i have a vps on a jelastic hoster to run a node js application with nginx reverese proxy.
that's running smooth without the jelastic firewall.
if i activate the firewall and setting up rules for http and https, the website is blocked. how can i open the firewall, that users can browse my application?
here is a image of my firewall rules
iptables -nvL prints also:
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
netsta -nlapt prints:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 250/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 447/sshd: /usr/sbin
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6754/nginx: master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6754/nginx: master
tcp 0 0 185.131.52.12:22 222.186.42.7:50138 ESTABLISHED 16531/sshd: root [p
tcp 0 0 10.101.3.228:33424 10.101.3.160:27017 ESTABLISHED 7030/node /home/loo
tcp 0 0 10.101.3.228:60798 10.101.3.160:27017 ESTABLISHED 6639/node /home/loo
tcp 0 0 10.101.3.228:32988 10.101.3.160:27017 ESTABLISHED 7030/node /home/loo
tcp 0 0 10.101.3.228:32980 10.101.3.160:27017 ESTABLISHED 7030/node /home/loo
tcp 0 0 10.101.3.228:22 10.101.1.120:44842 ESTABLISHED 15298/sshd: root#pt
tcp 0 0 10.101.3.228:32986 10.101.3.160:27017 ESTABLISHED 7030/node /home/loo
tcp 0 0 10.101.3.228:32990 10.101.3.160:27017 ESTABLISHED 7030/node /home/loo
tcp 0 0 10.101.3.228:22 10.101.1.107:33800 ESTABLISHED 16425/sshd: root#pt
tcp 0 0 10.101.3.228:59584 10.101.3.160:27017 ESTABLISHED 6639/node /home/loo
tcp 0 0 10.101.3.228:59578 10.101.3.160:27017 ESTABLISHED 6639/node /home/loo
tcp6 0 0 :::22 :::* LISTEN 447/sshd: /usr/sbin
tcp6 0 0 :::443 :::* LISTEN 6754/nginx: master
tcp6 0 0 :::4000 :::* LISTEN 7030/node /home/loo
tcp6 0 0 :::111 :::* LISTEN 1/init
tcp6 0 0 :::80 :::* LISTEN 6754/nginx: master
tcp6 0 0 :::8080 :::* LISTEN 6639/node /home/loo
After getting more information from my hoster, i know the answer.
So i must disable the UFW and must install the CSF Firewall.
Here is the documentation about that:
https://cloudjiffy.com/portal/knowledgebase/324/Ubuntu-with-CSF-Firewall.html
Related
I installed Hadoop on VirtualBox Ubuntu. All ports are forwarded to Windows through a bridge adapter. But port 9000 is not available. I have already disabled Windows Defender, Firewall and SmartScreen.
Ubuntu:
user#vrtualBox:~/hadoop/hadoop-2.10.0$ netstat -lntu
active internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:50010 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:50075 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:50020 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:50090 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:33201 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:50070 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::13562 :::* LISTEN
tcp6 0 0 :::8030 :::* LISTEN
tcp6 0 0 :::8031 :::* LISTEN
tcp6 0 0 :::8032 :::* LISTEN
tcp6 0 0 :::8033 :::* LISTEN
tcp6 0 0 :::8040 :::* LISTEN
tcp6 0 0 :::8042 :::* LISTEN
tcp6 0 0 :::42835 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::8088 :::* LISTEN
ser#vrtualBox:~/hadoop/hadoop-2.10.0$ sudo iptables -S
[sudo] password for user:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Windows:
PS C:\Windows\system32> Test-NetConnection -ComputerName 192.168.0.12 -Port 8088
ComputerName : 192.168.0.12
RemoteAddress : 192.168.0.12
RemotePort : 8088
InterfaceAlias : Ethernet
SourceAddress : 192.168.0.11
TcpTestSucceeded : True
PS C:\Windows\system32> Test-NetConnection -ComputerName 192.168.0.12 -Port 9000
