You are not logged in.

#1 2021-06-16 10:10:26

ongpa
Member
Registered: 2021-04-05
Posts: 24

servers can't be accessed from another device

i tried using 'npm run serve' and 'php -S 192.168.100.3:8000', and then i used my phone or another laptop to access the ip, but i can't reach it. i thought it may be a problem with firewall so i tried using ufw with basic conf like in the wiki, and i still can't reach it. here's the result of 'sudo ufw status':

Status: active

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       192.168.100.0/24          
Deluge                     ALLOW       Anywhere                  
22                         LIMIT       Anywhere                  
Deluge (v6)                ALLOW       Anywhere (v6)             
22 (v6)                    LIMIT       Anywhere (v6)

i tried searching but can't seem to find a problem resembling mine. and sorry i'm still new to linux so i don't really know what else can i provide as initial other than this.

Offline

#2 2021-06-16 10:25:42

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: servers can't be accessed from another device

On the server:

# ip a
# ip r
# ss -tulpen
# iptables -S

On the client:

# ip a
# ip r
# nmap 192.168.100.3

Online

#3 2021-06-16 23:47:41

ongpa
Member
Registered: 2021-04-05
Posts: 24

Re: servers can't be accessed from another device

server result respectively:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fc:b3:bc:a6:ea:82 brd ff:ff:ff:ff:ff:ff
    altname wlp0s20f3
    inet 192.168.100.3/24 brd 192.168.100.255 scope global dynamic noprefixroute wlo1
       valid_lft 221149sec preferred_lft 221149sec
    inet6 fe80::abdc:44e1:da9d:ea18/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
default via 192.168.100.1 dev wlo1 proto dhcp metric 600 
192.168.100.0/24 dev wlo1 proto kernel scope link src 192.168.100.3 metric 600
Netid              State               Recv-Q              Send-Q                                                Local Address:Port                             Peer Address:Port              Process                                                                                                                                                                                        
udp                UNCONN              0                   0                                  [fe80::abdc:44e1:da9d:ea18]%wlo1:546                                      [::]:*                  users:(("NetworkManager",pid=309,fd=24)) ino:783582 sk:1001 cgroup:/system.slice/NetworkManager.service v6only:1 <->                                                                          
tcp                LISTEN              0                   511                                                         0.0.0.0:8080                                  0.0.0.0:*                  users:(("node",pid=42335,fd=21)) uid:1000 ino:767105 sk:3 cgroup:/user.slice/user-1000.slice/session-2.scope <->
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -s 192.168.100.0/24 -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 6881:6891 -m comment --comment "\'dapp_Deluge\'" -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
-A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
-A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
-A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT

client result respectively:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 68:f7:28:45:6d:4a brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ac:b5:7d:fb:97:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.2/24 brd 192.168.100.255 scope global dynamic noprefixroute wlp2s0
       valid_lft 257975sec preferred_lft 257975sec
    inet6 fe80::1342:6ece:ed31:4206/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
default via 192.168.100.1 dev wlp2s0 proto dhcp metric 600 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
192.168.100.0/24 dev wlp2s0 proto kernel scope link src 192.168.100.2 metric 600
Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-17 06:51 WIB
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds

client is ubuntu if that matters

Last edited by ongpa (2021-06-16 23:53:03)

Offline

#4 2021-06-17 00:11:26

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: servers can't be accessed from another device

Well, there's no service running on the socket 192.168.100.3:8000 on your server (see output of ss).
Also, port 8000 is not allowed in your firewall (ufw, see output of iptables -S).

Last edited by schard (2021-06-17 00:13:28)

Online

#5 2021-06-17 00:50:15

ongpa
Member
Registered: 2021-04-05
Posts: 24

Re: servers can't be accessed from another device

sorry i'm still learning so i don't really understand, but i do have a 'npm run serve' still running at the time of the ss command issued, although in different terminal if that matters. and the thing is i can't even 'ping 192.168.100.3' from my ubuntu, but i can 'ping 192.168.100.2'  (my ubuntu ip) from my arch so i'm really lost here

Offline

#6 2021-06-17 05:13:32

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: servers can't be accessed from another device

although in different terminal if that matters

No, doesn't.
But php is (supposed to be) listening on 8000, not npm.
There's something (looks like npm) listening on 8080, though.

i can't even 'ping 192.168.100.3'

I don't see how 192.168.100.0/24 should™ not be open, but briefly try w/o ufw and post the iptables at that point.
Is there maybe a filter in the router?
And try an nmap stealth scan.

Offline

#7 2021-06-17 08:07:46

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: servers can't be accessed from another device

Ping should™ work since ICMP Type 8 is allowed within UFW.
Do you have any additional firewalls between the two systems?

Online

#8 2021-06-17 11:46:58

ongpa
Member
Registered: 2021-04-05
Posts: 24

Re: servers can't be accessed from another device

i don't think i ever set up a firewall on both system, even the ufw on arch was installed after i encountered the problem and thought that maybe ufw could help

Offline

#9 2021-06-17 12:51:49

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: servers can't be accessed from another device

maybe ufw could help

Certainly not.

Stop ufw, then run "nmap -Pn 192.168.100.3"
Can you "ping 192.168.100.1" from the ubuntu system?

Offline

#10 2021-06-17 18:41:03

ongpa
Member
Registered: 2021-04-05
Posts: 24

Re: servers can't be accessed from another device

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-18 01:34 WIB
Nmap scan report for 192.168.100.3
Host is up (0.000033s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds
[

now i can ping and access my server from my ubuntu, but i still can't access it from my phone.
or should i run it every time i start a server service?

Last edited by ongpa (2021-06-17 18:41:48)

Offline

#11 2021-06-17 18:44:01

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: servers can't be accessed from another device

Is your phone on the same internal network as the server?


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#12 2021-06-17 19:56:13

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: servers can't be accessed from another device

now i can

And what changed? Did you deactivate ufw or did this happen after the stealth scan?

Offline

#13 2021-06-18 06:24:09

ongpa
Member
Registered: 2021-04-05
Posts: 24

Re: servers can't be accessed from another device

Slithery wrote:

Is your phone on the same internal network as the server?

yes, i can access the ubuntu from my phone, but not the arch.

seth wrote:

And what changed? Did you deactivate ufw or did this happen after the stealth scan?

i deactivated the ufw first and then did the nmap, then checked. i didn't check before the nmap because the problem occur before ufw, and ufw was an attempt to fix it

Last edited by ongpa (2021-06-18 06:26:13)

Offline

#14 2021-06-18 06:41:51

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: servers can't be accessed from another device

Well, the original problem is that nothing is listening on 8000.
Keep ufw disabled (for now) and reboot both systems (arch & ubuntu) - can you still ping the arch system from ubuntu?

Then return to the original problem. Run php, "ps aux | grep php" to check it's still running and "ss -tulpen" to see whether port 8000 is opened.
Then run "nmap 192.168.100.3" on the client (ubuntu) again (don't stealth scan)

Offline

Board footer

Powered by FluxBB