i built a java project (spring-boot)
which works perfectly on my localhost.
I expose some end-points with GET verb, like :
http://localhost:8193/v1/interactive/live/check
I choosed port 8193 to be accessed from the internet,
as my internet provider let me do a port forwarding on my internet box.
(authorized range is 8193 to 16383 so i choosed 8193)
So i made a port forwarding as :
external port 8193 ==> internal port 8193 ==> my localhost.
Then, i configured my linux firewall to let port 8193 to come 'in'.
The result of command
sudo ufw status
is
To Action From
---- ------ --
8193/tcp ALLOW Anywhere
8193 ALLOW Anywhere
8193/tcp (v6) ALLOW Anywhere (v6)
8193 (v6) ALLOW Anywhere (v6)
Finally,
when i use this internet tool to check if the port can be accessed from the internet,
it says to me it's ok :
https://www.yougetsignal.com/tools/open-ports/
But, i can't access the end-point with :
http://87.89.666.777:8193/v1/interactive/live/check
(87.89.666.777 is my fake public adress)
So, what could be bad with my configuration ?
Related
I have a basic web application running on a port in an EC2 instance. I have also created an A record in Route53 which points a domain name that I own towards the ip address of the EC2 instance.
When I directly access ip-address:port, it works fine, but because the a record does not point towards that specific port, the website cannot be accessed through the domain name.
How do I specify a port that all requests to that ip address should be routed to?
port is referenced by protocol you are using.
if you use http you will connect to port 80. https uses 443, ftp 21, smtp 25 and there are many others (they are called default ports for service but they may use every other defined).
You are probably running application, listening on some different port (but using protocol http) and that's why you can reach it by entering http://ip-address:port
what you can do to reach it by entering only http://ip-address is to set it to listen on port 80 (you will need root privileges to do this) or set redirect from port 80 to your applications port (you can use pure port redirection using iptables or (better) reverse proxy software. It can be apache as mentioned in comment above, or nginx or haproxy or something else (you haven't specified operating system anyway - those are mainly for linux).
Hope that helps
Before anything else, I have read about 30+ StackOverflow answers and none of them seem to address my particular flavour of this problem. Below I list all the answers I have already tried before asking for more advice.
I am trying to access my ec2 instance via socket in PHP from a different machine via fsockopen, pointed at my ec2 public IP (I have an Elastic fixed IP address 54.68.166.28) and designated port.
Behaviour: I can access the instance and the ChatScript application running inside from within the instance, via the public IP directly on the browser. But if I run the exact same webpage with the exact same socket call on an external machine targeting my instance's IP address (double checked it is the correct one) I get a 500 Internal Server Error when connecting on port 1024 (for my custom TCP connection), another 500 on port 443 (HTTPS). On port 80 (HTTP) it hangs 20+ seconds then gives me status 200 success, except it does not connect properly to the application and responds with nothing.
Troubleshooting:
I have set up my security group rules to accept incoming TCP from anywhere:
HTTP (80) TCP 80 0.0.0.0/0
HTTP (80) TCP 80 ::/0
HTTPS (443) TCP 443 0.0.0.0/0
HTTPS (443) TCP 443 ::/0
Custom (1024) TCP 1024 0.0.0.0/0
Custom (1024) TCP 1024 ::/0
Outbound rules span port range 0 - 65535 with destination 0.0.0.0/0, so should work.
I ssh every time without problems into the instance on port 22. SCP also works fine.
Checked $sudo service httpd status: running, which is why my UI displays there fine.
Checked $sudo /sbin/iptables -L and all my policies are set to ACCEPT with no rules
Checked $ netstat --listen -p and the app I am targeting is listening on port 0.0.0.0.0:1024.
Checked Network Utility and ports 80 and 1024 are registered as open. Port 443 is not. Pinging did not work for any of them, with 100% packet loss.
Checked my instance is associated to the security group with all the permissions - it is. IP is clearly correct or I could neither ssh nor serve webpages... which I can.
I stopped and restarted the instance.
I replaced the instance.
I think this is due diligence before asking for help... now I need it!
