Comments (10)
psifertex
commented on May 19, 2024
Also: 8888/TCP (tinyproxy), 1701/UDP (L2TP), and some of those ports are random and will be different every time. Of course, that list could be dynamically generated by ansible which would be a good idea. Would be possible to put all but the two dynamic ones in the readme, and the dynamic could go in the generated html or some other doc on the server.
from streisand.
psifertex
commented on May 19, 2024
Here's a prettier list I'll try to update as I figure out the different defaults and services. Done in the style of /etc/services
Services
ssh 22/tcp OpenSSH
http 80/tcp not sure, not running on my machine
https 443/tcp nginx
ldaps 636/tcp OpenVPN
l2tp 1701/udp xl2tpd
http-proxy 8888/tcp tinyproxy
tor 8443/tcp tor
from streisand.
sporkman
commented on May 19, 2024
Ah, thanks. I'd picked out quite a few (including some from the generated configs), but Tor was not working with the firewall enabled. I did not realize that some services were using randomly-generated port numbers.
+1 for ansible spitting out a list of ports when it's done running the playbook.
from streisand.
jlund
commented on May 19, 2024
I can make this happen!
FYI ports 80 and 8888 are bound to localhost, so they don't need to be opened up on a firewall. Port 80 is for the Tor Hidden Service, and 8888 is so SSH tunnel users can run applications that support HTTP proxies but that don't support SOCKS.
L2TP/IPsec requires some additional ports as well. I will get a "Firewall Information" link added to the bottom of the Gateway page, and it will include the dynamic Tor ports too.
from streisand.
psifertex
commented on May 19, 2024
So on all the instances I've installed, 8888 most definitely isn't bound to localhost. Maybe you meant 8181 (localhost) or 1080 (tun interface)? If not, might be a bug.
from streisand.
jlund
commented on May 19, 2024
The Tinyproxy role has a task that explicitly sets the Listen address to 127.0.0.1 for the service it runs on port 8888. This appears to be working on Debian but is possibly broken on the Ubuntu 14.04 instances you've started?
from streisand.
jlund
commented on May 19, 2024
The format of the tinyproxy.conf file does not appear to have changed between Debian 7 and Ubuntu 14.04. I will have to dig more into this later, but none of the Streisand servers that I've set up have port 8888 open to the world.
from streisand.
psifertex
commented on May 19, 2024
Strange. After rebooting the VM, it does appear to be correctly listening on loopback. Which is bizzare because I'm quite certain it wasn't before. Odd.
Also, the working image I'm on now is 12.04. I might go back to 14.04 to troubleshoot things there since it would be nice to be on the latest LTS.
from streisand.
pnegahdar
commented on May 19, 2024
For reference my run on AWS opened the following ports in the streisand rule:
Ports Protocol Source streisand-streisand-1
59896 tcp 0.0.0.0/0 ✔
47578 tcp 0.0.0.0/0 ✔
22 tcp 0.0.0.0/0 ✔
993 tcp 0.0.0.0/0 ✔
8443 tcp 0.0.0.0/0 ✔
636 tcp 0.0.0.0/0 ✔
8530 tcp 0.0.0.0/0 ✔
443 tcp 0.0.0.0/0 ✔
from streisand.
jlund
commented on May 19, 2024
Done! Thanks for the suggestion.
from streisand.
Related Issues (20)
- Google Cloud
- problem in Refresh the Streisand GPG keyring with keyserver information - Ubuntu 16 HOT 5
- Install fails at "Add the Wireguard PPA" HOT 6
- Error if Install Python using a raw SSH command to enable the execution of Ansible modules
- Wait for the GPG agent and dirmngr control sockets]
- Not possible to install v2ray-plugin any more due to go version conflicts HOT 3
- Giving error at final step HOT 1
- Feedback on installation - Built from Mint 19.3 on real hardware to DigitalOcean droplet HOT 1
- HOWTO: install streisand on ubuntu16 - 2020-11-04 HOT 2
- Feature request: DNS services enabled via manual device setup
- The whole scripts needs update HOT 5
- HOWTO Install on Ubuntu 20.04 HOT 6
- Invalid type for parameter Unit when installing on AWS from Mac HOT 2
- UNREACHABLE! Failed to connect to the host via ssh
- Window 10 Using WSL
- The directory ./venv already exists, and it does not appear to contain a Python virtualenv.
- error install Ubuntu 16.04 HOT 4
- FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information HOT 6
- Streisand
- This repository has been marked as archived, but the streisand-discussions repo will remain open
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from streisand.