What I am trying to do is pretty simple with most firewalls except with PFSense.
I would like remotely connect to my server via RDP like this :9999 being forwarded to :3389
I don't want to change the RDP Listening Port on the server.
thanks;
in:
1- Firewall - NAT -Port Forward: add o new
2- interface: WAN
3- Protocol: TCP
4- Destination port range: Other Custom: 9999 To Port: 9999
5- Redirect target IP: 192.168.1.x
6- Redirect target port: MS RDP (select this option)
save and try
Related
I want to access my NextJs dev server running on WSL2 on my local network.
I added port 3000 to firewall rules and tested with telnet and it was not immediately accessible.
After some research I found this document: https://learn.microsoft.com/en-us/windows/wsl/networking
So I ran on my WSL2 instance:
cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.23.16.1
I confirmed the WSL2 IP address is correct by pinging from host machine:
ping 172.23.16.1
Pinging 172.23.16.1 with 32 bytes of data:
Reply from 172.23.16.1: bytes=32 time<1ms TTL=128
Reply from 172.23.16.1: bytes=32 time<1ms TTL=128
Reply from 172.23.16.1: bytes=32 time<1ms TTL=128
Reply from 172.23.16.1: bytes=32 time<1ms TTL=128
Then using that IP to run this command on the windows 11 host from an elevated prompt:
netsh interface portproxy add v4tov4 listenport=3000 listenaddress=0.0.0.0 connectport=3000 connectaddress=172.23.16.1
Now I am able to telnet into the windows host on 192.168.0.50:3000 (this is local IP of host) but there is no helo and if I try to access it via web browser I get ERR_EMPTY_RESPONSE
The proxy port appears to be there:
netsh interface portproxy show v4tov4
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 3000 172.23.16.1 3000
I tried adding a few more proxy ports
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 3000 172.23.16.1 3000
192.168.0.50 3000 172.23.16.1 3000
127.0.0.1 3000 172.23.16.1 3000
Still getting ERR_EMPTY_RESPONSE over the LAN. I can connect via telnet to the port so I'm guessing it's something to do with the WSL2 Ubunto 20.04 installation.
I am not sure why I cant access it. There is no firewall active in WSL2
ufw status
Status: inactive
If I try to access localhost:3000 on host machine it works. If I try to access http://192.169.0.50:3000/ on host machine I get the error so there has to be a binding missing somewhere but I don't know where.
How can I debug this?
The docs seem to be incorrect. ipconfig and the resolv.conf seem to show wrong IP address.
To get the correct IP address I needed to use: wsl hostname -I from powershell
I have a google compute running CentOS 7, and I wrote up a quick test to try and communicate with it over port 9000 (from my home PC) - but I'm unexpectedly getting network errors.
This happens both with my test script (which attempts to send a payload) and even with plink.exe (which I'm just using to check the port availability).
>plink.exe -v -raw -P 9000 <external_IP>
Connecting to <external_IP> port 9000
Failed to connect to <external_IP>: Network error: Connection refused
Network error: Connection refused
FATAL ERROR: Network error: Connection refused
I've added my external IP to googles firewall (https://console.cloud.google.com/networking/firewalls) and set to allow ingress traffic over port 9000 (it's the lowest priority, at 1000)
I also updated firewalld in CentOS to allow TCP traffic over the port:
Redirecting to /bin/systemctl start firewalld.service
[foo#bar ~]$ sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent
success
[foo#bar ~]$ sudo firewall-cmd --reload
success
I've confirmed my listener is running on port 9000
[foo#bar ~]$ netstat -npae | grep 9000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1000 18381 1201/python3
By default, CentOS 7 doesn't use iptables (just to be sure, I confirmed it wasn't running)
Am I missing something?
NOTE: Actual external IP replaced with <external_IP> placeholder
Update:
If I nmap my listener over port 9000 from the CentOS 7 compute instance over a local IP, like 127.0.0.1 I get some results. Interestingly, if I make the same nmap call over the servers external IP -- nadda. So this has to be a firewall, right?
external call
[foo#bar~]$ nmap <external_IP> -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 00:33 UTC
Nmap scan report for <external_IP>.bc.googleusercontent.com (<external_IP>)
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds
Internal Call
[foo#bar~]$ nmap 127.0.0.1 -Pn
Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-25 04:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
9000/tcp open cslistener
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
In this case software running on the backend VM must be listening any IP (0.0.0.0 or ::), your's is listening to "127.0.0.1:9000" and it should be "0.0.0.0:9000".
The way to fix that it's to change the service config to listen to 0.0.0.0 instead of 127.0.0.1 .
Cheers.
I have a jetty server running under port 8080 on VM. VM in its turn runs on remote server under port 10000. Is it legit to address it as http://someremote.org:10000:8080/request? Or should I use SSH somehow?
What I was looking for is called ssh tunneling. You make a tunnel from your port to remote's machine port like that:
ssh -p 10000 -L 18080:localhost:8080 user#remote.host.org
18080 here is port, that you use on your local machine in order to get to remote's 8080 port.
Fedora in VirtualBox running django dev server (bound to 0.0.0.0:8000) and nginx (listening to port 90)
I have NAT connection set up for the VM and port forwarding 8000 -> 8000, 8001 -> 90
I can see django as 127.0.0.1:8000
But no response from 127.0.0.1:8001
Any ideas?
Dumb question: Can the Fedora guest connect OK to nginx running locally?
Not so dumb question: Have you used tcpdump/wireshark/smartsniff or a similar tool to see if the traffic is making it through the host->guest at all? perhaps the Fedora firewall is blocking non-local connections to port 90?
Also, why not just add a "Host Only" second network adapter to the Fedora guest and forget about fiddling with the NAT settings?
I have a problem with my connection tunneling. So I'm using two ubuntu server virtual machines where the oracle xe (port 1521) is installed, lets call them uvm1 and uvm2. My goal is to create two tunnels for both servers and to map the ports to the host machine and make the connection to both database systems accessable. The port mapping should look like:
vm name | vm port | host port
-------------------------------
uvm1 | 1521 | 1521
uvm2 | 1521 | 1522
-------------------------------
For tunnel creation I'm using putty on my windows machine: the configuration of putty for connection to the uvm1 looks like:
And the configuration of putty for connection to the uvm2 looks like:
I'm able to connect via ssh to both of the machines. The strage issue is that my tunneling for uvm1 works and for the uvm2 not.
Do anyone know how can I fix this strange issue?!
Cheers, Kevin
If you SSH into your ubuntu box, then the port forwarding should be:
source port: 1521
destination: <address-of-vm1>:1521
and
source port: 1522
destination: <address-of-vm2>:1521
You seem to be forwarding to 1521 and 1522 on the ubuntu box, which doesn't make sense.