Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Web is not accessible from remote computers

KSluchanko
Engager
‎02-09-2020 08:12 AM

Hello,

I have Splunk 8.0.1 installed on Ububntu 18.04.4 LTS. I can connect to port 8000 from the same server with any URL (localhost, 127.0.0.1, server name, server IP address). I can see login page if I use SSH tunneling connecting from remote host with redirect to localhost:8000. But I cannot connect from remote host entering any valid URL to browser - connection times out.

I have no firewall on my server. I have all Splunk services running and all services ports listening. I can see incoming packets with tcpdump - but no replies. I can connect to other services (SSH and Apache, for example) on my server.

There are no errors in log files - and no events for incoming connections in web_access.log.

What else have I to check?

Best regards,
Cyril

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-09-2020 12:53 PM

Allow the traffic in your firewall, e.g. iptables. Keep in mind that tcpdump is in front of iptables, so it will see traffic even if iptables drops it.

View solution in original post

Reply
Solved! Jump to solution

KSluchanko
Engager
‎02-09-2020 07:49 PM

Hi Martin,

There are no any firewall in effect on the server, as I mentioned above. This is not a point.

Best regards,
Cyril

UPDATE: Well, I was completely wrong. After some additional investigations I found that negative output of "systemctl status iptables" and "service status iptables" on this server means nothing. Thanks to the guy that have installed and tuned it this way. Resetting default policy to ACCEPT done the thing. Thanks, Martin.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-11-2020 01:33 AM

A default policy of accept may be undesirable in most environments.

0 Karma
Reply
Solved! Jump to solution

KSluchanko
Engager
‎02-11-2020 04:21 AM

This server is quick solution for temporary use in isolated environment - so it does not matter much. Then it will be reinstalled.

0 Karma
Reply
Solved! Jump to solution

rvany
Communicator
‎02-11-2020 01:29 AM

Just an add-on:
What kind of system do you have? E.g. RedHat currently uses firewalld by default - so you won't find any iptables-service. Maybe "the guy that have installed [...] this" is not that bad 😉

0 Karma
Reply
Solved! Jump to solution

KSluchanko
Engager
‎02-11-2020 04:19 AM

Look at initial post. It's Ubuntu 18.04, upgraded from 16.04. It uses ufw by default (and, of course, I've checked 'ufw status' output), and I've tried other options like 'firewall-cmd --state'. So I still think that such kind of 'stealth' firewall configuration is not the best way to operate.

0 Karma
Reply
Solved! Jump to solution

rvany
Communicator
‎02-11-2020 04:44 AM

Yes, right, I read that Ubuntu 18.04 - and then immediately forgot it - my bad 😉

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-09-2020 12:53 PM

Allow the traffic in your firewall, e.g. iptables. Keep in mind that tcpdump is in front of iptables, so it will see traffic even if iptables drops it.

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...