COCKOS
CONFEDERATED FORUMS
Cockos : REAPER : NINJAM : Forums
Forum Home : Register : FAQ : Members List : Search :
Old 07-07-2010, 10:35 AM   #1
Komuso
Human being with feelings
 
Join Date: Jan 2007
Posts: 60
Default Iptable entry

Hi,
I've had ninjam running on EC2 for quite a while but am testing out another cloud provider atm.

I'm running on Debian 5 but can't seem to get the right iptable entry for Ninjam to work. Anyone got any clues?

ty!
Komuso is offline   Reply With Quote
Old 07-07-2010, 12:32 PM   #2
pljones
Human being with feelings
 
pljones's Avatar
 
Join Date: Aug 2007
Location: London, UK
Posts: 598
Default

What port or ports are you running? 2049, others?

Does your new cloud provider restrict the range of ports you can open? (They may port block regardless of your VM's firewall rules.)
__________________
Quote:
Originally Posted by Tony Williams
...Playing fast around the drums is one thing. But to play with people for others, to listen to, that's something else. That's a whole other world.
pljones is offline   Reply With Quote
Old 07-07-2010, 04:43 PM   #3
Komuso
Human being with feelings
 
Join Date: Jan 2007
Posts: 60
Default

Quote:
Originally Posted by pljones View Post
What port or ports are you running? 2049, others?

Does your new cloud provider restrict the range of ports you can open? (They may port block regardless of your VM's firewall rules.)

I've tried 2049 and also 891. I have shoutcast running fine on 8000/8001 so I don't think they are blocking any ports.

I'm testing a basic server at http://www.rackspacecloud.com/ just to see what they are like. Thought I'd go all the way and lock down linux properly.

The Iptable is just basic atm:
*filter


# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT


# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT


# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT


# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport xxxx -j ACCEPT

#Shoutcast
-A INPUT -p tcp -i eth0 --dport 8000 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 8001 -m state --state NEW -j ACCEPT

#Ninjam
-A INPUT -p tcp -i eth0 --dport 2049 -m state --state NEW -j ACCEPT



# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT


# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7


# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT
Komuso is offline   Reply With Quote
Old 07-07-2010, 08:14 PM   #4
Komuso
Human being with feelings
 
Join Date: Jan 2007
Posts: 60
Default

Quote:
Originally Posted by pljones View Post
What port or ports are you running? 2049, others?

Does your new cloud provider restrict the range of ports you can open? (They may port block regardless of your VM's firewall rules.)
It's realy weird. Trying port 2030, set up in iptables same as shoutcast.
It connects, but I get invalid login no matter what user/pwd I use as set up in the config.
I don't understand what the log file is saying here:
[2010/06/08 03:06:38] Incoming connection from 118.152.44.97!
[2010/06/08 03:06:38] got login request for 'admin'
[2010/06/08 03:06:38] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 03:06:38] 118.152.44.97: disconnected (username:'', code=1)

yes, I've checked the pwd is correct in ninjam.
Is there a character format issue with locales or something weird going on here?
I don't see how, as the same process works fine with shoutcast server config and login using BUTT as the broadcast client.

ty

[2010/06/08 02:35:53] Opened log. NINJAM Server v0.06 built on Jul 7 2010 at 15:17:31
[2010/06/08 02:35:53] Server starting up...
[2010/06/08 02:35:53] Port: 2030
[2010/06/08 02:35:53] Using defaults 120 BPM 8 BPI
[2010/06/08 02:36:05] Incoming connection from 118.152.44.97!
[2010/06/08 02:36:07] got login request for 'boogie'
[2010/06/08 02:36:07] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 02:36:07] 118.152.44.97: disconnected (username:'', code=1)
[2010/06/08 02:37:15] Opened log. NINJAM Server v0.06 built on Jul 7 2010 at 15:17:31
[2010/06/08 02:37:15] Server starting up...
[2010/06/08 02:37:15] Port: 2030
[2010/06/08 02:37:15] Using defaults 120 BPM 8 BPI
[2010/06/08 02:37:21] Incoming connection from 118.152.44.97!
[2010/06/08 02:37:23] got anonymous request (denying)
[2010/06/08 02:37:23] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 02:37:23] 118.152.44.97: disconnected (username:'', code=1)
[2010/06/08 02:52:52] Opened log. NINJAM Server v0.06 built on Jul 7 2010 at 15:17:31
[2010/06/08 02:52:52] Server starting up...
[2010/06/08 02:52:52] Port: 2030
[2010/06/08 02:52:52] Using defaults 120 BPM 8 BPI
[2010/06/08 02:53:02] Incoming connection from 118.152.44.97!
[2010/06/08 02:53:02] got login request for 'admin'
[2010/06/08 02:53:02] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 02:53:02] 118.152.44.97: disconnected (username:'', code=1)
[2010/06/08 03:06:12] Opened log. NINJAM Server v0.06 built on Jul 7 2010 at 15:17:31
[2010/06/08 03:06:12] Server starting up...
[2010/06/08 03:06:12] Port: 2030
[2010/06/08 03:06:12] Using defaults 120 BPM 8 BPI
[2010/06/08 03:06:31] Incoming connection from 118.152.44.97!
[2010/06/08 03:06:31] got login request for 'admin'
[2010/06/08 03:06:31] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 03:06:31] 118.152.44.97: disconnected (username:'', code=1)
[2010/06/08 03:06:38] Incoming connection from 118.152.44.97!
[2010/06/08 03:06:38] got login request for 'admin'
[2010/06/08 03:06:38] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 03:06:38] 118.152.44.97: disconnected (username:'', code=1)
[2010/06/08 03:06:49] Incoming connection from 118.152.44.97!
[2010/06/08 03:06:50] got login request for 'admin'
[2010/06/08 03:06:50] 118.152.44.97: Refusing user, invalid login/password
[2010/06/08 03:06:50] 118.152.44.97: disconnected (username:'', code=1)

