Cann't access website link

Issues related to configuring your network
Post Reply
trungmv
Posts: 8
Joined: 2014/06/11 06:48:53

Cann't access website link

Post by trungmv » 2021/07/28 04:47:28

Hi all,
I have a vm client (IP: 192.168.186.10) running on Proxmox and on this vm is installed ELK following the guide link: https://www.howtoforge.com/how-to-insta ... -centos-8/
After installed, service Elasticsearch and Kibana are running and can browse to http://localhost:5601
On another vm machine (IP: 192.168.186.20), when i browse to ELK server via: http://192.168.186.10:5601 is not successful. Although already permitted 5601 port on ELK server.
How i can resolve this issue?
Any help is appreciate.
Thank you very much.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Cann't access website link

Post by jlehtone » 2021/07/28 05:42:44

trungmv wrote:
2021/07/28 04:47:28
Although already permitted 5601 port on ELK server.
Did you:
* Make the service listen to that port
* Make firewall grant access to that port for the client
* Make SELinux allow service to access that port

trungmv
Posts: 8
Joined: 2014/06/11 06:48:53

Re: Cann't access website link

Post by trungmv » 2021/07/28 06:31:46

Hi Jlehtone,

Here is my configured:
Checking: netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1876/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 979/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 981/cupsd
tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN 5053/node
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1218/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1218/java
tcp6 0 0 :::22 :::* LISTEN 979/sshd
tcp6 0 0 ::1:631 :::* LISTEN 981/cupsd
udp 0 0 192.168.122.1:53 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
udp 0 0 127.0.0.1:323 0.0.0.0:* 832/chronyd
udp 0 0 0.0.0.0:43414 0.0.0.0:* 807/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 807/avahi-daemon: r
udp6 0 0 :::111 :::* 1/systemd
udp6 0 0 ::1:323 :::* 832/chronyd
udp6 0 0 :::33255 :::* 807/avahi-daemon: r
udp6 0 0 :::5353 :::* 807/avahi-daemon: r


Checking: firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens18
sources:
services: cockpit dhcpv6-client http ssh
ports: 5601/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:


Checking: cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


Thanks so much,

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Cann't access website link

Post by jlehtone » 2021/07/28 09:24:08

Code: Select all

Proto Recv-Q Send-Q Local Address  Foreign Address State  PID/Program name
tcp   0      0      127.0.0.1:5601 0.0.0.0:*       LISTEN 5053/node
You listen only 127.0.0.1:5601


PS. There is a replacement for 'netstat': the 'ss':
ss - another utility to investigate sockets
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools.

Code: Select all

[jlehtone]$ sudo ss -plntu
Netid  State   Recv-Q  Send-Q   Local Address:Port     Peer Address:Port  Process                                                    
udp    UNCONN  0       0              0.0.0.0:5353          0.0.0.0:*      users:(("avahi-daemon",pid=996,fd=15))                    
udp    UNCONN  0       0              0.0.0.0:38224         0.0.0.0:*      users:(("avahi-daemon",pid=996,fd=17))                    
udp    UNCONN  0       0              0.0.0.0:111           0.0.0.0:*      users:(("rpcbind",pid=938,fd=5),("systemd",pid=1,fd=29))  
udp    UNCONN  0       0            127.0.0.1:323           0.0.0.0:*      users:(("chronyd",pid=1003,fd=6))                         
udp    UNCONN  0       0                 [::]:5353             [::]:*      users:(("avahi-daemon",pid=996,fd=16))                    
udp    UNCONN  0       0                    *:58567               *:*      users:(("teams",pid=2744,fd=68))                          
udp    UNCONN  0       0                 [::]:60616            [::]:*      users:(("avahi-daemon",pid=996,fd=18))                    
udp    UNCONN  0       0                 [::]:111              [::]:*      users:(("rpcbind",pid=938,fd=7),("systemd",pid=1,fd=33))  
udp    UNCONN  0       0                [::1]:323              [::]:*      users:(("chronyd",pid=1003,fd=7))                         
tcp    LISTEN  0       128            0.0.0.0:111           0.0.0.0:*      users:(("rpcbind",pid=938,fd=4),("systemd",pid=1,fd=25))  
tcp    LISTEN  0       128            0.0.0.0:22            0.0.0.0:*      users:(("sshd",pid=1151,fd=5))                            
tcp    LISTEN  0       5            127.0.0.1:631           0.0.0.0:*      users:(("cupsd",pid=1150,fd=10))                          
tcp    LISTEN  0       128               [::]:111              [::]:*      users:(("rpcbind",pid=938,fd=6),("systemd",pid=1,fd=31))  
tcp    LISTEN  0       128               [::]:22               [::]:*      users:(("sshd",pid=1151,fd=7))                            
tcp    LISTEN  0       5                [::1]:631              [::]:*      users:(("cupsd",pid=1150,fd=9))                           

