can't connect to icecast2 from remote
Yesterday I installed icecast2 on my ubuntu 12.04 server.
apt-get install icecast2
The problem is that I can see the admin interface only from localhost, for example typing
lynx
but it doesn't work if i attempt to connect from remote, my pc at my home.
if I type:
the browser is waiting and at the end it says it is impossible to connect.
I gave a look to my /etc/icecast2/icecast2.xml file and for what I can say, it is ok, I changed password, I made several attempt to modify hostname, putting my hostname, my ip number, my website, but nothing.
I tried to disable the firewall:
ufw disable
but still nothing.
in the access.log of icecast2, there are no presence of my connection attempt from remote.
What can I do?
do you think I should add some forwardings rules?
I'm start thinking it is not a icecast2 problem, but really I don't know how to solve.
thank you.
5 Replies
netstat -plnt
Also, to double-check firewally stuff,
iptables -L -n -v
My hunch is that, because it's the administrative interface, it's only bound to 127.0.0.1 or ::1 by default.
this is the output of all command you suggest me, I hope you can help me because now it is quite hard.
root@mail2:/# netstat -plnt | more
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 20287/icecast2
so icecast2 exist but I see 0.0.0.0. what does it mean?
instead about the firewall I'm not able to understand all this messages, so here it is:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
38598 7596K fail2ban-courierauth tcp – * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
39821 7740K fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
455K 89M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
202K 19M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
18 864 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
18952 7841K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 152 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
20229 1108K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
77 4017 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
87 3904 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2652 235K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
3391 1870K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
20064 1592K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
36692 6277K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 208 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 BLACKLIST all -- eth0 * 10.0.0.0/8 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 172.16.0.0/12 0.0.0.0/0
0 0 BLACKLIST all -- eth0 * 192.168.0.0/16 0.0.0.0/0
792 47042 LOG_DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
455K 89M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
625 68106 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
8308 6863K ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
243K 266M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmptype 8
1 328 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
16892 1299K ACCEPT udp -- * eth0 0.0.0.0/0 109.74.192.0/21 udp dpt:53
509 38684 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:123
41228 3033K LOG_DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain BLACKLIST (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_DROP (2 references)
pkts bytes target prot opt in out source destination
42020 3080K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-courierauth (1 references)
pkts bytes target prot opt in out source destination
38576 7595K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-sasl (1 references)
pkts bytes target prot opt in out source destination
39658 7732K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
I disabled the fw with ufw, but what do you think about it?
still thank you!
So in your iptables INPUT chain, there's a rule there to ACCEPT traffic with destination port 8000, but it comes after a rule to send all traffic to LOG_DROP (which unceremoniously DROPs traffic). How did you add that rule? Did you manually hand-jam it into iptables, or did you use 'ufw allow …' to do it?
if I remember correctly, I added it with ufw, with:
ufw allow 8000 with the hope that it will solve my problem.
I made another test, I connected to my linode machine with ssh and setted it to act as a tunnel proxy for my windows pc with firefox.
as I expect, if I digit:
178.79.148.185:8000
firefox shows me correctly the admin interface of icecast, because I think it remain a local connection, from the point of view of the linode machine.
For you can understand, is it a firewall problem?
Try uninstalling fail2ban and see if ufw works better. Two things messing with firewall rules at once is probably bad.