0

i have a vps on a jelastic hoster to run a node js application with nginx reverese proxy.
that's running smooth without the jelastic firewall.
if i activate the firewall and setting up rules for http and https, the website is blocked. how can i open the firewall, that users can browse my application?

here is a image of my firewall rules my firewall rules

iptables -nvL prints also:

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443

netsta -nlapt prints:


Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      250/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      447/sshd: /usr/sbin
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      6754/nginx: master
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6754/nginx: master
tcp        0      0 185.131.52.12:22        222.186.42.7:50138      ESTABLISHED 16531/sshd: root [p
tcp        0      0 10.101.3.228:33424      10.101.3.160:27017      ESTABLISHED 7030/node /home/loo
tcp        0      0 10.101.3.228:60798      10.101.3.160:27017      ESTABLISHED 6639/node /home/loo
tcp        0      0 10.101.3.228:32988      10.101.3.160:27017      ESTABLISHED 7030/node /home/loo
tcp        0      0 10.101.3.228:32980      10.101.3.160:27017      ESTABLISHED 7030/node /home/loo
tcp        0      0 10.101.3.228:22         10.101.1.120:44842      ESTABLISHED 15298/sshd: root@pt
tcp        0      0 10.101.3.228:32986      10.101.3.160:27017      ESTABLISHED 7030/node /home/loo
tcp        0      0 10.101.3.228:32990      10.101.3.160:27017      ESTABLISHED 7030/node /home/loo
tcp        0      0 10.101.3.228:22         10.101.1.107:33800      ESTABLISHED 16425/sshd: root@pt
tcp        0      0 10.101.3.228:59584      10.101.3.160:27017      ESTABLISHED 6639/node /home/loo
tcp        0      0 10.101.3.228:59578      10.101.3.160:27017      ESTABLISHED 6639/node /home/loo
tcp6       0      0 :::22                   :::*                    LISTEN      447/sshd: /usr/sbin
tcp6       0      0 :::443                  :::*                    LISTEN      6754/nginx: master
tcp6       0      0 :::4000                 :::*                    LISTEN      7030/node /home/loo
tcp6       0      0 :::111                  :::*                    LISTEN      1/init
tcp6       0      0 :::80                   :::*                    LISTEN      6754/nginx: master
tcp6       0      0 :::8080                 :::*                    LISTEN      6639/node /home/loo
Tobias
  • 1,534
  • 11
  • 25
  • Since you're using an Elastic VPS node there are no fixed answers - everything depends on what you've configured. Can you add output from `iptables -nvL` and `netstat -nltap` – Damien - Layershift Sep 03 '21 at 07:05
  • @Damien-Layershift added more infos to question – Tobias Sep 03 '21 at 07:12
  • @Tobias, we can't reproduce the issue on our side. If the question is still relevant for you, please contact your hosting provider for detailed support. – Virtuozzo Sep 03 '21 at 14:11

1 Answers1

0

After getting more information from my hoster, i know the answer.
So i must disable the UFW and must install the CSF Firewall.

Here is the documentation about that:
https://cloudjiffy.com/portal/knowledgebase/324/Ubuntu-with-CSF-Firewall.html

Tobias
  • 1,534
  • 11
  • 25