From e0e9f4979f838b8d3fe53096d009dbe5b970ccb1 Mon Sep 17 00:00:00 2001 From: dhruv Date: Mon, 17 Nov 2025 03:39:12 +0530 Subject: [PATCH] Opened all required ports in ufw Firewall + idempotent reload Opened all required ports in ufw and validated with nginx -t + reload (no downtime). Split-DNS for local reachability Updated /etc/hosts so id/relay/github.generalinfinity.cloud resolve to the proxy IP on that box, ensuring clients hit the proxy internally. --- 4th_Opened all required ports in ufw | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 4th_Opened all required ports in ufw diff --git a/4th_Opened all required ports in ufw b/4th_Opened all required ports in ufw new file mode 100644 index 0000000..ac5ec2e --- /dev/null +++ b/4th_Opened all required ports in ufw @@ -0,0 +1,28 @@ +# 1) Write combined RustDesk L4 proxies +sudo tee /etc/nginx/streams-enabled/rustdesk.conf >/dev/null <<'EOF' +# --- hbbs (ID) defaults --- +server { listen 21115; proxy_pass 192.168.1.202:21115; proxy_timeout 10m; } +server { listen 21116; proxy_pass 192.168.1.202:21116; proxy_timeout 10m; } +server { listen 21116 udp reuseport; proxy_pass 192.168.1.202:21116; proxy_timeout 10m; } + +# --- hbbr (relay) default --- +server { listen 21117; proxy_pass 192.168.1.202:21117; proxy_timeout 10m; } + +# --- your custom extras (keep if you use them) --- +server { listen 21118; proxy_pass 192.168.1.202:21118; proxy_timeout 10m; } +server { listen 21119; proxy_pass 192.168.1.202:21119; proxy_timeout 10m; } +EOF + +# 2) Open firewall for all needed ports +sudo ufw allow 21115/tcp 21116/tcp 21116/udp 21117/tcp 21118/tcp 21119/tcp + +# 3) Reload nginx +sudo nginx -t && sudo systemctl reload nginx + +# 4) Verify listeners on THIS box (should list all ports above) +sudo ss -tulpen | grep -E ':(21115|21116|21117|21118|21119)\b' || echo "no listeners" + +# 5) Quick path checks from proxy -> backend +nc -vz 192.168.1.202 21116 || true +nc -vz 192.168.1.202 21117 || true +nc -uvz 192.168.1.202 21116 || true