Opening port 19132 on an Oracle compute instance (ubuntu-20.04)

问题

I've created an Oracle Cloud infrastructure compute instance running Ubuntu 20.04. I am trying to open port 19132.

As per another question I found Opening port 80 on Oracle Cloud Infrastructure Compute node

I've created a public subnet which has an internet gateway and added ingress rules for port 19132 (in the security lists)

netstat looks good

   netstat -tulpn

    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    udp        0      0 0.0.0.0:19132           0.0.0.0:*                           1007/./bedrock_serv

I installed ufw and added rules to allow 19132 but I still can't connect to it from the outside world. Can anyone point out where I am going wrong?

回答1:

Looks like you need to have a Public IP configured on that VM for it to be reachable from the internet.

Please look at https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm

For an instance to communicate directly with the internet, all of the following are required:

The instance must be in a public subnet. The instance must have a public IP address. The instance's VCN must have an internet gateway. The public subnet must have route tables and security lists configured accordingly.

回答2:

You haven't mentioned anything about the route table. If missing add to it a route with destination=0.0.0.0/0 and target=the Internet Gateway.

回答3:

Two questions come to mind:

1. You have specified two rules, one for TCP and one for UDP. Your netstat shows that something is listening for UDP traffic. Is there also something listening on TCP or are you using UDP only for the test?
2. Can you tell us anything about the traffic characteristics on this port? I'm asking because if it is UDP traffic the only way for connection tracking to work is to track the source/dest IP and port. Since the port will not be present in fragments, the traffic will be dropped. This could be happening on the ingress or egress side. To verify, you could create test ingress/egress rules for all UDP traffic to/from your test IP.

Since your ingress rules are stateful, the egress rules shouldn't matter but it wouldn't hurt to double check them. If none of these things work, you might try a tool like echoping to get more insight into whether or not the traffic is having trouble on the ingress or egress side.

回答4:

Please check the order of your IPtables rules. Could you post the following command's output for Input chain.

sudo iptables -S INPUT

I have seen Iptables rules as the single prominent reason for these issues.

Regards Muthu

回答5:

I think you have to allow user or add user who can connect like this:

create user 'user'@'publicIP' identified by 'password';
grant all privileges on *.* to 'user'@'publicIP' with grant option;
flush privileges;

Here publicIP can be '0.0.0.0' or your system IP address.

Don't use '0.0.0.0' as it is open to all, I have faced various breaches on my GCP machine which leads to account block.

回答6:

This been an issue for me as well on the Oracle cloud.

First, you need to install firewalld

sudo apt install firewalld

Then open

sudo firewall-cmd --zone=public --permanent --add-port=19132/tcp

Finally, reload firewall cmd

sudo firewall-cmd --reload

来源：https://stackoverflow.com/questions/62778867/opening-port-19132-on-an-oracle-compute-instance-ubuntu-20-04