Security :: IPTABLES Port 8080 \ Still Cannot Access Through Ssh Nor Putty And It Doesn't Show Up When Netstat Either?

Jun 6, 2011

I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT

[code].....

View 7 Replies


ADVERTISEMENT

Security :: Correct/safe Iptables Rules For Redirecting Port 80 To 8080?

Jul 13, 2010

I am setting up tomcat server on my Centos 5.5 machine. I've been advised to run tomcat on 8080 as non root user and redirect traffic to it from port 80.

I searched and found the following iptables commands for this:# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT -to-ports 8080
# iptables -I INPUT -p tcp --dport 8080 -j ACCEPTI have a doubt:

Tomcat is not accessible via port 80 without the second command. But the second command opens 8080 and makes it accessible over the internet (tomcat is accesible via both: www.<website>.com and http://<ip address>:8080). This doesn't seem right. Is there some simple (iptables) way to redirect traffic "internally" from port 80 to 8080 without having to open 8080 to the internet.

View 3 Replies View Related

Ubuntu Networking :: Port Open In Iptables But Nothing In Netstat?

May 16, 2011

I need the port 27015 to be open. I've opened it in iptables :

Quote:

iptables -A INPUT -p tcp -i eth0 --dport 27015 -j

But when i try :

Quote:

netstat -nan

The port 27015 do not appear as "LISTEN".

View 1 Replies View Related

Security :: Iptables - Limit Access To Port 8443 On Server To 2 Specific IP Addresses

Dec 23, 2010

I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL

[Code]...

Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.

View 10 Replies View Related

Fedora :: VMWare Web Server - Can't Access Tomcat On Port 8080 From The Outside World

Jul 29, 2009

I am having trouble getting my FC10 with tomcat visible to the outside world. first off i am somewhat new to linux. I am running vmware workstation to host my linux web server. i have my VMWare setup to use my second NIC solely. it is bridged and the tcp/ip is disable from the host. i can ping the ip address but cant access tomcat on port 8080 from the outside. i can hit it fine from inside fedora. i have configured my router (wrt54gs with DD-WRT firmware) for port forwarding. so basically i think that the problem is somewhere in between the host and the vmware configuring allowing the port to be forwarded through.

View 2 Replies View Related

Security :: Iptables: Verify Traffic On Port To Check If It Is Legitimate For That Port?

Apr 18, 2011

Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?

One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.

View 5 Replies View Related

Ubuntu Security :: Iptables Port 25 Is Open

Feb 28, 2011

I've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".

Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).

View 2 Replies View Related

Security :: Iptables Not Opening Port On Centos?

Dec 24, 2010

I'm trying to open port 119. I already have a few ports open. I've used webmin to open both incoming and outgoing ports. iptables --list --numeric gives me:

Code:
...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000

[code]....

View 4 Replies View Related

Security :: Port Mapping On A Machine Using Iptables?

Jan 9, 2010

I want to do port mapping on a linux machine using iptables.I have a service listeneing on port 2000 udp and I want to add iptables rule, which will map incoming packets on port 2001 to port 2000, so that service will accept the connections.The idea is that I don't want to change the default port for the service, but to make internal port redirection from (2001 to 2000), so the default service port will be filtered by iptables, and the other port will be open to the outside. The internet host connects to the linux machine on port 2001. The linux machine change destiation port from 2001 to 2000 and the service (on the same machine) process the packets and accepts the connection.I tried adding the following to my iptables rules, but it didn't work out:

$IPTABLES -A FORWARD -p udp --destination-port 2001 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2001 -j REDIRECT --to-port 2000

View 6 Replies View Related

Ubuntu Security :: Iptables Not Allowing Port Forwarding

Sep 5, 2010

I've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.

I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.

Here is the script I've cobbled together from various (foreshadowing!) locations:

Code:

View 1 Replies View Related

Ubuntu Security :: Iptables, Block Port Except For Eth0

May 24, 2011

I would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.

This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.

Code:
iptables -A FORWARD -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT

[Code]....

View 3 Replies View Related

Security :: IPtables And FTP When Server Listening On Non-Standard Port?

