I am sure that once I find the issue I am going to feel like a fool, but I have been pouring highlevel debugging into something that I know the answer must be right there.
Same issue on 2 different 'new' CentOS machines, I install OpenVAS, run openvas-check-setup --server a whole bunch of times, follow the instructions till error free, the ports light up but I cannot connect.
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9391 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9393 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9329 0.0.0.0:* LISTEN
I see the packets hit the server just fine:
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:32:27.119370 IP 10.20.10.47.ds-user > 10.180.10.51.9392: Flags [S], seq 2713892558, win 65535, options [mss 1460,nop,nop,sackOK], length 0
10:32:27.381288 IP 10.20.10.47.ds-mail > 10.180.10.51.9392: Flags [S], seq 2903829103, win 65535, options [mss 1460,nop,nop,sackOK], length 0
But the server never replies:
It's not a firewall:
[root#offtbn ~]# iptables-save
[root#offtbn ~]#
Firewall is empty
I tried all of the OpenVAS ports using http: and https: in every different browser and from multiple machines.
The first OpenVAS server 'did' work for a day, but something changed which is why I built the second machine from scratch. Both have the exact same issue and the exact same symptoms.
/etc/rc.d/init.d/openvas-administrator restart
/etc/rc.d/init.d/openvas-manager restart
/etc/rc.d/init.d/openvas-scanner restart
all run clean
I am really stumped on this one.
the site was having network issues.
From what I could tell, a proxy was breaking headers and somehow this exterior failure was effecting openvas's ability to do a basic login.
Did an install on a different network with the exact same distro and everything went flawless.
Not exactly sure the exact cause.
Related
I have set up my own node on BSC following the docs here - https://docs.binance.org/smart-chain/developer/fullnode.html
The problem I am having is that I am unable to connect with Web3 to the node.
When trying to connect using
web3 = Web3(Web3.WebsocketProvider('ws://[server-ip]:8545'))
print('ws - ' + str(web3.isConnected()))
my output is false
When running the node I am using:
./geth --config ./config.toml --datadir ./mainnet --ws --ws.port=8545 --ws.origins='*'
I have tried many combinations of config to get this working but with no luck. Generally, I'm trying to connect via web socket, but I'd be happy to connect with an HTTP provider instead if need be.
Looking at the netstat --listen --tcp output I get this when the node is running:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:8545 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:30311 [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
Does anyone know what im missing?
After a lot of research, I found that the best way to handle this it to simply run an Nginx proxy.
Here are the instructions I followed for any that are looking for a solution to a similar problem
https://www.nginx.com/blog/websocket-nginx/
The node seems to ignore the config.toml in that part. You have to add --ws to the list of parameters when starting the node. If the node is supposed to be public facing then also specify the port - like this:
./geth --ws --ws.addr=ip_of_server --config ./config.toml --datadir ./node
I have server with available many subnets, I would like to my Freeradius only listen on specific IP addresses. I use freeradius configuration from Arch package freeradius-3.0.19-3. The only changes are:
removed IPv6 listen sections
in IPv4 listen section I configured listening address to ipaddr="192.168.1.1"
In my configuration I have also listening on 127.0.0.1:18120, but when I check open ports I got:
ss -nlp|grep radiusd
udp UNCONN 0 0 0.0.0.0:40012 0.0.0.0:* users:(("radiusd",pid=22199,fd=9))
udp UNCONN 0 0 127.0.0.1:18120 0.0.0.0:* users:(("radiusd",pid=22199,fd=7))
udp UNCONN 0 0 192.168.1.1:1812 0.0.0.0:* users:(("radiusd",pid=22199,fd=8))
This port 40012 is dynamic allocated after freeradius service restart the number is different.
ss -nlp|grep radiusd
udp UNCONN 0 0 0.0.0.0:42447 0.0.0.0:* users:(("radiusd",pid=26490,fd=9))
udp UNCONN 0 0 127.0.0.1:18120 0.0.0.0:* users:(("radiusd",pid=26490,fd=7))
udp UNCONN 0 0 192.168.1.1:1812 0.0.0.0:* users:(("radiusd",pid=26490,fd=8))
How to get rid of this port? What is a function of it?
This extra port is used for sending and receiving proxy packets. If you are not using proxying you can disable it in radiusd.conf, look for
proxy_requests = yes
$INCLUDE proxy.conf
change it to "no", and comment out the INCLUDE line.
If you want to change the address and/or port that is used, look at the listen sections in e.g. raddb/sites-enabled/default. You can add a new section with type = proxy to specifically set the address and port that is used.
Because I have just started with Zeppelin, I am a bit lost.
