I’m using digitalocean to host my website and I'm trying to open the port 8832 and 587 without any success. I created a firewall in the control panel and added these to the inbound and outbound rules:
Custom TCP 587 All IPv4 All IPv6
Custom TCP 8832 All IPv4 All IPv6
HTTP TCP 80 All IPv4 All IPv6
HTTPS TCP 443 All IPv4 All IPv6
I also disabled ufw in my droplet:
ufw status verbose
Status: inactive
I also rebooted the droplet. However it seems to still block the ports 587 and 8832. Interestingly the ports 443 and 80 for the webserver are open. Can someone tell my why I can’t open these specific ports?
this affects the ip: 165.232.76.115
I figured out how to solve it by myself. I had to remove the firewall in the control panel and used the ufw software firewall instead. Don’t know why the control panel firewall didn’t work properly or maybe I used it wrong.
Related
I followed this tutorial to create a guest wifi, which is working great.
My PiHole is filtering out ads on my main wifi at 192.168.1.1.
However, if I add 6,192.168.1.2 (which is my PiHole's static address) as the DHCP Option to the guest interface's advanced settings under the DHCP tab, none of my devices connected to the guest wifi are able to connect to the internet, e.g. ping google.com.
LAN is setup as 192.168.1.1
GUEST is setup as 192.168.3.1
My current firewall settings look like this:
Guest => WAN: Input (Reject), Output (Allow), Forward (Reject)
I added Traffic Rules according to the tutorial mentioned above, for port 53 and port 67.
I probably need to add some firewall rule but I am not too savvy with OpenWRT's firewall. Possibly there is another solution too?
Here is what I did to solve this issue:
Essentially, I added a traffic rule in the OpenWrt firewall to allow UDP packets from my Guest LAN to my main LAN 192.168.1.2 on port 53.
These are the steps I took, when adding a new Traffic Rule:
Protocol: UDP only
Source Zone: Guest
Destination IP: 192.168.1.2
Destination Port: 53
All other values/options were left untouched
Now, all connected devices to the Guest network are being filtered through PiHole as well.
I have Mosquitto running on a local server, and my aim is to have 3 listeners:
all local network clients to connect without TLS on port 1883 (port 1883 is closed by router to public)
External clients to connect using TLS on port 8883
External client to connect without TLS on port 8880
which using this config works fine;
# Local MQTT
listener 1883
# End Local MQTT
# Insecure MQTT
listener 8880
# End Insecure MQTT
# Secure MQTT
listener 8883
## This is standard and should always be this
cafile /etc/ssl/certs/DST_Root_CA_X3.pem
## These are from your installation of LE
certfile /home/pi/.node-red/certs/fullchain.pem
keyfile /home/pi/.node-red/certs/privkey.pem
## Force all clients in this listener to provide a valid certificate, change th$
require_certificate true
## Stop all unauthorised connections
allow_anonymous false
## Use password file
password_file /etc/mosquitto/passwordfile
and which results in healthy Mosquitto log entries;
1575720819: Opening ipv4 listen socket on port 1883.
1575720819: Opening ipv6 listen socket on port 1883.
1575720819: Opening ipv4 listen socket on port 8883.
1575720819: Opening ipv6 listen socket on port 8883.
1575720819: Opening ipv4 listen socket on port 8880.
1575720819: Opening ipv6 listen socket on port 8880.
1575720820: New connection from 140.238.70.128 on port 8880.
1575719390: New client connected from 140.238.70.128 as telegraf (c1, k60, u'raspPi').
BUT... I want to ensure that only the client at 140.238.70.128 is able to connect on port 8880 (TLS isn't an option) so I added the IP address to the config;
# Insecure MQTT
listener 8880 140.238.70.128
# End Insecure MQTT
but that causes Mosquitto to stop, and the log shows;
1575720699: Opening ipv4 listen socket on port 1883.
1575720699: Opening ipv6 listen socket on port 1883.
1575720699: Opening ipv4 listen socket on port 8883.
1575720699: Opening ipv6 listen socket on port 8883.
1575720699: Opening ipv4 listen socket on port 8880.
1575720699: Error: Cannot assign requested address
I would be grateful for any advice as to why this doesn't work, or an alternative solution.
