Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
drein
PostPosted: Sun Jul 27, 2014 8:54 am 
Offline
Senior Newbie

Joined: Mon Dec 23, 2013 9:20 am
Posts: 7
Hello,
Yesterday I installed icecast2 on my ubuntu 12.04 server.
apt-get install icecast2
The problem is that I can see the admin interface only from localhost, for example typing
lynx www.mysite.com:8000
but it doesn't work if i attempt to connect from remote, my pc at my home.
if I type:
www.spazioausili.net:8000
the browser is waiting and at the end it says it is impossible to connect.
I gave a look to my /etc/icecast2/icecast2.xml file and for what I can say, it is ok, I changed password, I made several attempt to modify hostname, putting my hostname, my ip number, my website, but nothing.
I tried to disable the firewall:
ufw disable
but still nothing.
in the access.log of icecast2, there are no presence of my connection attempt from remote.
What can I do?
do you think I should add some forwardings rules?
I'm start thinking it is not a icecast2 problem, but really I don't know how to solve.
thank you.
Top
   
Reply with quote  
hoopycat
PostPosted: Sun Jul 27, 2014 3:44 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
What does this report?

Code:
netstat -plnt


Also, to double-check firewally stuff,

Code:
iptables -L -n -v


My hunch is that, because it's the administrative interface, it's only bound to 127.0.0.1 or ::1 by default.

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
drein
PostPosted: Mon Jul 28, 2014 4:52 am 
Offline
Senior Newbie

Joined: Mon Dec 23, 2013 9:20 am
Posts: 7
first of all thanks for your reply.
this is the output of all command you suggest me, I hope you can help me because now it is quite hard. :-)

***
<code>
root@mail2:/# netstat -plnt | more
</code>
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 20287/icecast2

so icecast2 exist but I see 0.0.0.0. what does it mean?

instead about the firewall I'm not able to understand all this messages, so here it is:
***
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
38598 7596K fail2ban-courierauth tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
39821 7740K fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
455K 89M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
202K 19M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
18 864 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
18952 7841K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 152 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
20229 1108K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
77 4017 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
87 3904 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2652 235K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
3391 1870K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
20064 1592K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
36692 6277K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 208 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 BLACKLIST all -- eth0 * 10.0.0.0/8 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 172.16.0.0/12 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 192.168.0.0/16 0.0.0.0/0
792 47042 LOG_DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
455K 89M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
625 68106 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
8308 6863K ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
243K 266M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmptype 8
1 328 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
16892 1299K ACCEPT udp -- * eth0 0.0.0.0/0 109.74.192.0/21 udp dpt:53
509 38684 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:123
41228 3033K LOG_DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0


Chain BLACKLIST (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_DROP (2 references)
pkts bytes target prot opt in out source destination
42020 3080K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierauth (1 references)
pkts bytes target prot opt in out source destination
38576 7595K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-sasl (1 references)
pkts bytes target prot opt in out source destination
39658 7732K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

I disabled the fw with ufw, but what do you think about it?
still thank you!
Top
   
Reply with quote  
hoopycat
PostPosted: Mon Jul 28, 2014 9:06 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
Looks like icecast itself is listening correctly, at least.

So in your iptables INPUT chain, there's a rule there to ACCEPT traffic with destination port 8000, but it comes after a rule to send all traffic to LOG_DROP (which unceremoniously DROPs traffic). How did you add that rule? Did you manually hand-jam it into iptables, or did you use 'ufw allow ...' to do it?

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
drein
PostPosted: Tue Jul 29, 2014 4:09 am 
Offline
Senior Newbie

Joined: Mon Dec 23, 2013 9:20 am
Posts: 7
hello,
if I remember correctly, I added it with ufw, with:
ufw allow 8000 with the hope that it will solve my problem.
I made another test, I connected to my linode machine with ssh and setted it to act as a tunnel proxy for my windows pc with firefox.
as I expect, if I digit:
178.79.148.185:8000
firefox shows me correctly the admin interface of icecast, because I think it remain a local connection, from the point of view of the linode machine.
For you can understand, is it a firewall problem?
Top
   
Reply with quote  
hoopycat
PostPosted: Wed Jul 30, 2014 9:27 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
It does look like a firewall problem, yes. You want the "0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000" rule to be up above the "792 47042 LOG_DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0" rule, where the rest of the ACCEPT rules are.

Try uninstalling fail2ban and see if ufw works better. Two things messing with firewall rules at once is probably bad.

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group