You are not logged in.
- Topics: Active | Unanswered
#1 2021-06-16 10:10:26
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
servers can't be accessed from another device
i tried using 'npm run serve' and 'php -S 192.168.100.3:8000', and then i used my phone or another laptop to access the ip, but i can't reach it. i thought it may be a problem with firewall so i tried using ufw with basic conf like in the wiki, and i still can't reach it. here's the result of 'sudo ufw status':
Status: active
To Action From
-- ------ ----
Anywhere ALLOW 192.168.100.0/24
Deluge ALLOW Anywhere
22 LIMIT Anywhere
Deluge (v6) ALLOW Anywhere (v6)
22 (v6) LIMIT Anywhere (v6)i tried searching but can't seem to find a problem resembling mine. and sorry i'm still new to linux so i don't really know what else can i provide as initial other than this.
Offline
#2 2021-06-16 10:25:42
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,152
- Website
Re: servers can't be accessed from another device
On the server:
# ip a
# ip r
# ss -tulpen
# iptables -SOn the client:
# ip a
# ip r
# nmap 192.168.100.3Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#3 2021-06-16 23:47:41
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
Re: servers can't be accessed from another device
server result respectively:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fc:b3:bc:a6:ea:82 brd ff:ff:ff:ff:ff:ff
altname wlp0s20f3
inet 192.168.100.3/24 brd 192.168.100.255 scope global dynamic noprefixroute wlo1
valid_lft 221149sec preferred_lft 221149sec
inet6 fe80::abdc:44e1:da9d:ea18/64 scope link noprefixroute
valid_lft forever preferred_lft foreverdefault via 192.168.100.1 dev wlo1 proto dhcp metric 600
192.168.100.0/24 dev wlo1 proto kernel scope link src 192.168.100.3 metric 600Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 [fe80::abdc:44e1:da9d:ea18]%wlo1:546 [::]:* users:(("NetworkManager",pid=309,fd=24)) ino:783582 sk:1001 cgroup:/system.slice/NetworkManager.service v6only:1 <->
tcp LISTEN 0 511 0.0.0.0:8080 0.0.0.0:* users:(("node",pid=42335,fd=21)) uid:1000 ino:767105 sk:3 cgroup:/user.slice/user-1000.slice/session-2.scope <->-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -s 192.168.100.0/24 -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 6881:6891 -m comment --comment "\'dapp_Deluge\'" -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
-A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept
-A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A ufw-user-input -p udp -m udp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit
-A ufw-user-input -p udp -m udp --dport 22 -j ufw-user-limit-accept
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPTclient result respectively:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 68:f7:28:45:6d:4a brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ac:b5:7d:fb:97:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global dynamic noprefixroute wlp2s0
valid_lft 257975sec preferred_lft 257975sec
inet6 fe80::1342:6ece:ed31:4206/64 scope link noprefixroute
valid_lft forever preferred_lft foreverdefault via 192.168.100.1 dev wlp2s0 proto dhcp metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.100.0/24 dev wlp2s0 proto kernel scope link src 192.168.100.2 metric 600Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-17 06:51 WIB
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.54 secondsclient is ubuntu if that matters
Last edited by ongpa (2021-06-16 23:53:03)
Offline
#4 2021-06-17 00:11:26
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,152
- Website
Re: servers can't be accessed from another device
Well, there's no service running on the socket 192.168.100.3:8000 on your server (see output of ss).
Also, port 8000 is not allowed in your firewall (ufw, see output of iptables -S).
Last edited by schard (2021-06-17 00:13:28)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#5 2021-06-17 00:50:15
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
Re: servers can't be accessed from another device
sorry i'm still learning so i don't really understand, but i do have a 'npm run serve' still running at the time of the ss command issued, although in different terminal if that matters. and the thing is i can't even 'ping 192.168.100.3' from my ubuntu, but i can 'ping 192.168.100.2' (my ubuntu ip) from my arch so i'm really lost here
Offline
#6 2021-06-17 05:13:32
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,940
Re: servers can't be accessed from another device
although in different terminal if that matters
No, doesn't.
But php is (supposed to be) listening on 8000, not npm.
There's something (looks like npm) listening on 8080, though.
i can't even 'ping 192.168.100.3'
I don't see how 192.168.100.0/24 should™ not be open, but briefly try w/o ufw and post the iptables at that point.
Is there maybe a filter in the router?
And try an nmap stealth scan.
Online
#7 2021-06-17 08:07:46
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,152
- Website
Re: servers can't be accessed from another device
Ping should™ work since ICMP Type 8 is allowed within UFW.
Do you have any additional firewalls between the two systems?
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#8 2021-06-17 11:46:58
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
Re: servers can't be accessed from another device
i don't think i ever set up a firewall on both system, even the ufw on arch was installed after i encountered the problem and thought that maybe ufw could help
Offline
#9 2021-06-17 12:51:49
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,940
Re: servers can't be accessed from another device
maybe ufw could help
Certainly not.
Stop ufw, then run "nmap -Pn 192.168.100.3"
Can you "ping 192.168.100.1" from the ubuntu system?
Online
#10 2021-06-17 18:41:03
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
Re: servers can't be accessed from another device
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-18 01:34 WIB
Nmap scan report for 192.168.100.3
Host is up (0.000033s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds
[now i can ping and access my server from my ubuntu, but i still can't access it from my phone.
or should i run it every time i start a server service?
Last edited by ongpa (2021-06-17 18:41:48)
Offline
#11 2021-06-17 18:44:01
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Offline
#12 2021-06-17 19:56:13
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,940
Re: servers can't be accessed from another device
now i can
And what changed? Did you deactivate ufw or did this happen after the stealth scan?
Online
#13 2021-06-18 06:24:09
- ongpa
- Member
- Registered: 2021-04-05
- Posts: 24
Re: servers can't be accessed from another device
Is your phone on the same internal network as the server?
yes, i can access the ubuntu from my phone, but not the arch.
And what changed? Did you deactivate ufw or did this happen after the stealth scan?
i deactivated the ufw first and then did the nmap, then checked. i didn't check before the nmap because the problem occur before ufw, and ufw was an attempt to fix it
Last edited by ongpa (2021-06-18 06:26:13)
Offline
#14 2021-06-18 06:41:51
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,940
Re: servers can't be accessed from another device
Well, the original problem is that nothing is listening on 8000.
Keep ufw disabled (for now) and reboot both systems (arch & ubuntu) - can you still ping the arch system from ubuntu?
Then return to the original problem. Run php, "ps aux | grep php" to check it's still running and "ss -tulpen" to see whether port 8000 is opened.
Then run "nmap 192.168.100.3" on the client (ubuntu) again (don't stealth scan)
Online