Cann't access website link
Cann't access website link
Hi all,
I have a vm client (IP: 192.168.186.10) running on Proxmox and on this vm is installed ELK following the guide link: https://www.howtoforge.com/how-to-insta ... -centos-8/
After installed, service Elasticsearch and Kibana are running and can browse to http://localhost:5601
On another vm machine (IP: 192.168.186.20), when i browse to ELK server via: http://192.168.186.10:5601 is not successful. Although already permitted 5601 port on ELK server.
How i can resolve this issue?
Any help is appreciate.
Thank you very much.
I have a vm client (IP: 192.168.186.10) running on Proxmox and on this vm is installed ELK following the guide link: https://www.howtoforge.com/how-to-insta ... -centos-8/
After installed, service Elasticsearch and Kibana are running and can browse to http://localhost:5601
On another vm machine (IP: 192.168.186.20), when i browse to ELK server via: http://192.168.186.10:5601 is not successful. Although already permitted 5601 port on ELK server.
How i can resolve this issue?
Any help is appreciate.
Thank you very much.
Re: Cann't access website link
Hi Jlehtone,
Here is my configured:
Checking: netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1876/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 979/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 981/cupsd
tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN 5053/node
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1218/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1218/java
tcp6 0 0 :::22 :::* LISTEN 979/sshd
tcp6 0 0 ::1:631 :::* LISTEN 981/cupsd
udp 0 0 192.168.122.1:53 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
udp 0 0 127.0.0.1:323 0.0.0.0:* 832/chronyd
udp 0 0 0.0.0.0:43414 0.0.0.0:* 807/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 807/avahi-daemon: r
udp6 0 0 :::111 :::* 1/systemd
udp6 0 0 ::1:323 :::* 832/chronyd
udp6 0 0 :::33255 :::* 807/avahi-daemon: r
udp6 0 0 :::5353 :::* 807/avahi-daemon: r
Checking: firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens18
sources:
services: cockpit dhcpv6-client http ssh
ports: 5601/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Checking: cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Thanks so much,
Here is my configured:
Checking: netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1876/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 979/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 981/cupsd
tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN 5053/node
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1218/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1218/java
tcp6 0 0 :::22 :::* LISTEN 979/sshd
tcp6 0 0 ::1:631 :::* LISTEN 981/cupsd
udp 0 0 192.168.122.1:53 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1876/dnsmasq
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
udp 0 0 127.0.0.1:323 0.0.0.0:* 832/chronyd
udp 0 0 0.0.0.0:43414 0.0.0.0:* 807/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 807/avahi-daemon: r
udp6 0 0 :::111 :::* 1/systemd
udp6 0 0 ::1:323 :::* 832/chronyd
udp6 0 0 :::33255 :::* 807/avahi-daemon: r
udp6 0 0 :::5353 :::* 807/avahi-daemon: r
Checking: firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens18
sources:
services: cockpit dhcpv6-client http ssh
ports: 5601/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Checking: cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Thanks so much,
Re: Cann't access website link
You listen only 127.0.0.1:5601Code: Select all
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN 5053/node
PS. There is a replacement for 'netstat': the 'ss':
ss - another utility to investigate sockets
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools.