sv1:/usr/local/ninjam/ninjam/server# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:56489
ACCEPT tcp -- anywhere anywhere tcp dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8001 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:nfs state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2030 state NEW
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Last edited by Komuso; 07-07-2010 at 08:21 PM.
Komuso is offline   Reply With Quote
Old 07-07-2010, 11:20 PM   #5
pljones
Human being with feelings
 
pljones's Avatar
 
Join Date: Aug 2007
Location: London, UK
Posts: 598
Default

Good that you got port 2030 working; weird that the same setup on 2049 doesn't. Not sure on the password thing - but can you log in with anonymous ticked, even, or is it just refusing everything?
__________________
Quote:
Originally Posted by Tony Williams
...Playing fast around the drums is one thing. But to play with people for others, to listen to, that's something else. That's a whole other world.
pljones is offline   Reply With Quote
Old 07-08-2010, 12:11 AM   #6
Komuso
Human being with feelings
 
Join Date: Jan 2007
Posts: 60
Default

Quote:
Originally Posted by pljones View Post
Good that you got port 2030 working; weird that the same setup on 2049 doesn't. Not sure on the password thing - but can you log in with anonymous ticked, even, or is it just refusing everything?
Anon works, with different users as seen below.
It's just not accepting the password.
Is there some build option I missed or something?
This is really weird, it accepts plain text but the password field seems screwed up.


sv1 /usr/local/ninjam/ninjam/server: NINJAM Server v0.06 built on Jul 7 2010 at 15:17:31 starting up...
Copyright (C) 2005-2007, Cockos, Inc.
Error opening log file 'ninjamserver.log'
Server starting up...
Port: 2030
Using defaults 120 BPM 4 BPI
Incoming connection from 118.152.44.97!
got login request for 'admin'
118.152.44.97: Refusing user, invalid login/password
118.152.44.97: disconnected (username:'', code=1)
Incoming connection from 118.152.44.97!
got anonymous request (allowing)
118.152.44.97: Accepted user: admin@118.152.44.x
118.152.44.97: disconnected (username:'admin@118.152.44.x', code=1)
Incoming connection from 118.152.44.97!
got anonymous request (allowing)
118.152.44.97: Accepted user: boogie@118.152.44.x
118.152.44.97: disconnected (username:'boogie@118.152.44.x', code=1)
Komuso is offline   Reply With Quote
Old 07-08-2010, 10:37 AM   #7
pljones
Human being with feelings
 
pljones's Avatar
 
Join Date: Aug 2007
Location: London, UK
Posts: 598
Default

Hmm... maybe the password in the config file is the SHA of the value you want, rather than plain text?
__________________
Quote:
Originally Posted by Tony Williams
...Playing fast around the drums is one thing. But to play with people for others, to listen to, that's something else. That's a whole other world.
pljones is offline   Reply With Quote
Old 07-08-2010, 03:51 PM   #8
Komuso
Human being with feelings
 
Join Date: Jan 2007
Posts: 60
Default

Quote:
Originally Posted by pljones View Post
Hmm... maybe the password in the config file is the SHA of the value you want, rather than plain text?
Afaik pwd is in config file in plain text. It worked fine on Amazon EC2 that way.
Komuso is offline   Reply With Quote
Old 07-09-2010, 12:27 AM   #9
pljones
Human being with feelings
 
pljones's Avatar
 
Join Date: Aug 2007
Location: London, UK
Posts: 598
Default

Good point!

So... The firewall/iptables config allows connections, just not on 2049. And the server allows anonymous connections, just not passworded ones.

But it was working on EC2... That's just weird...
__________________
Quote:
Originally Posted by Tony Williams
...Playing fast around the drums is one thing. But to play with people for others, to listen to, that's something else. That's a whole other world.
pljones is offline   Reply With Quote
Old 07-26-2010, 06:48 AM   #10
seven
Human being with feelings
 
Join Date: Jul 2010
Posts: 14
Default

Hello.
After all how you have solved the disconnections about incorrect login error?

thanks in advance.
seven is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 09:34 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.