Cannot access app engine application from LAN - linux

I added the --address=0.0.0.0 to GAE arguments in eclipse.
From the same machine I can access the server with:
http://192.168.1.7:8888/createUser.html
http://localhost:8888/createUser.html
http://0.0.0.0:8888/createUser.html
http://127.0.0.1:8888/createUser.html
However if I try to access it from an Android device on the same LAN through http://192.168.1.7:8888/createUser.html I get an "Oops!".
The Android device can ping 192.168.1.7 and vice versa.
I'm using Linux and I don't have any firewall. What's the solution?
Thank you.
EDIT: I also tried to access the page from another PC in the same LAN but didn't work. I also tested the port using telnet: it works from the machine but doesn't work from other devices in the same LAN.

The solution is to open the port 8888 using this command:
sudo /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8888 -j ACCEPT

Related

How to restrict access from internet to containers ports on remote linux server?

I use docker-compose on ubuntu 18 on remote server.
How, with iptables, can i block access from the internet to the docker port and only allow access to it from the localhost of this server?
For instance, i want to block 4150 port for internet. Trying this:
iptables -A DOCKER-USER -p tcp --dport 4150 -j DROP does not block the port - still can access to it from the internet (not from server machine).
How can i block access from internet to all ports that are on the server, but allow only 22,80 ? And keep that ports available from localhost of the server (eg from the server itself) ?
Not the IPTables based solution you're looking for, but a much simpler solution is to only publish to a specific interface, instead of all interfaces. And when that interface is the loopback interface, e.g. 127.0.0.1, you'll only be able to access the port locally. To do this, add the interface to the beginning of the publish spec:
docker run -p 127.0.0.1:4150:4150 ...
Or a similar syntax in the compose file:
...
ports:
- 127.0.0.1:4150:4150
...
As for why the command you tried using didn't work, this needs conntrack to get the original port rather than the docker mapped port:
iptables -I DOCKER-USER -p tcp -m contrack --ctorigdstport 4150 -j DROP
This also changed from -A (append) to -I (insert) because there's a default rule to accept everything in that list.

How does one open a tensorboard port in Linux?

I have some tensorboard data and I want my server to let me see the data. I don't want to have to send the tensorboard data files to my computer, so it would be ideal if I can just access them remotely. How does one do that? I would assume that the server would just host it as a normal website? What are the Tensorboard commands for this?
I know that locally one can do:
tensorboard --logdir=path/to/log-directory
and then go to the browser to do:
http://localhost:6006/
but is it possible to the equivalent from a server and then just read the data in my local browser/computer from the server?
Assuming that there is no firewall preventing access to port 6006 from the outside, and that your server's address is server.example.com you should be able to simply type http://server.example.com:6006 into your browser and have it work.
In case of a restrictive firewall, tunneling the tensorboard port over SSH using Local Port Forwarding is a good approach (this is also more secure than opening random ports publicly). When logging in to your server, you could type (for instance):
ssh -L 12345:localhost:6006 server.example.com
After that, start tensorboard on the server as usual, and you will be able to access it at http://localhost:12345 in your browser.
mvoelske instructions for setting up port forwarding are correct. If you have administrative privileges on the machine, you can open port 6006 to your IP address using the following commands:
$ sudo iptables -A INPUT -p tcp -s <insert your ip> --dport 6006 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --sport 6006 -m conntrack --ctstate ESTABLISHED -j ACCEPT
The iptables change can be saved with the following command:
$ sudo service iptables save
Note that this is for CentOS v6 and below. CentOS v7 and above used Firewalld by default.
If you have reached this stackoverflow question because you are troubleshooting a previously working TensorBoard setup, you might consider adding the --bind-all flag to your command line.
$ tensorboard --logdir=path/to/log-directory --bind-all
This resolved my problem reaching TensorBoard by URL within an internal network.
http://my_server.company.com:6006

cannot open up port using iptables to use rstudio server

I am currently trying to open port 8787 for rstudio server. I have set this up on an ubuntu host, and want to point my browser at the ip address of the ubuntu host, using port 8787 to direct it to rstudio. I can do this from the host machine, but no such luck using a different computer.
When I do
netstat - peantl | grep ":8787"
I get nothing returned, unlike when checking port 22 which is confirmed as listening. I can there ssh from external machines into the ubuntu host.
So I tried to open up port 8787 with iptables:
sudo iptables -A INPUT -p tcp --dport 8787 -j ACCEPT
command runs fine, but then re-checking with netstat I still do not get any output (I was expecting similar output to port 22 as mentioned previously)
I also allowed port 8787 on ufw:
sudo ufw allow 8787
using gufw it confirms port 8787 is open.
What could be the issue? If my network has restricted port 8787 how can I tell? Am I allowing port 8787 correctly with iptables?
Thanks.
All your iptables and ufw commands are doing is opening ports in the firewall itself. The fact that there is no output from the netstat|grep line means that the rstudio software does not actually have the port open for anyone to connect to. This is the issue you need to fix first.

node.js on VirtualBox CentOS machine, no connection?

I've setup a CentOS 6.3 Box in a VirtualBox Machine, installed node.js and npm and wrote an example 'Hello World' Application which listens on port 8080 and IP '192.168.10.132' (this is the IP of the CentOS machine). The server starts correctly, but under 192.168.10.132:8080 on my host machine (Mac OS X 10.0.7) I always get an error.
Did I something wrong?
Generally I run into issues like this because I have not opened the port in iptables.
The following command will add the port to iptables
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -m comment --comment "node.js port"
Then make sure to save your current config.
service iptables save
then you'll need to restart iptables
service iptables restart
For more info, check out the iptables docs here: http://wiki.centos.org/HowTos/Network/IPTables

Openfire and Windows Azure

Has anyone installed OpenFire on Windows Azure before?
Is it easy to create another instance with the OpenFire in it?
Thanks!
Yes, I've installed openFire on both EC2 (Linux) and Azure. It is a painless as you could imagine.
get a VM
install java
install openfire
install openfire db to SQL azure (connection string syntax below)
jdbc:jtds:sqlserver://SQLAzInstance.database.windows.net:1433/OpenFireSqlDBName;ssl=require
be sure to allow proper ports through the endpoints tab of the virtual machine in the new azure management portal
TCP 5222/5223 (std/SSL client connectivity)
TCP 5269 (server-to-server)
TCP 9090 (default openfire web ui port, you could change this)
Log into your Windows Azure account.
Create a Machine running Ubuntu 14 LTS
Then go to your SSH client (for Mac and Linux users, you can use the terminal by typing
ssh username#servername e.g. ssh joel#chatserver.cloudapp.net ) and for Windows users, you can install PuTTy SSH client which comes with BitVise.
log in as an admin by typing
sudo su
then update the sever by typing
apt-get update
then check for any new releases by typing
apt-get upgrade
Then check if java is installed (it is usually not installed anyway) by typing
java -version
if it is not installed, install it by typing
apt-get install default-jre
accept it to install by typing y to mean yes
wait for it to install
then install openfire by first downloading it. You use the wget command to download it directly to your server as below. (at the time of writing, openfire 3.9.3 is the latest version)
wget -O openfire.deb http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3.9.3_all.deb
Then after it has finished downloading, install it by typing
dpkg --install openfire.deb
Before you go to the browser, go to your Windows Azure dashboard
Click on the Virtual Machine you have created
Then click on Endpoints
Add the following end points, they are all of TCP type
Public Port 5222, Private Port 5223 and this is for SSL connectivity
Public Port 5269 and Private port 5269 and this is for server to server connectivity
Public Port 9090 and private port 9090 and this is for openfire web UI
After all this, you are good to go,
Go to your browser and type in your server url and at the end put 9090 e.g.
chatserver.cloudapp.net:9090
Hope that helped and happy chatting!!
To user default port such as 80 and 443 (replace 5222 and 5223 with 80 and 443 ) use following commands to redirect traffic on linux machine.
iptables -A INPUT -i eth0 -p tcp --dport 5222 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5222
iptables -A INPUT -i eth0 -p tcp --dport 5223 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Resources