I installed via this page: http://zeppelin.apache.org/docs/0.7.3/install/install.html
After installation Zeppelin appears to only listen on the tcp6 address on port 8080:
ubuntu#ip-10-0-1-164:~$ sudo netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1176/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN 1203/mysqld
tcp6 0 0 :::8080 :::*
LISTEN 13719/java
tcp6 0 0 :::22 :::*
LISTEN 1176/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:*
1028/dhclient
I grepped all the installation files and didn't see where it was getting direction for the IP and port (other than template files in conf).
I was wondering if anyone had some more knowledge of Zeppelin.
It's very simple.
Remove ".template" from file name "zeppelin-site.xml.template"
Change port in "zeppelin.server.port"
Restart Zeppelin
Go to localhost:new_port in browser.
Actually, it was fine. It is listening on tcp4 even though it's not showing. The issue was with my SSH port forwarding.
My webserver has been working for years. It suddenly stopped working today -- in https. I'm running Ubuntu 14.04.5 and serving pages through nginx.
When I receive an http request on port 80, it shows up in the access logs and is handled correctly. When I receive an https request on port 443, it never shows up in the nginx logs and never gets forwarded on to my django webserver.
I can telnet to port 80 but get timeouts on 443. (I never tried that before, so I don't know if it's new.)
My ports are open properly.
~ $ sudo netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1285/nginx
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1285/nginx
tcp6 0 0 :::80 :::* LISTEN 1285/nginx
Could it be related to tcp vs tcp6? Only plain tcp is on 443, but they're both on 80. If so, how would I change that? And what would cause a sudden change?
I'm not running a firewall. I double checked, and ufw status is inactive.
Thanks in advance!
A I solved it. All my servers are in the AWS cloud, and I have a security group that says only specified IPs are allowed to ssh in. When I added a new IP that could ssh in, I accidentally deleted the row that said anyone could connect via https on 443. Sigh.
I've configured my server with a default security group, which has the following Inbound rules:
| Type | Protocol | Port Range | Source |
| All TCP | TCP | 0-65535 | 0.0.0.0/0 |
| All UDP | UDP | 0-65535 | 0.0.0.0/0|
With these rules, netstat shows the following output:
netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1113 0.0.0.0:* LISTEN
tcp 0 0 10.0.1.31:2113 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2113 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:11300 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::6379 :::* LISTEN
So, in theory, I should be able to connect to port 1113 with TCP from any IP Address. But this is not working, the IP address is showing as filtered, as you can see in the following output:
The only ports that seem to be OK (open and not filtered) are 22 & 80. Here's the output I get when testing them with nmap:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1113/tcp filtered ltp-deepspace
2113/tcp filtered unknown
3306/tcp filtered mysql
6379/tcp filtered unknown
I even tried adding a custom inbound rule just for my IP and Port 1113, but the result is the same.
I suspect that some firewall is blocking traffic on those PORTS in my instance, but I'm not sure how to check that.
One thing to notice, is that this instance is in a Amazon VPC. However, the network ACL for this instance has the following inbound rule, that should allow income communications from all ports:
|Rule # | Type | Protocol | Port Range | Source | Allow / Deny |
| 100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 |ALLOW |
Any ideas on what could be the issue here?
Thanks a lot for your help!
[I know this is an old post, but I was bitten by the very same thing just today and came across this very question. Expanded to add steps for Windows AMI]
Summary
When you fire up a new EC2 instance from a new AMI there seem to be conditions where the local firewall is set to filter everything except SSH.
Now that might be the default on the newer AMIs, or something at work such as fail2ban or such like. If you are using a Windows AMI, this could be the Windows firewall.
The symptoms are as you describe - you have a public-facing IP address (either directly attached or via Elastic IP), you have permissive Security Groups, and all is otherwise well. An nmap from another working server (NB be careful, AWS don't like people running nmap from EC2 instances even onto your own servers) will show port 22 open but everything else filtered.
Linux
TLDR; The quick fix is probably easy in order to flush the rules:
iptables -F
Ideally, run this first to list what the offending rule is:
iptables -L
But you should have a good look at why it was being set up that way. It's possible something like firewalld is running which is going to monkey with the rules and you have the choice of configuring or disabling it. These will tell you if it's running:
firewall-cmd --status
firewall-cmd --get-services
There are other firewall services, of course.
Once you think you have it right make sure you reboot the server to ensure everything comes up right rather than reverting to a catatonic state (services speaking).
Windows
If you are using a Windows AMI, you will need to adjust the firewalls.
Go to Control Panel > System and Security > Windows Defender Firewall
From here, you could turn it off and rely solely on your AWS security (not recommended) or selectively enable certain apps / ports.
For those who are seeking for an answer. It is because there is an additional firewall in your Linux system. For example, you probably need to do this if you are using Ubuntu: sudo ufw disable.
See this link for more information.
I know this is old post but I think it might help someone else too . I was running RHEL 7.6 got this issue . I had to re enable the firewall and added the ports in the firewall rule . Then it worked like charm .
For a Windows AMI, this could be due to the Windows firewall being enabled. See my edits to #Miles_Gillham's answer for details