Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have install vm (ubuntu 16.04) in server using kvm and then install unifi controller. Now i need to access that controller using my laptop not that vm. for that i think i should do port forwarding to access that unifi controller using ip address + port number. but i don't know how to do port forwarding. Can anybody help me to do this task. (note: don't wanna to use ssh port forwarding)
Last edited by Sirius7777; 11-16-2018 at 07:26 AM.
Thank for you replying..
its interface is bridged. could you explain the method of allow the port on the firewall. Sorry to bother you but i am new to this environment.
Ports are like doors in the wall reserved only for useful traffic, and your router does a good job of automatically configuring most of the ports you need to safely use the Internet. In some cases, however, you need to tell your router to open up a certain port so a program won’t be blocked. This is called port forwarding, and here’s how to do it.
Assign Your Device a Static IP Address
First, you need to gather some information about your network and assign a static IP address to the device you're using. A static IP address is an unchanging number identifying a device on your network, and to forward a port you first need to give your router the static IP address of the device for which you are opening the port.
1. From a computer connected to your network, click Start, and then type cmd into the search field. Press Enter.
2. Type ipconfig /all in the window that pops up. Press Enter.
3. Record the following numbers listed under your network connection (labeled “Local Area Connection” or “Wireless Network Connection”):
IPv4 Address (or IP Address)
Subnet Mask
Default Gateway
DNS Servers
4. To set a static IP address on a Windows 7 or Vista PC, open Control Panel. Click Network and Internet, then Network and Sharing Center. In the left pane, click Change adapter settings in Windows 7; in Vista, click Manage network connections.
4a. Right-click Local Area Connection; then click Properties.
4b. In the list, select Internet Protocol Version 4 (TCP/IPv4), and click Properties.
4c. Select Use the following IP address. Add 10 to the last digit of your Default Gateway number and enter it into the IP address field. For example, if your Default Gateway is 192.168.1.1, the new number is 192.168.1.11.
4d. Enter the numbers of the Subnet Mask, Default Gateway, and DNS Servers that you recorded earlier into their respective fields. Click OK.
5. To assign a static IP to a printer, video game console, or other device on your network, you’ll need to use the device’s control panel or a Web-based interface.
Forward Ports
Now that you have a static IP assigned to your computer or other network device, log in to your router’s interface and open a port.
1. Open a Web browser, type your Default Gateway number into the address bar, and press Enter.
2. Enter your username and password to access your router’s interface. The default username and password should be listed in your router’s documentation, on a sticker on the side of your router, or on the Port Forward website. If the username and password have been changed from the defaults and you don’t remember them, you’ll need to reset your router.
3. To forward ports on your router, look for a tab or menu labeled “Applications & Gaming,” “Advanced,” “Port Forwarding/Port Triggering,” “NAT/QoS,” or something similar.
4. No matter what the router or interface, you’ll need to enter the same basic information. Enter the port you want to open under Internal and External, or enter a range of ports to open under Start and End. If you aren’t sure what port(s) you need to open for an application, consult this Port Forward list. Some common ports are 25565 (Minecraft), 6881–6887 (BitTorrent clients), and 3724 (World of Warcraft).
5. Choose the Protocol (TCP, UDP, or both).
6. Enter the static IP address you created.
7. Be sure Enable is selected if available. Enter a name under Application if you want, then save the changes.
After you read some, try to figure out the command and post it here. I'll let you know if it is right.
Sorry for the late reply:
According to your given link i used that commands and i am showing command and its output please review it and tell me it is right or wrong.
Hello,
Let me explain to you my task. My task is I have vm (Ubuntu 16.04) on my server and I have install unifi controller on it (unifi controller address is https://localhost:8443) now I want to access unifi controller from my laptop that have install on vm using port forwarding. Could you explain its method please?
Sorry for the late reply:
According to your given link i used that commands and i am showing command and its output please review it and tell me it is right or wrong.
it is not accepting this command? this is first command
While that commend shows you what is allowed and dropped in the firewall I like seeing the rule them selves with this comend:
Code:
iptables -S
What you are showing me is that your firewall is wide open and accepting everything. So the firewall is not stopping you from connecting to port 8443.
Quote:
Originally Posted by Sirius7777
Hello,
Let me explain to you my task. My task is I have vm (Ubuntu 16.04) on my server and I have install unifi controller on it (unifi controller address is https://localhost:8443) now I want to access unifi controller from my laptop that have install on vm using port forwarding. Could you explain its method please?
Anybody can help me with in this?
OK run this command on both the real server and the VM for me and post the output.
You have a lot of repeating lines in this setup. As stated before it doesn't look like you are blocking the port. Which device is this firewall deployed on?
Lines in RED are not needed as they are duplicates.
Quote:
Originally Posted by Sirius7777
here is the result of iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i ens9 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
I need the firewall from both devices. I'm suspecting that the Ubuntu is where the blocking is taken place.
You have a lot of repeating lines in this setup. As stated before it doesn't look like you are blocking the port. Which device is this firewall deployed on?
Lines in RED are not needed as they are duplicates.
Sorry but according to my senior he command me to delete all iptables so i flush all chain now could you explain me the step......
I need the firewall from both devices. I'm suspecting that the Ubuntu is where the blocking is taken place.
and my first device is Ubuntu vm is installed in kvm of server where is unifi controller is installed and i wanna to access Unifi_controller from my windows 10 laptop......
and my first device is Ubuntu vm is installed in kvm of server where is unifi controller is installed and i wanna to access Unifi_controller from my windows 10 laptop......
So the firewall config above is from the Ubuntu server which is a VM correct?
If that is the case is there any other firewall/ACL in front of that?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.