Code: Select all
[jlehtone]$ sudo ss -plntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=996,fd=15))
udp UNCONN 0 0 0.0.0.0:38224 0.0.0.0:* users:(("avahi-daemon",pid=996,fd=17))
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=938,fd=5),("systemd",pid=1,fd=29))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=1003,fd=6))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=996,fd=16))
udp UNCONN 0 0 *:58567 *:* users:(("teams",pid=2744,fd=68))
udp UNCONN 0 0 [::]:60616 [::]:* users:(("avahi-daemon",pid=996,fd=18))
udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=938,fd=7),("systemd",pid=1,fd=33))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=1003,fd=7))
tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=938,fd=4),("systemd",pid=1,fd=25))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1151,fd=5))
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=1150,fd=10))
tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=938,fd=6),("systemd",pid=1,fd=31))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1151,fd=7))
tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=1150,fd=9))
[jlehtone]$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1151/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1150/cupsd
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1151/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1150/cupsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 996/avahi-daemon: r
udp 0 0 0.0.0.0:38224 0.0.0.0:* 996/avahi-daemon: r
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
udp 0 0 127.0.0.1:323 0.0.0.0:* 1003/chronyd
udp6 0 0 :::5353 :::* 996/avahi-daemon: r
udp6 0 0 :::58567 :::* 2744/teams --type=r
udp6 0 0 :::60616 :::* 996/avahi-daemon: r
udp6 0 0 :::111 :::* 1/systemd
udp6 0 0 ::1:323 :::* 1003/chronyd
Re: Cann't access website link
Hi,
Here is my result:
[root@log01 ~]# lsof -i -P -n | grep LISTEN | grep 5601
node 5053 kibana 24u IPv4 82343 0t0 TCP 127.0.0.1:5601 (LISTEN)
[root@log01 ~]# ss -plntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=5))
udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=3))
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=5),("systemd",pid=1,fd=39))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=832,fd=6))
udp UNCONN 0 0 0.0.0.0:43414 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=17))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=15))
udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=7),("systemd",pid=1,fd=41))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=832,fd=7))
udp UNCONN 0 0 [::]:33255 [::]:* users:(("avahi-daemon",pid=807,fd=18))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=807,fd=16))
tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=4),("systemd",pid=1,fd=38))
tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=6))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=979,fd=5))
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=981,fd=10))
tcp LISTEN 0 128 127.0.0.1:5601 0.0.0.0:* users:(("node",pid=5053,fd=24))
tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=6),("systemd",pid=1,fd=40))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9200 *:* users:(("java",pid=1218,fd=289))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9300 *:* users:(("java",pid=1218,fd=286))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=979,fd=7))
tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=981,fd=9))
Ay help is appreciate
Thanks,
Here is my result:
[root@log01 ~]# lsof -i -P -n | grep LISTEN | grep 5601
node 5053 kibana 24u IPv4 82343 0t0 TCP 127.0.0.1:5601 (LISTEN)
[root@log01 ~]# ss -plntu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=5))
udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=3))
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=5),("systemd",pid=1,fd=39))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=832,fd=6))
udp UNCONN 0 0 0.0.0.0:43414 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=17))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=807,fd=15))
udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=7),("systemd",pid=1,fd=41))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=832,fd=7))
udp UNCONN 0 0 [::]:33255 [::]:* users:(("avahi-daemon",pid=807,fd=18))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=807,fd=16))
tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=774,fd=4),("systemd",pid=1,fd=38))
tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1876,fd=6))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=979,fd=5))
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=981,fd=10))
tcp LISTEN 0 128 127.0.0.1:5601 0.0.0.0:* users:(("node",pid=5053,fd=24))
tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=774,fd=6),("systemd",pid=1,fd=40))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9200 *:* users:(("java",pid=1218,fd=289))
tcp LISTEN 0 128 [::ffff:127.0.0.1]:9300 *:* users:(("java",pid=1218,fd=286))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=979,fd=7))
tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=981,fd=9))
Ay help is appreciate
Thanks,
Re: Cann't access website link
Your program, 'node', listens only 127.0.0.1:5601. Not 192.168.186.10:5601, nor *:5601.
You have to configure your program to listen where you want.
You did follow some "guide". It told you to listen only 127.0.0.1:5601. Did it have a (security) reason for that?
Alternative: If you can ssh to the server, then you can use ssh to tunnel traffic. That way the browser in your client can access 127.0.0.1:5601 in the server.
PS. Disabling SELinux is not a good idea. You should enable it, but you can set into "permissive" mode. That will still allow everything, but log access that would have been denied. That log can be used to create custom SELinux policies. With those in place your services can run even with strict SELinux.
You have to configure your program to listen where you want.
You did follow some "guide". It told you to listen only 127.0.0.1:5601. Did it have a (security) reason for that?
Alternative: If you can ssh to the server, then you can use ssh to tunnel traffic. That way the browser in your client can access 127.0.0.1:5601 in the server.
PS. Disabling SELinux is not a good idea. You should enable it, but you can set into "permissive" mode. That will still allow everything, but log access that would have been denied. That log can be used to create custom SELinux policies. With those in place your services can run even with strict SELinux.
Re: Cann't access website link
Hi jlehtone,
Thanks for advised,
I changed 127.0.0.1 to 192.168.186.10 and working now. Also change Selinux as you mentioned.
By the way, as your point which is the best for Centralize logging system to collect logs, warning and notify from Linux, windows environment?
Coz, i am newbie so just study ELK and Rsyslog.
Any help is very appreciate,
Thanks,
Thanks for advised,
I changed 127.0.0.1 to 192.168.186.10 and working now. Also change Selinux as you mentioned.
By the way, as your point which is the best for Centralize logging system to collect logs, warning and notify from Linux, windows environment?
Coz, i am newbie so just study ELK and Rsyslog.
Any help is very appreciate,
Thanks,