I am fairly new to servers. I am trying to run a shoutcast server on debian. Shoutcast runs on a default port of 8000. My problem is it will not load when visiting xxx.xxx.xx.xxx:8000. When I log in via ssh, and create a tunnel to my local machine, it works just fine using localhost:8000. In my iptables I have added the following line:
-A INPUT -p tcp --match multiport --dports 8000:9999 -j ACCEPT
A few days ago I installed fail2ban. Last night I uninstalled fail2ban using:
apt-get purge fail2ban
After doing so, it began to work. Now, I’ve re-installed fail2ban, and was looking for a way to configure it to ignore those ports. Again I know nothing about fail2ban and was learning how to use it.
After not getting it to work, I got frustrated and attempted to uninstall fail2ban once again. This time i used the command:
apt-get remove fail2ban
I understand the first one purges all config and restores iptables, hence why I chose that one. I ran the second command by mistake, instead of running purge.
I have since then re-installed fail2ban, and once again ran the purge command hoping it would clean and restore everything to the way it was. I still have no outside access and have to create a tunnel. I even removed the iptables files and restarted my server. Using
showed that I only have the default values to accept everything. I am finally at a loss here and don’t know what else to check. I just want to be able to access xx.xxx.xx.xxx:8000 to xx.xxx.xx.xxx:9999.
Results of: iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2364 440K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable 17177 2792K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 141 8308 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,10000 28 1128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 8000:9999 846 46996 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 497 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 57 3745 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " 57 3745 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 25350 7356K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Here is what I have
Results of: netstat -pnlt | grep ':8000' tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 3246/sc_serv
You forgot to make your firewall rule stateful.
Like your working ssh rule, it should include
-m state --state NEW.
You may also need to check for external firewalls, such as Amazon’s “security groups” on EC2.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.