I've done a couple of searches but the topic of opening NIS to the internet but advice seems a bit patchy. I'm running NIS on Linux Centos so am I right in thinking I need to update IPTables and then forward port 7890 on my router to the NIS hosts static IP?
Could some confirm the IPtable entry as I am more experienced with Windows than Linux?
MT
KC
I've done a couple of searches but the topic of opening NIS to the internet but advice seems a bit patchy. I'm running NIS on Linux Centos so am I right in thinking I need to update IPTables and then forward port 7890 on my router to the NIS hosts static IP?
Could some confirm the IPtable entry as I am more experienced with Windows than Linux?
MT
KC
I'm going to guess that you're iptables are still in "default" so it should be enough to configure your router correctly.
I've done a couple of searches but the topic of opening NIS to the internet but advice seems a bit patchy. I'm running NIS on Linux Centos so am I right in thinking I need to update IPTables and then forward port 7890 on my router to the NIS hosts static IP?
Could some confirm the IPtable entry as I am more experienced with Windows than Linux?
MT
KC
I'm going to guess that you're iptables are still in "default" so it should be enough to configure your router correctly.
Hi Pat,
The OS is Centos Minimal which I believe means iptables are on, I had to add a line for local connectivity which looks like:
[code]-A INPUT -i eth0 -p tcp -m tcp --dport 7890 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 7891 -m state --state NEW,ESTABLISHED -j ACCEPT[/code]
Looking at it again I'm guessing I have already done enough as the lines make no reference to local subnet so it should be open to anything once the router is updated?
KC
I've done a couple of searches but the topic of opening NIS to the internet but advice seems a bit patchy. I'm running NIS on Linux Centos so am I right in thinking I need to update IPTables and then forward port 7890 on my router to the NIS hosts static IP?
Could some confirm the IPtable entry as I am more experienced with Windows than Linux?
MT
KC
I'm going to guess that you're iptables are still in "default" so it should be enough to configure your router correctly.
Hi Pat,
The OS is Centos Minimal which I believe means iptables are on, I had to add a line for local connectivity which looks like:
[code]-A INPUT -i eth0 -p tcp -m tcp --dport 7890 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 7891 -m state --state NEW,ESTABLISHED -j ACCEPT[/code]
Looking at it again I'm guessing I have already done enough as the lines make no reference to local subnet so it should be open to anything once the router is updated?
KC
The easy way to test it is to do:
[code]service iptables stop[/code]
(test your nis at ip:7890/node/info)
If that worked, then "service iptables start" and follow my directions below to punch a port.
If you want to test your route port forwarding, just do:
external ip:7890/node/info
If you follow my instructions below and can connect locally but can't connect externally then it is your router setup.
For CentOS try:
# Open the appropriate ports in iptables (NIS and NCC)
[code]
perl -pi.bak -e 's/(.*?--dport 22 .*)/\1\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 7890 -j ACCEPT/' /etc/sysconfig/iptables
perl -pi.bak -e 's/(.*?--dport 22 .*)/\1\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT/' /etc/sysconfig/iptables
[/code]
[code]
service iptables reload
[/code]
You should see:
iptables: Trying to reload firewall rules: [ OK ]
[code]
/etc/init.d/iptables status | grep 7890; /etc/init.d/iptables status | grep 8989
[/code]
You should see:
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:7890
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8989
[code]
netstat -nape | grep 7890
[/code]
You should see:
tcp 0 0 :::7890 :::* LISTEN 601 64881 22865/java
[code]
netstat -nape | grep 8989
[/code]
You should see:
tcp 0 0 :::8989 :::* LISTEN 602 63191 22877/java
[code]
telnet localhost 8989
[/code]
You should see:
Trying ::1...
Connected to localhost.
Escape character is '^]'.
[code]
get /ncc/web/index.html
[/code]
You should see:
(lots of html)
[code]
telnet localhost 7890
[/code]
You should see:
Trying ::1...
Connected to localhost.
Escape character is '^]'.
[code]
get /node/info
[/code]
You should see:
{"metaData":{"application":"?","version":"0.4.39-BETA","platform":"?"},"endpoint":{"protocol":"http","port":7890,"host":"x.x.x.x"},"identity":{"name":"wanker","public-key":"xxxxxxxxxxx"}}
Connection closed by foreign host.
Solix,
Many thanks for the detailed instructions. I found my previous update to the default iptables allowed me to check the /node/info directory successfully. But I then found my router port redirection was incorrect, I have now updated and checked I can use the external IP and also get a response from /node/info. Finally I used an external website to check for port redirection - http://canyouseeme.org/
Many thanks for your help
KC
Now I believe my NIS server is configured correctly how can I check it is available to others and assisting the NEM network? I did a search and found the reference to generating a sigma diagram, http://127.0.0.1:8989/ncc/web/sigma-graph/nemgraph.html But this didn't generating anything using IE or FF
MT
KC