Nov 9, 2009

I'm using iptables with modules ip_contrack_ftp to be able to use passive ftp. It works well as long as port 21 is being used as listening port. Is there any way to make it work when I configure my ftp server (vsftpd) to listen on an alternative port, lets say 21001 or something? The helper module only seems to be working properly with the standard port, so I was wondering whether there was a way to "tell it" that another port is being used? I mean, of course I make a rule in fw to allow traffic to the alternative port.

But once it's time to start passive connection, then the iptable module cannot handle it properly. I could solve the problem by making a range of passive ports in the ftp-server configuration and allow the incoming traffic to them, but then using helper modules doesn't make any sense. I just want to allow the traffic to the listening port and then want the ip_contrack_ftp module to take care of the rest. This is what I do today - but only port 21 seems to be working. Is there a way to do this with a non-standard ftp port?

View 5 Replies View Related

Security :: Debian 6: Iptables Blocking Certain IP Ranges On A Certain Port Range?

May 16, 2011

I am currently running Debian 6. I would like to know if there is a way and how i would go about blocking a certain IP range from connecting to my server within a certain port range. Say for example.

i want to block ip range 123.123.123.* from connecting to my server on the ports 33000 - 43000. But, i want to allow them to connect on any other port range, and i want to be able to allow connections from my server to the blocked ip range on those same ports. so, blocking incoming only on the above port range.

using iptables.

View 1 Replies View Related

Security :: IPtables Port 25 Connection Limit Without Blocking Barracudas

Jan 11, 2011

I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com

Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT

Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.

View 4 Replies View Related

General :: Determine Which Application Is Using Port 8080?

May 18, 2010

Finding the process that is using a certain port in linux

I have an Ubuntu Server setup, where I'm trying to set up a daemon that wants to have access to port 8080. When I run the command, the error message says it's being used by another process. But which one, it doesn't say. How can I go about finding which program uses this port?

View 1 Replies View Related

Networking :: Open Incoming Port 8080?

May 16, 2011

I have a iptable as firewall, I want to open incoming of port 8080 so I use "# Allow forwarding of incoming Port 8080 traffic" but it didn't work? how can I open just incoming of port 8080?

View 3 Replies View Related

Server :: Apache Is Not Listening On Port 8080?

Dec 2, 2010

My Apache is not listening on port 8080. Hence i cant access my server manager [URL]

View 2 Replies View Related

Ubuntu Security :: Drop Igmp Port 0 Packets With Iptables Rule?

Jan 3, 2011

how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.

View 2 Replies View Related

General :: Transparent Redirect Site To Port 8080?

Nov 4, 2010

Currently my home internet provider does not allow services on ports 1 to 1024 but allow the use of high ports to whatever users want to do and I was wondering what ways are there to mask my webserver @ ip:8080 and yet maintain the servernames ? For example currently if I use myexample.com:8080 it will open just fine but I know there some ways to make it look like if port 8080 never existed, one example of this would be using a proxy server somewhere else to redirect the access but I don't have one available nor money to use for this.

In the above case what would happen is that when user hitted the proxy server it would redirect and query my server so user would never know 2nd server existed at all. Another way would be creating a page somewhere else and put your site as a iframe or frame which would hide it but may be a problem to some browsers etc...

So I belive the question here is what options do I have to mask my server at 8080 to look like a transparent webserver? While I do know this seems a bit technical I belive the place to ask this question would be here instead of serverfault

View 2 Replies View Related

Ubuntu Servers :: Change HTTP Port To Say 8080

Feb 8, 2011

I will be setting up a web server at my house. It will be a simple page for my family to keep in touch and maybe some other stuff. Here is the problem: I believe my ISP blocks port 80. So when setting up the firewall and it list the normal port 80 am I able to edit to say 8080? I have a ddns already setup for my router and I am waiting for an email back from DynDNS.com on setting up a new domain to forward to my already setup hostname. I just need to get everything redirected to another port beside 80.

View 4 Replies View Related

Server :: Reverse Proxy On Squid To Port 8080?

