Help me kawans.. sudah saya coba petunjuk dari beberapa sumber, tapi belum bisa
membuat saya membrowse port 8080 dari luar..
kenapa yah? mohon bantuannya walau sebatas membalas email :)
berikut setingan firewall : /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="eth0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="zone:ext"
FW_MASQ_NETS="0/0"
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="8080"
FW_SERVICES_EXT_UDP="8080"
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT="sshd"
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ="sshd"
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_DROP_DMZ=""
FW_SERVICES_DROP_INT=""
FW_SERVICES_REJECT_EXT=""
FW_SERVICES_REJECT_DMZ=""
FW_SERVICES_REJECT_INT=""
FW_SERVICES_ACCEPT_EXT=""
FW_SERVICES_ACCEPT_DMZ=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_RELATED_EXT="0/0,"
FW_SERVICES_ACCEPT_RELATED_DMZ=""
FW_SERVICES_ACCEPT_RELATED_INT=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_REJECT=""
FW_FORWARD_DROP=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_ZONE_DEFAULT=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES="nf_conntrack_netbios_ns"
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_FORWARD_ALLOW_BRIDGING=""
FW_WRITE_STATUS=""
FW_RUNTIME_OVERRIDE=""
FW_LO_NOTRACK=""
FW_BOOT_FULL_INIT=""
-------------------------------------------------------------------------------------------------
anak:/home/aneuk # iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
39 6500 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
137 9465 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
2216 180K input_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- usb0 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix
`SFW2-IN-ILL-TARGET '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix
`SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
39 6500 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
129 13764 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix
`SFW2-OUT-ERROR '
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (4 references)
pkts bytes target prot opt in out source destination
1985 167K DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4
1 32 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:8080 flags:0x17/0x02 LOG
flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8080
3 156 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG
flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
15 780 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:8080
1 440 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
24 1240 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6
level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix
`SFW2-INext-DROP-DEFLT '
16 1168 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 state NEW LOG flags 6 level 4
prefix `SFW2-INext-DROP-DEFLT '
214 11900 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-proto-unreachable
You have new mail in /var/mail/root
------------------------------------------------------------------------------------------------------
anak:/home/aneuk # netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:12525 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 123.109.1.93:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:663 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 1224 123.109.1.93:22 172.254.254.40:52395 ESTABLISHED
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
tcp 0 0 127.0.0.1:8005 :::* LISTEN
tcp 0 0 :::8009 :::* LISTEN
an3uk
http://blog.adikcilak.com
________________________________
From: an3uk <[email protected]>
To: [email protected]; Mailing List Komunitas openSUSE Indonesia
<[email protected]>
Sent: Thu, 16 June, 2011 5:01:18 PM
Subject: Re: [*openSUSE-ID*] Buka port 8080?
Brothers..
terima kasih bantuannya hari ini..
besok kita lanjutkan lagi.. hahaha..
an3uk
http://blog.adikcilak.com
________________________________
From: medwinz <[email protected]>
To: Mailing List Komunitas openSUSE Indonesia <[email protected]>
Sent: Thu, 16 June, 2011 4:17:39 PM
Subject: Re: [*openSUSE-ID*] Buka port 8080?
2011/6/16 an3uk <[email protected]>:
> Saya makek mentah setingan defaultnya brur..
> belum di utak-atik apa.. ini lagi lihat setingan di SuSEFirewall :D
>
>
> an3uk
> http://blog.adikcilak.com
>
Pay attention ke baris
FW_SERVICES_EXT_TCP=""
isi misalnya dengan
FW_SERVICES_EXT_TCP="8080"
Perhatikan juga posisi eth anda sebagai external network, dmz atau
internal network.
Jangan lupa baca bagian yang dicomment.
Biasanya settingan ipv4 dan ipv6 berikut portnya juga ada di
aplikasinya. Coba cek sekali lagi konfigurasi Tomcatnya jangan-jangan
ada yang terlewat, misalnya listen melalui apa localhost, 127.0.0.1
atau FQDN.
salam,
--
medwinz
http://medwinz.blogsome.com
http://en.opensuse.org/User:Medwin
[email protected]
openSUSE community member
______________________________________________
---
Info Milis : http://opensuse.or.id/milis
Keluar dari Milis : Kirim email ke [email protected]
Manajemen Keanggotaan :
http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
______________________________________________
---
Info Milis : http://opensuse.or.id/milis
Keluar dari Milis : Kirim email ke [email protected]
Manajemen Keanggotaan :
http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
______________________________________________
---
Info Milis : http://opensuse.or.id/milis
Keluar dari Milis : Kirim email ke [email protected]
Manajemen Keanggotaan :
http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
