In my aws my site is running on port 8000 due to which in my url 8000 (www.example.com:8000)is visible . i want to remove it is should look like www.example.com.
I have tried this:
RewriteCond %{HTTP_HOST} ^(example[12].com):8080$ [NC] RewriteRule
^(.*)$ http://%1/$1 [L,R=301]
You should consider using a proxy on your server. There is a really good tutorial at apache.org, using an Apache Web Server.
http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html
This enables you to connect to your server via port 80, which is not printed in the url bar of your browser.
It can be done using IP tables in linux with redirecting requests from from one port to other, please follow the below syntax to achieve.
Syntax
The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber
The syntax is as follows to redirect udp $srcPortNumber port to $dstPortNumber:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber
Replace eth0 with your actual interface name. The following syntax match for source and destination ips:
iptables -t nat -I PREROUTING --src $SRC_IP_MASK --dst $DST_IP -p tcp --dport $portNumber -j REDIRECT --to-ports $rediectPort
Related
I have two network interfaces, eth0 and eth1,
How could I bind all docker container to eth1, and let all network traffic go out and in via the eth1
Thanks~
update
I tried to bind to the eth1 with 133.130.60.36.
But i still got no luck, i still get the eth0 IP as the public IP in the container. the network flow is not go out via eth1
➜ ~ docker run -d --name Peach_1 -p 133.130.60.36::9998 -ti sample/ubuntu-vnc-selenium-firefox
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eb28f0d1c337 sample/ubuntu-vnc-selenium-firefox "/opt/bin/run_sele_s 4 minutes ago Up 4 minutes 5901/tcp, 133.130.60.36:32768->9998/tcp Peach_1
➜ ~ docker exec -ti Peach_1 zsh
➜ / curl ipecho.net/plain ; echo
133.130.101.114
Here's something from the docker docs
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/
If you want to be more restrictive and only allow container services
to be contacted through a specific external interface on the host
machine, you have two choices. When you invoke docker run you can use
either -p IP:host_port:container_port or -p IP::port to specify the
external interface for one particular binding.
Or if you always want Docker port forwards to bind to one specific IP address, you can edit your system-wide Docker server
settings and add the option --ip=IP_ADDRESS. Remember to restart your
Docker server after editing this setting.
Putting IP in -p only works for traffic that comes to server, for traffic that leaving server you can assign static local IP to each container, Then change source IP in iptables or snat. Here is a sample iptables rule:
iptables -t nat -I POSTROUTING -p all -s 172.20.128.2 ! -d 172.20.128.2 -j SNAT --to-source YourInterfaceIP
I'm having issues connecting to my AWS EC2 Server holding a MySQL Server.
Here's my Response from mysqli_connect
p#xxx.com [~/app]# php checkmysqlremote.php
Error: Unable to connect to MySQL.
Debugging errno: 2002
Debugging error: Connection refused
Here's my netstat -tuplen on the EC2 Server containing the MySQL Server
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 999 20299 1378/mysqld
As you can see its binding to the 0.0.0.0 address correctly.
I enabled the 3306 port in inbound rules for EC2.
on the server making the request handshake, I ran:
curl -s example.com:3306 >/dev/null && echo Success. || echo Fail.
which resulted in Fail.
I also ran it on the local server instance and it responded with Success.
I also ran nmap on the server making the handshake,
nmap -p 3306 example.com
Nmap scan report for example.com (1.1.1.1)
Host is up (0.048s latency).
PORT STATE SERVICE
3306/tcp filtered mysql
Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds
Lastly, I tried adding the following rules in iptables:
iptables -A INPUT -i eth0 -s "example.com" -p tcp --destination-port 3306 -j ACCEPT
and
sudo iptables -I INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
I don't know what to do at this point.
UPDATE
I tried pinging the EC2 server from the remote server and it did not return anything. At this point i think the issue is with EC2.
Try adding the follwing GRANT to your user:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'ipadress'
Sounds like the port might not be getting forwarded correctly? One thing to try might be to put an Amazon Elastic Load Balancer in front of the instance. Then you can forward port 3306 for the MySQL connection.
Today I've been trying to access MySQL running on my remote work machine (Ubuntu), from my home machine (OSX), and I've had no success.