Apr 25, 2011

I have got a reverse proxy that is working just fine, it accepts requests on port 443 and port 80 and ONLY sends traffic upstream to port 80 to the apache server listening on localhost. I use the following config:

https_port 10.14.1.72:443 cert=/etc/squid/self_certs/site.crt key=/etc/squid/self_certs/site.key defaultsite=site vhost
cache_peer 127.0.0.1 parent 443 80 no-query originserver login=PASS
http_port 10.14.1.72:80 vhost

My problem is the following : The site should act differently in some occasions based on whether http or https was requested. So my idea is to setup second http vhost on apache listening to port 8080 and on that vhost I would server the https code. So is it possible to use SQUID to :

Send traffic destined for port 443 to localhost:8080
and
Send traffic destined for port 80 to localhost:80 ?

View 13 Replies View Related

Server :: Iptables PREROUTING \ User Via Internet Access LinuxA Tcp Port 1935?

Oct 20, 2010

LinuxA & LinuxB
linuxA:eth0(10.1.1.1) connected linuxB:eth0 (10.1.1.2)
linuxA:eth1(202.1.20.45) connected internet

[code]....

View 2 Replies View Related

Server :: Forwarding An Application Having Port Id 8080 To 80 Using Httpd.conf?

Nov 26, 2010

I am a network/system Administrator in an avg. based company, we are using Cent Os as servers. We are developing applications in both php & java, for java we are using apache tomcat as server (port number 8080) & for php we are using apache as server (port 80). Php applications are uploaded in the server and giving the link to our clients like localhost.com/chrome. Now we are planning to give the java based application for testing purpose to clients & can give the application link to client as localhost.com:8080/mozilla. Is it is possible to change the link localhost.com:8080/mozilla to localhost.com/mozilla with out changing the portnumber of apache tomcat server & without interrupting the php applications, that means our clients can access php application as localhost.com/chrome & java application as localhost.com/mozilla in the same server at the same time.

View 9 Replies View Related

CentOS 5 Networking :: XP Boxes - Tomcat Server Running On Port 8080

May 5, 2009

My first time installing centos server and adding it to xp home network. I am new to setting up my own network in general. I have a home windows wired ethernet xp network (simple linxs router) with 2 xp boxes and one centos5 box all connected to the same router. I just set up the centos box running tomcat on port 8080. I need to do two very basic things at this point, but am not sure what I need to do:

What do I need to do so I can:
1. Connect in firefox on one of my xp boxes and call the tomcat server running on my centos box?
2. Be able to ftp to centos box from either of my xp boxes?

View 2 Replies View Related

CentOS 5 Networking :: Unable To Connect Cent Os Server Via Port 8080?

Aug 1, 2009

I have 2 server behind the netgear router on my network . win2k3 and CentOS development server, I have port forarded 80 to win2k3 server which i can access over the internet and is accessable. However I can SSH CentOS machine and portforwarded 8080 and 82 for web access, I can't access via any of the port, browsers says UNABLE TO CONNECT.. there is no firewall in CentOS machine.

View 1 Replies View Related

Debian :: Firefox Doesnt Show Up In Netstat -a

May 19, 2010

Is that rather strange or am I missing something. Firefox is obviously open and connected.

View 3 Replies View Related

Networking :: Understanding Netstat TCP Port

Aug 1, 2011

I have an application that uses port 8080 all the time. One time, for some reason, it was taken by I didn't know what.

View 2 Replies View Related

Ubuntu Security :: Can't Access The Email - Iptables

Mar 12, 2010

To get my Thunderbird email to work and to do FTP to my website I have to use TERMINAL and enter the following code in Root;

iptables -F

At one point weeks ago I got Gufw and I don't remember if that had any effect.

View 2 Replies View Related

Ubuntu :: Netstat Shows No Proper IP (0.0.0.0) For Port 22?

Mar 29, 2010

had some problems with setting up Linux on my virtual machine as I cannot connect with putty (connection gets refused) to it but now I guess I figured my problem out, just not the way how to solve it .If I do netstat -nap | grep :22 I get the following output:[[ see attachment ]]

Shouldn`t there be some kind of LAN IP instead of 0.0.0.0?Does anyone have a possible solution for that? Checked iptables and such, they are not causing it.

View 1 Replies View Related

Networking :: Netstat Port State IDLE

Jun 8, 2011

with netstat i found a port with idle state, i google the meaning of IDLE:Idle, opened but not bound.What do you mean by bound?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved