Some months ago I hired a Kimsufi server, I tried to forward ports without luck.
I abandon the server, some days ago I started to reconfigure everything again, but I'm having still problems.
I discovered that some ports are blocked by default, but I still don't have a clue how to unblock them.
The main problem is that I installed apache2 on a virtual machine (with Debian), if I use port 8000 to host the web eveything works well (using http://z3nth10n.net:8000).
This is my interfaces configuration (/etc/network/interfaces
):
auto lo
iface lo inet loopback
iface enp4s0 inet manual
iface enp5s0 inet manual
auto vmbr0
iface vmbr0 inet static
address <public ip>
netmask 24
gateway <public gateway>
bridge-ports enp4s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 192.168.5.99
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.xx.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.xx.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 8000 -j DNAT --to 192.168.xx.55:8000
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 8000 -j DNAT --to 192.168.xx.55:8000
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.xx.55:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.xx.55:80
post-up iptables -A FORWARD -p tcp -d 192.168.xx.55 --dport 80 -j ACCEPT
post-down iptables -D FORWARD -p tcp -d 192.168.xx.55 --dport 80 -j ACCEPT
I added these two lines:
post-up iptables -A FORWARD -p tcp -d 192.168.xx.55 --dport 80 -j ACCEPT
post-down iptables -D FORWARD -p tcp -d 192.168.xx.55 --dport 80 -j ACCEPT
But this still not working.
nmap shows that the port is open on the virtual machine, but closed on the host machine, so this is confusing me.
I read (iptables has port 80 open but nmap shows it closed) that if the port isn't on use it will not be shown as open on nmap.
Also I executed the netstat -lnp | grep 80
command, and this is the output:
HOST MACHINE
root@ns324919:~# netstat -lnp | grep 80
tcp 0 0 0.0.0.0:8006 0.0.0.0:* LISTEN 1572/pveproxy worke
unix 2 [ ACC ] STREAM LISTENING 17217 980/qmeventd /var/run/qmeventd.sock
unix 2 [ ACC ] STREAM LISTENING 2380 1/init /run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 18056 991/watchdog-mux /run/watchdog-mux.sock
unix 2 [ ACC ] STREAM LISTENING 34980709 1975/kvm /var/run/qemu-server/100.vnc
unix 2 [ ACC ] STREAM LISTENING 23800 1665/master private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 23803 1665/master private/scalemail-backend
unix 2 [ ACC ] STREAM LISTENING 23806 1665/master private/mailman
VIRTUAL MACHINE
root@debian:~# netstat -lnp | grep 80
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 808/mysqld
tcp6 0 0 :::80 :::* LISTEN 14825/apache2
unix 2 [ ACC ] STREAM LISTENING 12719 808/mysqld /var/run/mysqld/mysqld.sock
So, I can assume that the port is not in use on the host machine.
Also, I disabled the firewall:
root@ns324919:~# pve-firewall status
Status: disabled/stopped
I disabled everything to make sure it was not interfering with my test, but I have doubts because of Idk if I created a DMZ network or I need to forward something by using the firewall.