WARNING: TCP connect to (192.168.0.12 : 9000) failed
ComputerName : 192.168.0.12
RemoteAddress : 192.168.0.12
RemotePort : 9000
InterfaceAlias : Ethernet
SourceAddress : 192.168.0.11
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
The problem is solved: port forwarding to localhost
sudo sysctl -w net.ipv4.conf.all.route_localnet=1
sudo iptables -t nat -A PREROUTING -p tcp -d 192.168.0.12/24 --dport 9000 -j DNAT --to-destination 127.0.0.1:9000
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
I have pasted the configurations below
yarn-site.xml
<configuration><!-- Site specific YARN configuration properties --><property>
<name>yarn.nodemanager.aux-services</name>
<value>mapreduce_shuffle</value></property><property>
<name>yarn.nodemanager.aux-services.mapreduce.shuffle.class</name>
<value>org.apache.hadoop.mapred.ShuffleHandler</value></property><property>
<name>yarn.resourcemanager.resource-tracker.address</name> <value>idea-ind-cie1:8026</value></property><property>
<name>yarn.resourcemanager.scheduler.address</name>
<value>idea-ind-cie1:8031</value></property><property>
<name>yarn.resourcemanager.address</name>
<value>idea-ind-cie1:8041</value></property><property>
<name>yarn.resourcemanager.webapp.address</name>
<value>0.0.0.0:8088</value></property></configuration>
Output of netstat -tupln
tcp 0 0 0.0.0.0:50070 0.0.0.0:* LISTEN 15678/java
tcp 0 0 0.0.0.0:9083 0.0.0.0:* LISTEN 9743/java
tcp 0 0 0.0.0.0:35773 0.0.0.0:* LISTEN 15678/java
tcp 0 0 0.0.0.0:56165 0.0.0.0:* LISTEN 15929/java
tcp 0 0 172.24.191.223:54310 0.0.0.0:* LISTEN 15678/java
tcp 0 0 0.0.0.0:50090 0.0.0.0:* LISTEN 15929/java
tcp 0 0 ::ffff:172.24.191.223:6066 :::* LISTEN 19284/java
tcp 0 0 ::ffff:172.24.191.223:8089 :::* LISTEN 30300/java
tcp 0 0 ::ffff:172.24.191.223:8026 :::* LISTEN 30300/java
tcp 0 0 ::ffff:172.24.191.223:8031 :::* LISTEN 30300/java
tcp 0 0 :::8033 :::* LISTEN 30300/java
tcp 0 0 ::ffff:172.24.191.223:7077 :::* LISTEN 19284/java
tcp 0 0 :::9000 :::* LISTEN 19284/java
tcp 0 0 ::ffff:172.24.191.223:8041 :::* LISTEN 30300/java
Log file of Resource Manager
2018-04-18 19:22:43,662 INFO org.apache.hadoop.http.HttpServer2: Jetty bound to port 8088
2018-04-18 19:22:45,503 INFO org.mortbay.log: Started HttpServer2$SelectChannelConnectorWithSafeStartup#0.0.0.0:8088
2018-04-18 19:22:45,504 INFO org.apache.hadoop.yarn.webapp.WebApps: Web app cluster started at 8088
I have run the below command to change the timezone in server.
sudo ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
sudo reboot
before running this command I have try to create /etc/sysconfig/clock file adding a zone="Asia/Kolkata" in it but I am getting error while saving the file as "permission denied"
So I run the above command.but after rebooting instance when I try to open my site mcook.co.in it shows me error "No data received".
I have check my public ip changed or not but its not changed as I am using Elastic IP.
I am not much familiar with AWS but after rebooting instance this issues are occurs.
netstate -ntlp
output :
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN -
tcp 0 0 172.31.33.144:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::53 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::25 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::993 :::* LISTEN -
tcp6 0 0 :::995 :::* LISTEN -
tcp6 0 0 :::587 :::* LISTEN -
tcp6 0 0 :::110 :::* LISTEN -
tcp6 0 0 :::143 :::* LISTEN -
I'm trying to connect to one of nodes of running instance of Cassandra servers. Nodetool shows that they synchronized well.