I realised my configuration was correct: the problem was that the hosted domain I used for the GUI, like most hosted domains, does not open custom ports, so tcp did not work.
Hello today configured vps on Google Cloud and put Vesta control panel, but the problem is not open one https that is, and the ip server and the domain itself does not open on https. Set up Google Cloud firewall and opened ports 80,443 but https does not open the site itself is not the ip of the server. Checked through online services port 443 is closed but settings of the server and a firewall of Google and ip tables say that port 443 is opened (checked by several services port 443) and in the browser through ip of the server and the domain on https do not open. Please tell me how to open port 443?
Same with ports 8443,8080.
I am not able to comment but here are some steps that might help to isolate the issue:
Check to see if the port is open or closed or filtered using nmap
nmap [ip_address]
Firewall rules are defined at the network level and therefore make sure that you follow this document while creating the firewall rules to allow incoming traffic on TCP port 80 and 443 (same for other ports). In this document in step 11, choose " specified protocols and ports" and enter tcp: 80, tcp: 443.
As you previously stated, you need to make sure there is no firewall running inside the VM blocking those connections.
You also need to verify if the application running on your vps is listening on port 443. To check this, try with this command.
sudo netstat -ntlp | grep LISTEN
In the output, if you don't see the application beside port number, check if your vps is rightly configured to ports for your application.
I was having the same issue with NGinx. And Found the root cause finally to be the Firewall (GCP VM Firewall) having a lower priority for the rule. ie: I had 65534 (which is super low priority) for the "Ingress 443" rule. Which did block the traffic coming into the SSL. Instead when I set this rule to 1, traffic started flowing and issue sorted.
What finally helped me was https://cloud.google.com/vpc/docs/using-firewalls
Thanks #Md Zubayer for the tip.
Short version of the need:
Pass all traffic of a specific port (TCP) via a proxy
It should be an HTTP proxy with port 8000
Description
I have an application that needs to reach an external IP with a specific port (TCP). But the standard corporate network blocks outbound traffic to this port.
I can, however, access that port when working with the corporate HTTP proxy that works on port 8000.
Alas, my application does not have any proxy settings, and IE's proxy settings are irrelevant.
Port forwarding and tunneling won't do me any good (already tried netsh anyway), since I need not only to reach the proxy, but I need it to actually function as a proxy.
Can anyone recommend on a method / software that will allow me to pass all traffic to port X via a proxy?
It has to be the traffic of a specific port, since there is a web server installed on that machine and I don't want to temper with it.
Thank you!
Windows doesn't route by port. The real answer is send the traffic to a firewall or layer 3 device that can route by port.
But,
If you know the ip address of the destination you could force that traffic to the proxy if the proxy address is on the same subnet. If it's not on the same subnet your computer will try to send the traffic to that as a gateway but it won't be avaiable (it won't be routed). But, it's so simple it's worth a try.
Example....
Computer 192.168.1.10, 255.255.255.0
Proxy 192.168.1.254 255.255.255.0
Destination IP. 68.68.68.68
route add -p 'destination ip' 'destination subnet range' 'where to send traffic, normally the next hop gateway'
Using example addresses (replace the two addreses with yours but keep 255.255.255.255)
Open Command prompt as administrator, Type route add -p 68.68.68.68 255.255.255.255 192.168.1.254
Using 255.255.255.255 forces it to only route one address.
-p will make the route stay after a reboot.
If it doesn't work you can remove the route simply route delete 'destination ip'
Route delete 68.68.68.68
I have a requirement where my software should store the smb server settings including IP\sharedFolder, username, password, and mapping it to particular drive.
I am using WNetAddConnection2 API which is successful if all parameters are correct. It connects to port 445 (SMB/SMB2) and does the authentication.
If I pass username/password wrong, it tries to authenticate first on port 445 and once its failed it tries http authentication on port 80 using webdav. I dont want it to connect to port 80 as firewall is raising an alert on the destination host.
Is there any way I can disable communication on port 80 using WNetAddConnection2 ? Or other way to map the drive?