Linode Forum
https://forum.linode.com/

can't connect to icecast2 from remote
https://forum.linode.com/viewtopic.php?f=19&t=11194		 Page 1 of 1
Author:  drein [ Sun Jul 27, 2014 8:54 am ]
Post subject:  can't connect to icecast2 from remote
Hello,
Yesterday I installed icecast2 on my ubuntu 12.04 server.
apt-get install icecast2
The problem is that I can see the admin interface only from localhost, for example typing
lynx www.mysite.com:8000
but it doesn't work if i attempt to connect from remote, my pc at my home.
if I type:
www.spazioausili.net:8000
the browser is waiting and at the end it says it is impossible to connect.
I gave a look to my /etc/icecast2/icecast2.xml file and for what I can say, it is ok, I changed password, I made several attempt to modify hostname, putting my hostname, my ip number, my website, but nothing.
I tried to disable the firewall:
ufw disable
but still nothing.
in the access.log of icecast2, there are no presence of my connection attempt from remote.
What can I do?
do you think I should add some forwardings rules?
I'm start thinking it is not a icecast2 problem, but really I don't know how to solve.
thank you.
Author:  hoopycat [ Sun Jul 27, 2014 3:44 pm ]
Post subject:  Re: can't connect to icecast2 from remote
What does this report?

Code:
netstat -plnt


Also, to double-check firewally stuff,

Code:
iptables -L -n -v


My hunch is that, because it's the administrative interface, it's only bound to 127.0.0.1 or ::1 by default.
Author:  drein [ Mon Jul 28, 2014 4:52 am ]
Post subject:  Re: can't connect to icecast2 from remote
first of all thanks for your reply.
this is the output of all command you suggest me, I hope you can help me because now it is quite hard. :-)

***
<code>
root@mail2:/# netstat -plnt | more
</code>
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 20287/icecast2

so icecast2 exist but I see 0.0.0.0. what does it mean?

instead about the firewall I'm not able to understand all this messages, so here it is:
***
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
38598 7596K fail2ban-courierauth tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
39821 7740K fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
455K 89M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
202K 19M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
18 864 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
18952 7841K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 152 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
20229 1108K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
77 4017 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
87 3904 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2652 235K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
3391 1870K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
20064 1592K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
36692 6277K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 208 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 BLACKLIST all -- eth0 * 10.0.0.0/8 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 172.16.0.0/12 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 192.168.0.0/16 0.0.0.0/0
792 47042 LOG_DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
455K 89M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
625 68106 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
8308 6863K ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
243K 266M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmptype 8
1 328 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
16892 1299K ACCEPT udp -- * eth0 0.0.0.0/0 109.74.192.0/21 udp dpt:53
509 38684 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:123
41228 3033K LOG_DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0


Chain BLACKLIST (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_DROP (2 references)
pkts bytes target prot opt in out source destination
42020 3080K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierauth (1 references)
pkts bytes target prot opt in out source destination
38576 7595K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-sasl (1 references)
pkts bytes target prot opt in out source destination
39658 7732K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

I disabled the fw with ufw, but what do you think about it?
still thank you!
Author:  hoopycat [ Mon Jul 28, 2014 9:06 pm ]
Post subject:  Re: can't connect to icecast2 from remote
Looks like icecast itself is listening correctly, at least.

So in your iptables INPUT chain, there's a rule there to ACCEPT traffic with destination port 8000, but it comes after a rule to send all traffic to LOG_DROP (which unceremoniously DROPs traffic). How did you add that rule? Did you manually hand-jam it into iptables, or did you use 'ufw allow ...' to do it?
Author:  drein [ Tue Jul 29, 2014 4:09 am ]
Post subject:  Re: can't connect to icecast2 from remote
hello,
if I remember correctly, I added it with ufw, with:
ufw allow 8000 with the hope that it will solve my problem.
I made another test, I connected to my linode machine with ssh and setted it to act as a tunnel proxy for my windows pc with firefox.
as I expect, if I digit:
178.79.148.185:8000
firefox shows me correctly the admin interface of icecast, because I think it remain a local connection, from the point of view of the linode machine.
For you can understand, is it a firewall problem?
Author:  hoopycat [ Wed Jul 30, 2014 9:27 pm ]
Post subject:  Re: can't connect to icecast2 from remote
It does look like a firewall problem, yes. You want the "0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000" rule to be up above the "792 47042 LOG_DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0" rule, where the rest of the ACCEPT rules are.

Try uninstalling fail2ban and see if ufw works better. Two things messing with firewall rules at once is probably bad.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/