You are here
I have a turnkey install through AWS with Ubuntu 10.4 using webmin version 1.580.
I wanted to open up ports 110 and 25 to route email and so i edited the ip tables in the linux firewall module and then tested the ports to make sure they are open. So when i tested them through a port scan they showed they were still closed. So then I thought well maybe I had to open the ports up in the Amazon control panel for the instance and open up the ports in the security group for the instance. So i had the following setup
110 (POP3) 0.0.0.0/0
In the iptables i had this setup
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
So when I did a port scan again it still showed the port as closed.
So now i'm confused on why it keeps showing the port as closed even tho its open in AWS and on the linux firewall.
Did I miss something somewhere?
Thanks!
Same Problem
I have the same problem. Can we get some help on this, please?
Linux firewall (IPTables) disabled by default
So the only thing getting in your way is AWS (unless of course you enabled IPTables). I don't know anything about AWS security settings (or IPTables for that matter) but I would assume that they would be configurable from the AWS console. Perhaps you have inadvertantly blocked ports with IPTables (instead of allowing)? Perhaps it'd pay to disable IPTables again (at least until you have the AWS security settings working as expected).
WEBMIN Port
I'm currently working with the django appliance.
In all the appliences you get WEBMIN on port 12321 as I recall. Looking in the linux firewall setup that getto from WEBMIN itself, you have that port (among other enabled).
I take what you said to mean that when you create a new server that you are not actually specifying anything in the AWS fire wall. Meaning hat all servers get the default AWS firewall settings and all you do to make WEBMIN available is open its port the linux firewall. Is that correct?
I'm only trying to enable port 8080. I made an entry in just the the entry for port 80. But for some reason port 8080 is not available. I was about to start messing the AWS firewall when I found this thread.
So let me put the question another way. If you want a new port to be opened on some new VM, what do you do?
No unless you enable IPTables you don't need to touch them
To use IPTables you need to enable them (down the bottom of the Webmin page where you adjust the settings - and you are right about the port). If you want to enable them too, that's fine, but I'd wait until you have the server working as you want first.
AFAIK the TKL appliances launched via the Hub have an AWS security profile applied. I'm not sure if it is a generic TKL one or if there is a separate one for each appliance. I've never adjusted it, but I'm fairly sure it should be able to be adjusted via the AWS console (although I have no idea how).
Each appliance has its own customized firewall rules
When launching new servers via the Hub, it will create a security group (ie. firewall rules) on AWS automatically. Each appliance has its own customized firewall rules, which are based on the settings that are included in the appliances iptables profile.
You can tweak the aws firewall settings from within the Hub. In the server record on the Hub, you'll see "Firewall rules: turnkey-APP-...". Just click that link and you'll be able to add and delete rules in a simple interface.
Does The Linux Firewall Mean Anything
Found the AWS rules and edited them.
So does the Linux firewall actually do anything? Does its rules need to match the AWS rules?
It is configured, but disabled
So unless you enable it it doesn't do anything. When running in AWS it is probably unrequired although if you want to add an additional layer of security you can always enable it and if you do, then you'll want to have them set the same.
It Appears That Opening A Port Doesn't Work
I'm just now to where I really need a port opened up. I did infact open port 5060 within the hub as shown below. But a port scan of that port fails.
I'm guessing the interface in the hub isn't being recogonized by AWS. Or did I do something wrong? How can we check?
BTW - Here's a port scanner: http://www.t1shopper.com/tools/port-scan/
This is important because I need to be able to connect to port 5060 via a softphone. Until that works, I have to make real calls which costs $.
Firewall Rules Work For Web shell
As a test, I removed the Web shell entry and that did infact disable it. And then I added the entry back in and Web shell was again reachable. I also did a port scan test (http://www.t1shopper.com/tools/port-scan) and got the expected results.
So can't I can't I get to port 5060?
Have you confirmed that your app is listening?
Probably a good idea to check that your app is listening on the desired port (netstat is useful for that) otherwise the port won't be open AFAIK.
Listening on Private IP
netstat -a shows that the server is listenting on the right ports. But's it's looking at the private ip instead of the public ip. Based on (https://forums.aws.amazon.com/thread.jspa?threadID=92923), I don't think that should matter. But could it?
I don't think it should matter
But I'm not completely sure.
One thing that does strike me though is that it's listening on port 5080 and previously you have been discussing port 5060.
I noticed you have to enable
I noticed you have to enable the ports on the Amzon side of things as well. There's essentially TWO firewalls in front of anything in TKL: TKL iptables rules, and the Amazon rules for EC2. You should have a security group linked to your server, and you need to add the ports you want opened up through the EC2 front-end.
HTH...
Bruce
IPTables are disabled by default
Although they are configured for the default appliances. Unless you enable the IPTables/Firewall then you don't need to do anything with them. You do need to allow them in AWS though.
Add new comment