[jlehtone]$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1151/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1150/cupsd          
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1151/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1150/cupsd          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           996/avahi-daemon: r 
udp        0      0 0.0.0.0:38224           0.0.0.0:*                           996/avahi-daemon: r 
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/systemd           
udp        0      0 127.0.0.1:323           0.0.0.0:*                           1003/chronyd        
udp6       0      0 :::5353                 :::*                                996/avahi-daemon: r 
udp6       0      0 :::58567                :::*                                2744/teams --type=r 
udp6       0      0 :::60616                :::*                                996/avahi-daemon: r 
udp6       0      0 :::111                  :::*                                1/systemd           
udp6       0      0 ::1:323                 :::*                                1003/chronyd       

trungmv
Posts: 8
Joined: 2014/06/11 06:48:53

Re: Cann't access website link

Post by trungmv » 2021/07/28 09:59:32

Hi,
Here is my result:

[root@log01 ~]# lsof -i -P -n | grep LISTEN | grep 5601
node 5053 kibana 24u IPv4 82343 0t0 TCP 127.0.0.1:5601 (LISTEN)
[root@log01 ~]# ss -plntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=5))
udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=3))
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=5),("systemd",pid=1,fd=39))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=832,fd=6))
udp UNCONN 0 0 0.0.0.0:43414 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=17))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=15))
udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=7),("systemd",pid=1,fd=41))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=832,fd=7))
udp UNCONN 0 0 [::]:33255 [::]:* users:(("avahi-daemon",pid=807,fd=18))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=807,fd=16))
tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=4),("systemd",pid=1,fd=38))
tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=6))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=979,fd=5))
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=981,fd=10))
tcp LISTEN 0 128 127.0.0.1:5601 0.0.0.0:* users:(("node",pid=5053,fd=24))
tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=6),("systemd",pid=1,fd=40))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9200 *:* users:(("java",pid=1218,fd=289))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9300 *:* users:(("java",pid=1218,fd=286))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=979,fd=7))
tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=981,fd=9))


Ay help is appreciate

Thanks,

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Cann't access website link

Post by jlehtone » 2021/07/28 11:37:15

Your program, 'node', listens only 127.0.0.1:5601. Not 192.168.186.10:5601, nor *:5601.

You have to configure your program to listen where you want.

You did follow some "guide". It told you to listen only 127.0.0.1:5601. Did it have a (security) reason for that?
Alternative: If you can ssh to the server, then you can use ssh to tunnel traffic. That way the browser in your client can access 127.0.0.1:5601 in the server.


PS. Disabling SELinux is not a good idea. You should enable it, but you can set into "permissive" mode. That will still allow everything, but log access that would have been denied. That log can be used to create custom SELinux policies. With those in place your services can run even with strict SELinux.

trungmv
Posts: 8
Joined: 2014/06/11 06:48:53

Re: Cann't access website link

Post by trungmv » 2021/07/28 12:27:46

Hi jlehtone,
Thanks for advised,
I changed 127.0.0.1 to 192.168.186.10 and working now. Also change Selinux as you mentioned.
By the way, as your point which is the best for Centralize logging system to collect logs, warning and notify from Linux, windows environment?
Coz, i am newbie so just study ELK and Rsyslog.
Any help is very appreciate,
Thanks,

Post Reply