vip one) it does work on port 443 and 80.
From anywhere if i use the virtual ip and https, i can reach our application and i do see it in the http server logs.
In syslog i have weird messages like this one for every test i do that use port 80 on the VIP ==> /var/log/kern.log <== Nov 18 15:00:07 localhost kernel:
[14045.457450] IPVS: rr: TCP 'the virtual ip':80 - no destination
available
Hopefully it is not in production yet and if you can help me on that i would be really thankful :)
In case someone search for the terms in this question:
The port 443 was reachable because the server that had the VIP was correct and there was no load balancing on port 443.
The port 80 was unreachable because i didn't setup the iptables correctly on one of the two servers and load balancing was supposed to be done using NAT (bypass_ipvs.sh).
Conclusion: if you need failover and no loadbalancing (which is uncommon) then the mentionned configuration is too much and not adapted.
I am trying to use nodejs and socket.io to deliver a webapp, which use websocket on port 3000.
I have opened port 3000 on my EC2 instance in my management console by adding the inbound TCP rule to the relevant security group, however I still can't access it via public dns on my browser.
sudo netstat -tulpn doesn't show it as an open port.
What am I missing? Is there some service I need to restart or a command line I need to push to get it running?
Thanks
sudo netstat -tulpn doesn't show it as an open port.
netstat command will show what all ports that are being listened by "some" process. So in this case as you have mentioned, It seems like you application is not listening on port 3000.
First, fix your application and ensure that it is listening on port 3000.
Also, netstat has nothing to do with whether a port is opend/closed from firewall perspective. It will tell you whether a given port is in LISTENING mode by some process.
Follow these steps:
Make sure your application is listening on port 3000:
netstat -anp | grep 3000
also telnet 127.0.0.1 3000
Then make sure that local firewall is configured to allow incoming access to port 3000
OR disable local firewall to do a quick test (service iptables stop). for linux, its usually iptables
Allow incoming access to port 3000 in your AWS security group.
Please follow above 3 points and let us know if you still face the same issue.
in addition to all the steps above, check if you have ufw (uncomplicated firewall) set up.
to check if you have ufw running do:
sudo ufw status
if it is running,
to allow port 3000 simply do the command
sudo ufw allow 3000
this solved the problem for me. i forgot that i had setup ufw a while back, and recently starting using my aws instance again.
I guess you made your changes using the AWS Management console.
But this just means that Amazon's system will allow message on port 3000 through their own security systems to your server.
Your EC2 server (you don't say whether it's Windows or Linux) may have its own firewall system that you have to open port 3000 on. You will have to look at the documentation for your server to what settings you need to change.
I assume you've tried opening a browser on your EC2 instance and you can access the webapp from there.
Also, thinking laterally, if there are no other web servers running on your EC2 server why not change your node.js webapp to use port 80?
Had similar problem, but I was using socketio with SSL
var https = require('https').Server({
key: fs.readFileSync(path.join(__dirname + '../) + 'ssl.key', 'utf8'),
cert: fs.readFileSync(path.join(__dirname + '../') + 'ssl.crt', 'utf8')
}, app);
But the keys were wrong, so even though my AWS security was done, iptables clear and nginx providing with client js file, the request kept closing. So in Firefox I got net::ERR_CONNECTION_CLOSED and finally figured out that it might be the SSL failure.
I hope this helps somebody. I had followed an online tutorial that said I should add a security rule for 3000 TCP and link back to the security group identifier in the source.
That's wrong. Remove that line and just set up two custom TCP for port 3000 for IPv4 and IPv6. That fixed it for me.
Let me put my couple cents here.
Resolved issue by adding 3000 port to Secure groups with IPv4 and IPv6 and setting host in nuxt.config.js to '0.0.0.0'. This value makes Nuxt automatically find "real" ip listen to.
Here is how I was able to fix the problem:
Go to the EC2 instance page
In the "Security" tab, click on the link of the security group associated with the instance
In the Actions menu click "Edit inbound rules"
Add rule with custom tcp
And click "Save rules"
Hi have an ip address that has an FTP already setup on it (port 21).
When I add another FTP site in IIS with the same IP and Port it says it cannot start because of a duplicate binding already in IIS.
So I'm curious if I bind the new FTP site with the same IP but will a different port work?
If so, which other port would work or be recommended for this, i suppose i would have to open access on Windows Firewall as well, so i just want to make sure it doesn't open the server up to any potential exploits by exposing the port.
You can use any port not already in use. Running netstat from an elevated command prompt will give you a list of ports in use. People usually use port 2121 or 8021 as an alternative port for FTP.
Although some ports are more frequently scanned by hackers, no port is intrinsically more insecure than others.