enter image description here
I create a OCI Instance and got a Public IP, I configure the webserver with the allowed ports number. but not able to access web server with ip, when I check with putty able to log in and check with ifconfig but dint finds any public ip.
You Need to allow Traffic through the Firewall...install "firewall-cmd" then
Run the following command to allow traffic on port 80:
sudo firewall-cmd --permanent --zone=public --add-service=http
Run the following command to allow traffic on port 443:
sudo firewall-cmd --permanent --zone=public --add-service=https
Run the following command to save the firewalld rules:
sudo firewall-cmd --reload
Related
Hello i just installeed Fedora and I'm trying to open the port 20190
I do everything just as normal but when i use firewall-cmd --list-all to see if the port is opened, i see nothing !!!
This is what i do to open the port
firewall-cmd --zone=public --permanent --add-port=20190/tcp
Then i reload it
firewall-cmd --reload
Then this is the firewall-cmd --list-all result which my ports is empty !!!!!!
FedoraServer (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
you are adding the port 20190 to the zone public.
By default, --list-all default to the "default zone (FedoraServer)". See the target in default in your output.
Explicitly mention public to see the rules for the zone "public" like below
firewall-cmd --list-all --zone=public
Additional tip:
If you want to make public as the default zone, use
firewall-cmd --set-default-zone=public
I'm setting up the service at Oracle Free Tier service; the service is up and running on local interfaces, but I can't reach it from outside (via public IP) on port 8065.
No firewall rules on Ubuntu machine, Oracle firewall is configured and says "TCP traffic for ports: 8065". Exact same (build-in) rule works just fine.
Oracle's Ubuntu default image, Linux's firewall seems to be disabled:
$ sudo ufw status
Status: inactive
I'm getting "Connection refused" (TCP level) from outside, when trying to connect.
Any help would be much appreciated.
it's turned out that a posted answer works - as an Oracle's Ubuntu instance use iptables, so, you need not only to work on the cloud's firewall and ufw, but on iptables level as well, quoting related answer:
Opening port 80 on Oracle Cloud Infrastructure Compute node
Oracle Ubuntu have in build iptables rules in Ubuntu20, you have two choice
enable ufw
sudo ufw allow HTTP
sudo ufw enable
sudo systemctl enable ufw
disable ufw and config iptables
Sometimes ufw is not Compatible with iptables in Ubuntu20
such as, if you use mosh need open udp port 60000-61000
detele /etc/iptables/rules.v4 and v6
I have a google compute engine instance with a windows os installed. I just add a firewall rule to gce and then delete it. But after that I could not reach my website. Then I tried to reach from rdp but it also cannot reach to instance.
I tried to update default rules without changing them but It doesn't help. Somehow, Firewall rules are broken but now it is default state. It still continues not working.
Is there any way to make working rules again?
I would check the following:
If the instance has the same tags as the firewall rules.
If the instance has the ports open. You can run nmap scan for open ports in a CloudShell for this, but need to install nmap fisrt:
Install nmap:
$ sudo apt-get update
$ sudo apt-get install nmap
Scan for any TCP/UDP open port
$ sudo nmap -sS -sU [instance's IP]
or scan a specific port status:
$ sudo nmap -Pn -p [port] [instance's IP]
It will also help debugging to check the serial output console of the instance.
For demo purpose, I wanted to start at least 5 MySQL-client connection to only one server. Mysql-server is running on a fixed IP.
In my script, I have added many IP's as following.
eth0 inet addr:1.2.3.4
eth0:1 inet addr:1.2.3.5
I am the mysql client request as follows:
mysql -u test -h mysql.domain.com -p
This request always goes with 1.2.3.4? Can I start the mysql-client request with the IP I wanted?
I'm not sure it can be defined in the mysql client.
However good'ol networking should be your friend here.
The idea here is to make sure that IP traffic from your machine to the server machine goes through the desired NIC as its gateway.
The command on *nix is 'route add' and the syntax should be something in the spirit of:
route add -host <YOUR DB SERVER IP> gw 1.2.3.5 dev <YOUR NIC DEVICE NAME>
I'm running Tomcat8 on CentOS7 in Google VM instance on port 8080.
I setup the iptables rule to map all external connections to port 80 to 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
After that I save the rule with
service iptables save
Tomcat works fine and accessible from outside via port 80.
The rule is saved in /etc/sysconfig/iptables.
...
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
...
but after server reboot the rule is not applied.
It's still in the file /etc/sysconfig/iptables but not in action when I run
iptables-save
It seems that iptables rules are restored from somewhere else.
How can I persist the rule properly to preserve it after reboot?
In order to resolve the issue with IPtables you can do the following:
yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables
However, Centos7 is using FirewallD now instead. In order to apply the firewall, you need to check first what are the available zones and which zones are active on FirewallD by running these commands:
firewall-cmd --list-all-zones
firewall-cmd --get-active-zones
If public zone is active for example, you can run these commands to enable port forwarding (port 80 to 8080 in your case):
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
Once done, you can reload the rules to make sure everything is OK by running this command:
firewall-cmd --reload
You can check man firewall-cmd for more information.