WebUI external access

Hi Nerd,

If you want to make it all a little bit more hard on your self, yes you can use the command line to configure IPTables. However, you can also use the GUI, by going to your httpS://:12321
Once logged in to the webmin interface, click in the topbar on: “Networking” and then select “Linux Firewall”.

From there, you can add new rules easily.
To make things easy, only select TCP as your protocol and select the destination port on your server you want to open.
Once, that is working, you can create another rule to block access to this TCP port on your LAN, if you require this.

I just created a video on youtube, which might help you.

In routers normally source is external and destination is internal. I guess it might help to look at it as the source of the request being made (external) should be routed to this destination (internal).
Now, it’s not enough to change a port, the program (MineOS webui) has to be told to use the new port (like you did to change it earlier).
Like in a car, the firewall separates you (your internal network) from the engine (external network aka Internet), to pass a cable through (program) you need a hole (port) in your firewall, then you take the stereo battery cable (mineos webui) and feed it through, you route the battery cable through to the battery (router), thus the source (battery/Internet user) is connected to the destination (radio/mineos).

How’s that analogy?

I’m sorry, @ElPres, I tried really hard to understand your analogy, but it’s too many words, or maybe the wrong setting.

So, I went to the webmin and made a rule:

and applied it, in exactly the fashion shown in @Niels_Hanssen’s video.

Using the neighbor’s wifi, I checked to see if it was working, but realized my port forwarding was backwards, forwarding :8080 traffic to :10000, when it should have been forwarding :10000 traffic to :8080. That’s fixed.

It appeared that my laptop must have connected, and made one way contact. I got this back from Firefox:

The connection/“webpage loading” blue circle on the tab connecting to my server (you know that little thing that spins when you’re trying to connect to a webpage) was no longer spinning in a counterclockwise grey color, but in a clockwise blue color, like it does when it loads a webpage or is gonna display something new on your screen. It only loaded that error page, sadly.

Could it be that my… everything is configured correctly, and other people’s routers are not set to accept traffic from my server, creating the “too long to respond” error?

It probably isn’t that, but hey, we haven’t examined that possibility yet… right?
-The Nerd Herd

EDIT: This is my current IPtables configuration:

IPtables page built into webmin:

Output from iptables --list in webmin Command Shell

(the image uploader gave me guff; linked to my Google Sites page)

…it doesn’t look like it’s allowed through the firewall at all, does it?
This is driving me crazy!

edit: Google Sites hates me and just wants you to click on the ghost image whatever and “download it” which just opens it in a new tab.

Alright, so I’m thinking the most likely cause–based on your correct iptables config is that your inbound attempts to connect to the web-ui are being blocked by your isp. 80 is a known webhosting port that ISPs often block, and 8080 might also be on their list.

This does not mean you should need to change your port on your server, but rather you just need to commit to using a different port from external.

So hopefully this is easy to describe as one of two options:

1. you change the the port hosting the service and you change the firewall. As you’ve experienced before, this is pretty burdensome for somebody new to linux.
2. you use and remember two separate ports for complete functionality. When you’re on your own network, you use :8080, because that’s what your service is listening on and all 8080 traffic is unaffected by the firewall. When you’re on your neighbors or any external network, you connect at :10000.

If you’re interested in option #2, here’s what you need to do:

• From your home network, verify you can get to the webui with https://ipaddress:8080.
• Once this is verified, we just need to work with the port forwarding–nothing else. No linux config, no webmin, no iptables. From your router, you accept inbound TCP @ 10000 and port forward it to destination TCP 8080.

That should be it.

that was the change I made last time

(not actually crying btw)

also this: (curse you image uploader)

Interested in option #2 by the way.

I did a scan on all the ports in your screenshot and used an external scan. I did not get any replies excep for a ping reply.
I’m thinking you are running an extra firewall.

The IP address 192.168.1.148
Where did you get it from?

Can you connect to this IP adres from your host computer?
Assuming that 192.168.1.148 is the IP adres from your virtual or physical server?

That was my internal address. I haven’t given out my external address yet. I’ll only PM it to you.
My server is very physical, and I can connect to it from a laptop on the same network as it.
The server’s internal IP is 192.168.1.148, and the router is set to hand that IP address out only to the MAC address associated with my server’s Ethernet port.

Ok, if you like.

I’m available right now.
You can send me your external IP and i can do some more test for you.
It’s up to you

Okay. I will PM you my external IP. I used Dinnerbone’s server status query tool to assess whether my server is available or not and the results came back negative. A port checker told me that my Minecraft port was closed. It’s been working this whole time, but now… good grief.

If he can’t get it give me the details

Open up 22 as well. Make sure you save and apply all your changes

We’re trying to set up a WebEx conference if you want to join us. No audio, but we’ll conference using the in-app chat.

So, no one is talking in the PM, are you guys in webex? hows it going?

For those interrested, a quick update.

The forwarding bit is setup ok.
When we run a MC server on the client it runs just fine. and we can access it from the web.
Once we setup anything on the server it’s not accessible from the web.

It’s not the server. It’s the forwarding. The server works fine internally.

Are you ready to WebEx again, @ElPres?

yep, just finished lunch

…lunch. Not what I was expecting to hear. XD It’s 22:25 here.

Yeah, throw you off a bit. I am in Australia.

I’m connected but I don’t see your screen yet