I’m trying to get shellinabox running but always get a blank page. By enabling log output in both the program and firewalld I can see that the latter is blocking the program. But I don’t understand why.
Program has been started:
# shellinaboxd -u shellinabox -g shellinabox --disable-ssl -s:LOGIN --no-beep --pidfile=/var/run/shellinabox.pid --debug 2>/var/log/shellinabox.log
Program is listening:
# tail -f shellinabox.log
[server] Version 2.20 (revision 4f0ecc3)
[server] Command line: shellinaboxd -u shellinabox -g shellinabox --disable-ssl -s /:LOGIN --no-beep --pidfile=/var/run/shellinabox.pid --debug
[server] Listening on port 4200...
sudo netstat -tlpn | grep shellinabox
tcp 0 0 0.0.0.0:4200 0.0.0.0:* LISTEN 103097/shellinaboxd
Port 4200 has been unblocked:
# firewall-cmd --add-port=4200/tcp
success
# firewall-cmd --reload
success
In desperation I even did:
# firewall-cmd --complete-reload
success
The default zone for the interface is public:
# firewall-cmd --get-default-zone
public
# firewall-cmd --list-interfaces
eth0
After enabling logging for firewall I can see that connections on port 4200 are being blocked:
# tail -f /var/log/firewall
2023-04-08T19:57:35.480663+02:00 leap kernel: [29373.031972][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=00:0c:29:19:fa:3e:00:0c:29:bb:e7:71:08:00 SRC=192.168.10.37 DST=192.168.10.10 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6980 DF PROTO=TCP SPT=51728 DPT=4200 WINDOW=8192 RES=0x00 SYN URGP=0
2023-04-08T19:57:47.491558+02:00 leap kernel: [29385.042666][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=00:0c:29:19:fa:3e:00:0c:29:bb:e7:71:08:00 SRC=192.168.10.37 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=6987 DF PROTO=TCP SPT=51730 DPT=4200 WINDOW=8192 RES=0x00 SYN URGP=0
2023-04-08T19:57:47.741906+02:00 leap kernel: [29385.292935][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=00:0c:29:19:fa:3e:00:0c:29:bb:e7:71:08:00 SRC=192.168.10.37 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=6989 DF PROTO=TCP SPT=51731 DPT=4200 WINDOW=8192 RES=0x00 SYN URGP=0
2023-04-08T19:57:50.491238+02:00 leap kernel: [29388.042300][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=00:0c:29:19:fa:3e:00:0c:29:bb:e7:71:08:00 SRC=192.168.10.37 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=6991 DF PROTO=TCP SPT=51730 DPT=4200 WINDOW=8192 RES=0x00 SYN URGP=0
What should I check now? Any suggestions are appreciated.
Also I don’t understand the output of these commands–I’d expect some rules:
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
# sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination