Streisand: How to open a port ?

Created on 9 Mar 2017  路  7Comments  路  Source: StreisandEffect/streisand

Hi, I am running streisand on digitalocean. I have a Raspberry Pi connected to streisand via OpenVPN (direct). I want to be able to use Transmission (torrent app on the raspberry) to download ISO images but the app requires port (for example) 51415 open. How do I open the port on the streisand server ?

Cheers!

arefirewall kinquestion statuinformation-needed

Most helpful comment

If your OpenVPN runs on the streisand default port 636, then forward 51415 to 636.

1) Login to your Streisand server as root
2) Allow the port you need
ufw allow 51415
3) Add a before filter section in /etc/ufw/before.rules (at the top of file):

*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 51415 -j REDIRECT --to-port 636
COMMIT

4) reboot the server

All 7 comments

You can try sudo ufw allow "port number". You have to replace "port number" with your desired port number, which is 51415 in this case.

I have tried that with different ports (plus some other things) but I still get ports closed :/ Here is my output from ufw rules below.
If on the app I set 443 (it shows open obviously) so I'm not really sure what I am missing here :(
I have also tried doing sudo ufw disable but this changes nothing on the application giving the port as closed. I am also adding to the bottom the output of iptables on my local machine (I don't have ufw running there).

root@streisand:~# sudo ufw status
Status: active

To Action From
-- ------ ----
22/tcp ALLOW Anywhere
500/udp ALLOW Anywhere
1701/udp ALLOW Anywhere
4500/udp ALLOW Anywhere
443/tcp ALLOW Anywhere
53/udp ALLOW 192.168.1.0/24
4443 ALLOW Anywhere
53/udp ALLOW 10.8.0.0/24
53/udp ALLOW 10.9.0.0/24
636/tcp ALLOW Anywhere
8757/udp ALLOW Anywhere
8530/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
8443/tcp ALLOW Anywhere
9443/tcp ALLOW Anywhere
53/udp ALLOW 10.192.122.0/24
51820/udp ALLOW Anywhere
51413/tcp ALLOW Anywhere
51413/udp ALLOW Anywhere
51413 ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
500/udp (v6) ALLOW Anywhere (v6)
1701/udp (v6) ALLOW Anywhere (v6)
4500/udp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
4443 (v6) ALLOW Anywhere (v6)
636/tcp (v6) ALLOW Anywhere (v6)
8757/udp (v6) ALLOW Anywhere (v6)
8530/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
8443/tcp (v6) ALLOW Anywhere (v6)
9443/tcp (v6) ALLOW Anywhere (v6)
51820/udp (v6) ALLOW Anywhere (v6)
51413/tcp (v6) ALLOW Anywhere (v6)
51413/udp (v6) ALLOW Anywhere (v6)
51413 (v6) ALLOW Anywhere (v6)

pi@raspberrypi:~ $ sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51413

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413

I have also tested from a different computer (diff OS as well) and same issue while connected to streisand. As soon as I disable tunnelbrick (osx) I get the port open.

I don't understand the problem: in the ufw status above on the streisand instance. It shows that your port number 51415 is not open. So perhaps you need to run ufw allow 51415 on your streisand instance. (No need to sudo since you are root) My hunch is that since you use openvpn, therefore all your local traffic goes to the remote port functioning for openvpn. May be you should try some proxy service like 'shadowsocks' for browsing and use your the other port for torrenting?

@silvetti How are you testing that the ports are not opened? Have you tried enabling logging (ufw logging on) and seeing if there are messages in syslog from UFW blocking traffic on the ports you believe you opened?

I'm going to close this issue as stale since there hasn't been a response to my question from April 6th. Thanks - please reopen if you still require assistance.

If your OpenVPN runs on the streisand default port 636, then forward 51415 to 636.

1) Login to your Streisand server as root
2) Allow the port you need
ufw allow 51415
3) Add a before filter section in /etc/ufw/before.rules (at the top of file):

*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 51415 -j REDIRECT --to-port 636
COMMIT

4) reboot the server

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Lexy2 picture Lexy2  路  5Comments

damko picture damko  路  5Comments

Vonkenator picture Vonkenator  路  5Comments

tomchiverton picture tomchiverton  路  6Comments

hamidzr picture hamidzr  路  3Comments