Edit. I also tried restricting the listener to ipv4, but that gave exactly same result;
# Insecure MQTT
listener 8880 140.238.70.128
socket_domain ipv4
# End Insecure MQTT
The listen directive can only take a address that is local to the machine the broker is running on. This is used to bind a socket to that address on the required port.
You can not use it as a filter for a remote machine, in fact there is no way to configure a port to only accept connections from a specific IP address in mosquitto* (or any other broker that I am aware of).
The only way to achieve what you want to do is to use the machines firewall to drop any packets from other IP addresses addressed to that port. You can use iptables to do this. Something like
iptables -A INPUT -p tcp --dport 8880 ! -s 140.238.70.129 DROP
This should drop any TCP packet destined for port 8880 that is not from 140.238.70.129
While this will work it will only block ipv4 clients, so if your networks has a properly routed IPv6 setup you will need to block access with ip6tables as well (and block access to port 1883).
* you might be able to write a custom auth plugin to do this, but I'm not sure if you get the remote IP address in the details about the user connecting. Also I don't think you can bind authentication to just one listener.
I need to be able to read/write to an Azure Service Bus Queue and for that, the hostname and ports need to be white-listed by my IT team.
The connection string is: "Endpoint=sb://[myappname].servicebus.windows.net;...".
I have tried the hostname with port 443 (assuming here), but that hasn't worked after white-listing. So now I tried writing to queue while capturing the traffic from Wireshark, but I am getting lost in all the network packet details there.
Can anyone please help me with this?
Thank you
TCP port is used by default for transport operations. Please have a try to open the port 5671 and 5672. We could get more information from AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide.
Azure Service Bus requires the use of TLS at all times. It supports connections over TCP port 5671, whereby the TCP connection is first overlaid with TLS before entering the AMQP protocol handshake, and also supports connections over TCP port 5672 whereby the server immediately offers a mandatory upgrade of connection to TLS using the AMQP-prescribed model. The AMQP WebSockets binding creates a tunnel over TCP port 443 that is then equivalent to AMQP 5671 connections.
If you use a library, please have a try to set the ConnectivityMode to https (443 port)
ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Https
I'm trying to open port TCP 28016 and UDP 28015 for a game server in my compute engine VM running on Microsoft Windows Server 2016.
I've tried opening the opening inside my server using RDP, going to Windows Firewall setting and creating new inbound rules for both TCP 28016 and UDP 28015.
Also done setting firewall rules on my Cloud Platform Firewall Rules for both port.
When running my game server application, running netstat didn't show any of the port being used / not listening . Not even shows up. What did i do wrong ?
Edit : it now shows up on netstat -a -b , but didn't have LISTENING
If it doesn't show as LISTENING, it's not a firewall or "port forwarding" issue; rather, the application either isn't running, or is running but isn't configured to listen for connections on that port.
I'm struggling with exposing Mosquitto that I setup on my Centos7 homeserver to the outside internet through my router.
Mosquitto runs fine on my localhost and post 1883 on the homeserver. I am able to pub/sub, and it is listening on the port as 127.0.0.1:1883 (tcp)
My home router has a dynamic IP (for now), say 76.43.150.206. On the router I port forwarded 1883 as both internal/external ports to my home server, say 192.168.1.100.
In the mosquitto.conf file, I have one simply line "listener 1883 76.43.150.206".
When I then attempt to pub/sub using a python client on an external computer as mqttc.connect("76.43.150.206", 1883), it says connection refused.
Any hints on what I'm doing wrong or how to get it working? BTW, my understanding of this setup is very basic and I've pretty much been going off blogs.
Here's how it will work:
1.) Setup mosquitto.conf as
listener 1883 0.0.0.0
#cafile <path to ca file>
#certfile <path to server cert>
#keyfile <path to server key>
#require_certificate false
0.0.0.0 binds the server to all interfaces present.
You can uncomment the code to enable TLS for better security. But you'll have to configure the client to use the same as well..
2.) Port forward router's 1883 port number to port 1883 of IP of machine running the broker.
3.) Start the broker and test your client!
You should not put the external address into the mosquitto config file.
You should probably not even have a listen line at all as mosquitto will bind to all available IP addresses on the machine it's running with the default port (1883).
If you really must use the listen directive (e.g. in order to set up SSL) then it should be configured with the internal IP address of the machine running the broker, in this case 192.168.1.100 and with a different port number so it does not clash with the default
listen 1884 192.168.1.100