On my work machine, I've checked the following:
sudo netstat -ntlup | grep mysql
gives
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 23692/mysqld
and nmap tells me
PORT STATE SERVICE
3306/tcp open mysql
and in /etc/mysql/my.cnf I've set bind-address = 0.0.0.0
I've also run the following iptables rules:
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -o lo -p tcp --sport 3306 -j ACCEPT
What else can I check?
If there is some corporate network rule blocking my MySQL access, what could I check to find this?
The only way I can make this work is ssh tunnelling:
ssh -L 8080:localhost:3306 my_user_name#my_dev_machine_IP
and then if I do
mysql -h 127.0.0.1 --port=8080 -u root -p
I can get in. If I close the ssh tunnel, then I can't log in via mysql, nor even via telnet remote_IP 3306.
But this is no good for what I want, because I need the PHP code running on my local machine to be able to access the remote database.
I've also (hopefully temporarily) opened up the access to the MySQL databases to all hosts/IP:
GRANT ALL PRIVILEGES ON *.* TO 'application_username'#'%'
FLUSH PRIVILEGES
Any advice gratefully received!
Ubuntu has uwf - in some vps installations it is enabled by default. So, if it is, do sudo ufw allow 3306. I am writing this jsut in case you run nmap from your work machine. If nmap shows that result run from your mac, then this does not apply.
I've got a root server (Ubuntu 14.04) with a MYSQL (5.5.41) running and trying to access the database from two diffrent homepages on two diffrent server. The homepage servers use static ips.
I set up iptables on the root.
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s 'my_homepage_ip' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
If I try to access the server from the two homepages I get:
Can't connect to MySQL server on 'server_ip' (111)2003.
The homepages are running on webspaces from some german provider called 1und1.
If I open the iptables and delete the reject line, everything works fine. Also I tried to access the SQL Server from my local computer which is running an XAMPP server with the same script as I use at the homepage server. This works fine.
Server('my_server') and Port (3306) are defined in my php script.
$db = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME, DB_PORT);
I assume that I got wrong IPs of the homepage server or that the homepage server use an other port than 3306.
Try changing your 3rd line to iptables -A INPUT -p tcp --dport 3306 -j LOG. This will log all attempts to the MySQL port to your /var/log/messages file, including the source IP address. This will allow you to verify that the source IP is the same as the IP being used for your website proper. If it is different, just change line 2 with the correct IP address.
I started local server using php on my server . (Trying to work on port 8080/8283 . Anyone of them will do .)
php -S 0.0.0.0 8283 -t testServer/
using curl localhost:8283 I am able to get the result of the index.php file
but when I access it using my server ip I am not able to access that port .
Any when I do netstat -tuplen . I can see that port as well .
How can I make port 8283 available through http request ?
I asked this question here but not much help .
I have used this
# /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8283 -j ACCEPT
# service iptables save
# service iptables restart
and still it did not work
And this is output from telnet on my server
telnet XX.XX.X.XXX 8283
Trying XX.XX.X.XXX...
Connected to XX.XX.X.XXX.
Escape character is '^]'.
GET /
HTTP/0.9 200 OK
Connection: close
X-Powered-By: PHP/5.5.19
Content-type: text/html
Hello World !Connection closed by foreign host.
this one is from my PC
telnet XX.XX.X.XXX 8283
Trying XX.XX.X.XXX...
telnet: Unable to connect to remote host: No route to host
NMAP Result
sudo nmap -p 8283 XX.XX.X.XXX
Starting Nmap 5.21 ( http://nmap.org ) at 2015-02-04 19:18 IST
Nmap scan report for srv1.domain.com (XX.XX.X.XXX)
Host is up (0.035s latency).
PORT STATE SERVICE
8283/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
IPTABLES OUTPUT
/sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8282
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8283 state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
try
php -S 0.0.0.0 8080 -t testServer/
by use localhost you will bound just 127.0.0.1 address: that address is not reachable by other address instead of localhost or localhost.localdomin.
Now by use 0.0.0.0 you will bound all your interfaces. Alternatively you can use your host address where you want expose the service.
You do not have to use localhost you have to use your external ip address:
php -S <ip-address> 8080 -t testServer/
localhost is mapped on ip 127.0.0.1 so it is only available from yor server.
You're explicitly binding to localhost. If you want to bind to a different IP address, then specify it instead of localhost (or use 0.0.0.0 for all network interfaces).