[root#cassandra1 ~]# /opt/dsc-cassandra-2.1.8/bin/nodetool status
Datacenter: datacenter1
=======================
Status=Up/Down
|/ State=Normal/Leaving/Joining/Moving
-- Address Load Tokens Owns (effective) Host ID Rack
UN 10.0.17.20 100.4 KB 256 100.0% rack1
UN 10.0.17.24 249.39 KB 256 100.0% rack1
When I run netstst -tulnap I can see following settings
tcp 0 0 127.0.0.1:44907 0.0.0.0:* LISTEN 4428/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 756/sshd
tcp 0 0 10.0.17.20:7000 0.0.0.0:* LISTEN 4428/java
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 842/master
tcp 0 0 127.0.0.1:7199 0.0.0.0:* LISTEN 4428/java
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 744/snmpd
tcp 0 0 127.0.0.1:9160 0.0.0.0:* LISTEN 4428/java
tcp 0 0 10.0.17.20:7000 10.0.17.24:46314 ESTABLISHED 4428/java
tcp 0 0 10.0.17.20:43083 10.0.17.24:7000 ESTABLISHED 4428/java
tcp 0 0 10.0.17.20:22 10.0.17.50:53665 ESTABLISHED 4662/sshd
tcp 0 0 ::ffff:127.0.0.1:9042 :::* LISTEN 4428/java
tcp 0 0 :::22 :::* LISTEN 756/sshd
tcp 0 0 ::ffff:127.0.0.1:34705 ::ffff:127.0.0.1:44907 TIME_WAIT -
tcp 0 0 ::ffff:127.0.0.1:43039 ::ffff:127.0.0.1:7199 TIME_WAIT -
What tells that 7199 port used to syncing between nodes works in ipv4, ssh on ipv4/6 and the port I'm insterested in is only listening on ipv6 interface.
To enforce using ipv4, even when it is not nesecary I set flag listen_interface_prefer_ipf6: false
listen_address: 10.0.17.20
listen_interface_prefer_ipv6: false
org.apache.cassandra.auth.AllowAllInternodeAuthenticator
start_native_transport: true
native_transport_port: 9042
I don't know how to force Cassandra service to open 9042 port on ipv4.
I know this question has been discussed many time, but none of the solutions worked for me. I am still getting this error.
hadoop version is 2.0.2-alpha
$ jps
24107 NameNode
24314 DataNode
25299 Jps
24720 NodeManager
24520 ResourceManager
$ hdfs dfs ... any command gives me this error
<command>: Call from jeet/192.168.1.26 to jeet:9000 failed on connection exception: java.net.ConnectException: Connectionrefused;
tcp 0 0 192.168.1.26:9620 0.0.0.0:* LISTEN 24520/java
tcp 0 0 0.0.0.0:58932 0.0.0.0:* LISTEN 24720/java
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 26020/vsftpd
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1610/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 614/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 713/cupsd
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 24520/java
tcp 0 0 0.0.0.0:50010 0.0.0.0:* LISTEN 24314/java
tcp 0 0 192.168.1.26:9210 0.0.0.0:* LISTEN 24107/java
tcp 0 0 0.0.0.0:50075 0.0.0.0:* LISTEN 24314/java
tcp 0 0 192.168.1.26:9600 0.0.0.0:* LISTEN 24520/java
tcp 0 0 0.0.0.0:8033 0.0.0.0:* LISTEN 24520/java
tcp 0 0 0.0.0.0:50020 0.0.0.0:* LISTEN 24314/java
tcp 0 0 192.168.1.26:9220 0.0.0.0:* LISTEN 24107/java
tcp 0 0 0.0.0.0:8040 0.0.0.0:* LISTEN 24720/java
tcp 0 0 192.168.1.26:9610 0.0.0.0:* LISTEN 24520/java
tcp 0 0 0.0.0.0:8042 0.0.0.0:* LISTEN 24720/java
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 24720/java
tcp 0 0 192.168.1.26:9200 0.0.0.0:* LISTEN 24107/java
tcp6 0 0 :::22 :::* LISTEN 614/sshd
tcp6 0 0 :::23 :::* LISTEN 11765/xinetd
--------------------- core-site.xml
<property>
<name>fs.default.name</name>
<value>hdfs://jeet:9000</value>
<description>
The name of the default file system. Either the
literal string "local" or a host:port for NDFS.
</description>
<final>true</final>
</property>
<property>
<name>fs.trash.interval</name>
<value>360</value>
<description>Number of minutes between trash checkpoints.
If zero, the trash feature is disabled.
</description>
</property>
<property>
<name>hadoop.security.groups.cache.secs</name>
<value>14400</value>
</property>
<property>
<name>hadoop.tmp.dir</name>
<value>/app/hadoop/tmp</value>
<description>
Temporary directories.
</description>
</property>