Skip to content

Instantly share code, notes, and snippets.

@mrladeia

mrladeia/readme.md

Last active October 29, 2024 14:09
Show Gist options
  • Save mrladeia/da43fc783610758c6dbcaba22b4f7acd to your computer and use it in GitHub Desktop.
Save mrladeia/da43fc783610758c6dbcaba22b4f7acd to your computer and use it in GitHub Desktop.
Download ZIP
Iptables to Oracle Cloud port 80 and 443 open
Raw
readme.md

IPTABLES to Oracle Cloud port 80 and 443 open

If you need to open up ports 80 and 443, on file /etc/iptables/rules.v4 just add

-A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT

directly below

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

And reboot OR run bellow

sudo /sbin/iptables-restore < /etc/iptables/rules.v4

Thanks for the suggestion @11k

Another way

See that some lines of the rules.v4 file are commented with # at the beginning

Raw
rules.v4
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
# iptables configuration for Oracle Cloud Infrastructure
# See the Oracle-Provided Images section in the Oracle Cloud Infrastructure
# documentation for security impact of modifying or removing these rule
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [463:49013]
:InstanceServices - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -d 169.254.0.0/16 -j InstanceServices
-A InstanceServices -d 169.254.0.2/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or re$
-A InstanceServices -d 169.254.2.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or re$
#-A InstanceServices -d 169.254.0.2/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACC$
-A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j $
-A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j $
#-A InstanceServices -d 169.254.0.3/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or rem$
#-A InstanceServices -d 169.254.0.4/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACC$
#-A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j$
-A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 67 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j $
-A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 69 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j $
-A InstanceServices -d 169.254.169.254/32 -p udp --dport 123 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
#-A InstanceServices -d 169.254.0.0/16 -p tcp -m tcp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --rejec$
#-A InstanceServices -d 169.254.0.0/16 -p udp -m udp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --rejec$
COMMIT
@cantalupo555
Copy link

cantalupo555 commented Jan 23, 2023
edited
Loading

@theinhumaneme @AethLi @11k
Is there any way for IPv4 to work in FTP (VSFTPD) with Ubuntu 22.04?
IPv6 works perfectly well, there are currently no restrictions concerning IPv6.

-A INPUT -p tcp --dport 20 -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 12000:12100 -j ACCEPT

This made it work smoothly on IPv4 using Fileziila.
However, I have an application that needs to connect to FTP. The login succeeds, but I couldn't do anything but connect.

It shows this error.
"227 entering passive mode ftp error"

I tried everything, so I came to the conclusion that the problem is the Firewall blocking IPv4.

@charles-leal
Copy link

portchecker.co

Obrigado pela ajuda, meus serviços começaram a funcionar, depois que configurei um serviço para as portas, obrigado pela ajuda😄, muito apreciado e obrigado pelo seu tempo😄

@theinhumaneme @AethLi @11k Is there any way for IPv4 to work in FTP (VSFTPD) with Ubuntu 22.04? IPv6 works perfectly well, there are currently no restrictions concerning IPv6.

-A INPUT -p tcp --dport 20 -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 12000:12100 -j ACCEPT

This made it work smoothly on IPv4 using Fileziila. However, I have an application that needs to connect to FTP. The login succeeds, but I couldn't do anything but connect.

It shows this error. "227 entering passive mode ftp error"

I tried everything, so I came to the conclusion that the problem is the Firewall blocking IPv4.

Hello goodnight!
I'm facing the same problem you had, I've done everything and I can't access port 80 or 443.
Could you help me by showing how you did it?

Thank you very much!

@abdulsaheel
Copy link

this is not working.. getting following error:

iptables-restore v1.8.7 (legacy): Couldn't load target `$':No such file or directory

Have you found the solution?

@Coltuna
Copy link

Coltuna commented Sep 15, 2024
edited
Loading

image
image
image

I am trying to open my port 2333. I have tried everything even flushing my IP table to make sure that nothing is being blocked.
I do have a service running on this port but somehow unable to open ports.
I do a have a backup of IP table rules. If someone could figure out why it's not working?

@rasibn
Copy link

rasibn commented Oct 26, 2024

I just had to do was restart server 💀

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment