dudzikgg

Styczeń 19, 2022

Dzięki za podpowiedź. Tak więc sprawdziłem i poniżej wrzucam screeny wyniku dwóch komend iptables -L oraz -S. Nie widzę tam żeby port 8086 był blokowany, a ogólna reguła input ma status ACCEPT. Chyba że źle to rozumuję, to proszę wskażcie błąd.

Komenda: sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports s                                                                                                             sh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTA                                                                                                             BLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:                                                                                                             ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-h                                                                                                             ost-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-h                                                                                                             ost-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
InstanceServices  all  --  anywhere             link-local/16

Chain InstanceServices (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             X.X.0.2          owner UID match ro                                                                                                             ot tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle                                                                                                              Cloud Infrastructure documentation for security impact of modifying or removing                                                                                                              this rule */
ACCEPT     tcp  --  anywhere             X.X.2.0/24       owner UID match ro                                                                                                             ot tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle                                                                                                              Cloud Infrastructure documentation for security impact of modifying or removing                                                                                                              this rule */
ACCEPT     tcp  --  anywhere             X.X.4.0/24       owner UID match ro                                                                                                             ot tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle                                                                                                              Cloud Infrastructure documentation for security impact of modifying or removing                                                                                                              this rule */
ACCEPT     tcp  --  anywhere             X.X.5.0/24       owner UID match ro                                                                                                             ot tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle                                                                                                              Cloud Infrastructure documentation for security impact of modifying or removing                                                                                                              this rule */
ACCEPT     tcp  --  anywhere             X.X.0.2          tcp dpt:http /* Se                                                                                                             e the Oracle-Provided Images section in the Oracle Cloud Infrastructure document                                                                                                             ation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             X.X.169.254      udp dpt:domain /*                                                                                                              See the Oracle-Provided Images section in the Oracle Cloud Infrastructure docume                                                                                                             ntation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             X.X.169.254      tcp dpt:domain /*                                                                                                              See the Oracle-Provided Images section in the Oracle Cloud Infrastructure docume                                                                                                             ntation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             X.X.0.3          owner UID match ro                                                                                                             ot tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Cloud In                                                                                                             frastructure documentation for security impact of modifying or removing this rul                                                                                                             e */
ACCEPT     tcp  --  anywhere             X.X.0.4          tcp dpt:http /* Se                                                                                                             e the Oracle-Provided Images section in the Oracle Cloud Infrastructure document                                                                                                             ation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             X.X.169.254      tcp dpt:http /* Se                                                                                                             e the Oracle-Provided Images section in the Oracle Cloud Infrastructure document                                                                                                             ation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             X.X.169.254      udp dpt:bootps /*                                                                                                              See the Oracle-Provided Images section in the Oracle Cloud Infrastructure docume                                                                                                             ntation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             X.X.169.254      udp dpt:tftp /* Se                                                                                                             e the Oracle-Provided Images section in the Oracle Cloud Infrastructure document                                                                                                             ation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             X.X.169.254      udp dpt:ntp /* See                                                                                                              the Oracle-Provided Images section in the Oracle Cloud Infrastructure documenta                                                                                                             tion for security impact of modifying or removing this rule */
REJECT     tcp  --  anywhere             link-local/16        tcp /* See the Ora                                                                                                             cle-Provided Images section in the Oracle Cloud Infrastructure documentation for                                                                                                              security impact of modifying or removing this rule */ reject-with tcp-reset
REJECT     udp  --  anywhere             link-local/16        udp /* See the Ora                                                                                                             cle-Provided Images section in the Oracle Cloud Infrastructure documentation for                                                                                                              security impact of modifying or removing this rule */ reject-with icmp-port-unr                                                                                                             eachable

Chain f2b-sshd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

oraz komenda: sudo iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N InstanceServices
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -d X.X.0.0/16 -j InstanceServices
-A InstanceServices -d X.X.0.2/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.2.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.4.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.5.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.0.2/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p udp -m udp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p tcp -m tcp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.0.3/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.0.4/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p udp -m udp --dport 67 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p udp -m udp --dport 69 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.169.254/32 -p udp -m udp --dport 123 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d X.X.0.0/16 -p tcp -m tcp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with tcp-reset
-A InstanceServices -d X.X.0.0/16 -p udp -m udp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN

Styczeń 18, 2022

Cześć

Udało mi się uruchomić darmowy serwer VPS w serwisie Oracle Cloud Free Tier (procesor AMD). Na tym serwerze poprzez dostęp SSH udało mi sie zainstalować bazę InfluxDB i mam w planie jeszcze Grafanę.

W domu mam urządzenie - konkretnie Smogomierz - który ma wysyłać pomiary do bazy Influx. Po stronie urządzenia mam wszystko skonfigurowane (adres IP, port 8086, baza danych, user bazy, hasło). Coś musi być nie tak na serwerze. Wcześniej korzystałem chwilę z VPS od OVH i tam mi wszystko działało, rekordy pojawiały się w bazie danych.

Co waszym zdaniem może blokować wysyłanie danych do bazy? Co powinienem skonfigurować jeszcze i w jaki sposób? Czytałem coś o iptables, ale czy to może mieć wpływ?

Szukałem informacji w google, ale trochę błądzę po omacku. Jedyne co znalazłem to konfiguracja zapory poprzez dodanie reguł w panelu, zakładka Primary VNIC -> Subnet -> List - i tutaj dla "Ingress rules" oraz "Egress rules" dodanie rekordu: 0.0.0.0/0 dla wszystkich protokołów.

Zaznaczam, że jestem laikiem, więc proszę o wyrozumiałość i porady lub podpowiedzi w najprostszy możliwy sposób

Zaloguj się

dudzikgg

Zawartość

Rejestracja

Ostatnio

Typ zawartości

Profile

Fora

Katalog firm

Posty napisane przez dudzikgg

Vps Oracle

Vps Oracle

Przeglądaj

Aktywność