In this article I am going to demonstrate how to restrict incoming connections to specific port in Ubuntu Linux. Then we will see how to check the logs on the server side for rejected client connection attempts and how to troubleshoot this issue from clients perspective by analysing TCP packets.
By the end you should be more familiar with UFW(Uncomplicated Firewall), lsof, tcpdump and TCP Three-way handshake analysis, Wireshark, nc, rsyslog, telnet, vagrant.
The Article assumes you have VirtualBox and vagrant installed, if you haven’t google it, it is very easy to setup.
First thing first, you will need to setup 2 VMs, alternatively you can use the host as the client, given you can
use tcpdump on it:
cat Vagrantfile
Vagrant.configure(2) do |config|
config.vm.synced_folder ".", "/vagrant"
config.vm.define "sensu" do |m|
m.vm.box = "ubuntu/trusty64"
m.vm.hostname = "sensu"
m.vm.network "private_network", ip: "192.168.2.212"
m.vm.provider "virtualbox" do |v|
v.memory = 1024
end
end
config.vm.define "sensuclient" do |m|
m.vm.box = "ubuntu/trusty64"
m.vm.hostname = "sensuclient"
m.vm.network "private_network", ip: "192.168.2.213"
m.vm.provider "virtualbox" do |v|
v.memory = 512
end
end
end %
I have two servers now, sensu will be the server side and sensuclient will be the one connecting to sensu server.
I now have got two VMs, lets start them and then connect to server first: