To test a Redis Server I set up, I installed Linux Mint on VirtualBox. The Linux system is connected to the local network through a Bridged Adapter. I installed the Redis Server on the Linux machine, but now I want to access it from a Windows computer that serves as the host.
The Redis Server is currently operating on port 6379 on the Linux machine, so I need to make it visible to the Windows computer.
$ netstat -nlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
From the Windows machine I do
C:\Users\myUser>nmap 10.14.30.51
Starting Nmap 7.70 ( https://nmap.org )
Nmap scan report for 10.14.30.51
Host is up (0.00s latency).
All 1000 scanned ports on 10.14.30.51 are closed
MAC Address: 08:00:27:98:94:49 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
but when I do the specific port it says:
C:\Users\my-user>nmap -p 6379 10.14.30.51
...
Nmap scan report for 10.14.30.51 Host is up (0.0010s latency).
PORT STATE SERVICE
6379/tcp filtered redis
MAC Address: 08:00:27:98:94:49 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.80 seconds
Now
$ netstat -nlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
The connection log I have
10.14.30.51:6379,abortConnect=False
Connecting 10.14.30.51:6379/Interactive...
BeginConnect: 10.14.30.51:6379
1 unique nodes specified
Requesting tie-break from 10.14.30.51:6379 > __Booksleeve_TieBreak...
Allowing endpoints 00:00:05 to respond...
Awaiting task completion, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=1,Free=8190,Min=4,Max=8191)
Not all tasks completed cleanly (from ReconfigureAsync#1524, timeout 5000ms), IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=4,Free=8187,Min=4,Max=8191)
10.14.30.51:6379 did not respond
Waiting for tiebreakers...
Awaiting task completion, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=4,Free=8187,Min=4,Max=8191)
connection failed: 10.14.30.51:6379 (Subscription, UnableToConnect): UnableToConnect on 10.14.30.51:6379/Subscription, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 5s ago, last-write: 5s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.0.601.3402
connection failed: 10.14.30.51:6379 (Interactive, UnableToConnect): UnableToConnect on 10.14.30.51:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 5s ago, last-write: 5s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.0.601.3402
Finished awaiting tasks, IOCP: (Busy=2,Free=998,Min=4,Max=1000), WORKER: (Busy=3,Free=8188,Min=4,Max=8191)
10.14.30.51:6379 failed to nominate (Faulted)
> UnableToConnect on 10.14.30.51:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 5s ago, last-write: 5s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.0.601.3402
No masters detected
10.14.30.51:6379: Standalone v2.0.0, master; keep-alive: 00:01:00; int: Connecting; sub: Connecting; not in use: DidNotRespond
10.14.30.51:6379: int ops=0, qu=0, qs=0, qc=0, wr=0, socks=2; sub ops=0, qu=0, qs=0, qc=0, wr=0, socks=2
Circular op-count snapshot; int: 0 (0,00 ops/s; spans 10s); sub: 0 (0,00 ops/s; spans 10s)
Sync timeouts: 0; async timeouts: 0; fire and forget: 0; last heartbeat: -1s ago
resetting failing connections to retry...
retrying; attempts left: 2...
1 unique nodes specified
Requesting tie-break from 10.14.30.51:6379 > __Booksleeve_TieBreak...
Allowing endpoints 00:00:05 to respond...
Awaiting task completion, IOCP: (Busy=2,Free=998,Min=4,Max=1000), WORKER: (Busy=2,Free=8189,Min=4,Max=8191)
Finished awaiting tasks, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=3,Free=8188,Min=4,Max=8191)
10.14.30.51:6379 faulted: UnableToConnect on 10.14.30.51:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.0.601.3402
Waiting for tiebreakers...
All tasks are already complete
10.14.30.51:6379 failed to nominate (Faulted)
> UnableToConnect on 10.14.30.51:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.0.601.3402
No masters detected
10.14.30.51:6379: Standalone v2.0.0, master; keep-alive: 00:01:00; int: Disconnected; sub: Disconnected; not in use: DidNotRespond
10.14.30.51:6379: int ops=0, qu=0, qs=0, qc=0, wr=0, socks=2; sub ops=0, qu=0, qs=0, qc=0, wr=0, socks=2
Circular op-count snapshot; int: 0 (0,00 ops/s; spans 10s); sub: 0 (0,00 ops/s; spans 10s)
Sync timeouts: 0; async timeouts: 0; fire and forget: 0; last heartbeat: -1s ago
resetting failing connections to retry...
retrying; attempts left: 1...
1 unique nodes specified
Requesting tie-break from 10.14.30.51:6379 > __Booksleeve_TieBreak...
Allowing endpoints 00:00:05 to respond...
Awaiting task completion, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=2,Free=8189,Min=4,Max=8191)
Not all tasks completed cleanly (from ReconfigureAsync#1524, timeout 5000ms), IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=4,Free=8187,Min=4,Max=8191)
10.14.30.51:6379 did not respond
Waiting for tiebreakers...
Awaiting task completion, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=5,Free=8186,Min=4,Max=8191)
Finished awaiting tasks, IOCP: (Busy=0,Free=1000,Min=4,Max=1000), WORKER: (Busy=3,Free=8188,Min=4,Max=8191)
10.14.30.51:6379 failed to nominate (Faulted)
> UnableToConnect on 10.14.30.51:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 5s ago, last-write: 5s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 5s ago, v: 2.0.601.3402
No masters detected
10.14.30.51:6379: Standalone v2.0.0, master; keep-alive: 00:01:00; int: Disconnected; sub: Disconnected; not in use: DidNotRespond
10.14.30.51:6379: int ops=0, qu=0, qs=0, qc=0, wr=0, socks=3; sub ops=0, qu=0, qs=0, qc=0, wr=0, socks=3
Circular op-count snapshot; int: 0 (0,00 ops/s; spans 10s); sub: 0 (0,00 ops/s; spans 10s)
Sync timeouts: 0; async timeouts: 0; fire and forget: 0; last heartbeat: -1s ago
Starting heartbeat...
My redis.conf
file (only what is uncommented)
protected-mode yes
port 6379
tcp-backlog 511
tcp-keepalive 300
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile ""
databases 16
always-show-logo yes
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir ./
################################# REPLICATION #################################
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
replica-priority 100
################################## SECURITY ###################################
requirepass redisdis
############################# LAZY FREEING ####################################
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
############################## APPEND ONLY MODE ###############################
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
################################ LUA SCRIPTING ###############################
lua-time-limit 5000
################################## SLOW LOG ###################################
slowlog-max-len 128
################################ LATENCY MONITOR ##############################
latency-monitor-threshold 0
############################# EVENT NOTIFICATION ##############################
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
2 Answers
Introduction
Redis is an open-source, in-memory data structure store that is often used as a database, cache, and message broker. It is designed to be fast, scalable, and reliable. Redis is widely used by developers and companies for various purposes. However, to use Redis, you need to open a port for the Redis server on your system. In this blog post, we will discuss how to open a port for the Redis server on Linux Mint (VirtualBox guest).
Checking the Redis Server Port
Before we proceed with opening the port for the Redis server, we need to check the port number that Redis is using. To do this, we will use the netstat command in the terminal. Open the terminal on your Linux Mint virtual machine and enter the following command:
$ netstat -nlt
This command will display a list of all the active internet connections on your system. Look for the line that starts with “tcp” and has the local address 127.0.0.1:6379. This line indicates that the Redis server is running on port number 6379 on your system.
Opening the Port for Redis Server
To open the port for the Redis server, we will use the ufw (Uncomplicated Firewall) tool. Ufw is a front-end for iptables and provides an easy-to-use interface for managing firewall rules. To install ufw, enter the following command in the terminal:
$ sudo apt-get install ufw
Once ufw is installed, we can add a rule to allow incoming traffic on port 6379. To do this, enter the following command in the terminal:
$ sudo ufw allow 6379
This command will allow incoming traffic on port 6379. You can verify that the rule has been added by entering the following command:
$ sudo ufw status
This command will display the current status of the firewall and show that port 6379 is now allowed.
Testing the Redis Server Port
Now that we have opened the port for the Redis server, we can test it from a Windows machine. Open the command prompt on your Windows machine and enter the following command:
C:Usersmy-user>nmap -p 6379 10.14.30.51
Replace “10.14.30.51” with the IP address of your Linux Mint virtual machine. This command will scan port 6379 on the specified IP address. If the port is open, you will see the following output:
PORT STATE SERVICE
6379/tcp open redis
If the port is closed, you will see the following output:
PORT STATE SERVICE
6379/tcp filtered redis
If you see the “filtered” state, it means that the port is blocked by a firewall.
Additional Security Measures
Opening a port for the Redis server can make your system vulnerable to attacks. To prevent unauthorized access to your system, you should take additional security measures. One way to do this is to enable password authentication for the Redis server. To enable password authentication, you need to edit the Redis configuration file. Open the configuration file using the following command:
$ sudo nano /etc/redis/redis.conf
Find the line that starts with “requirepass” and uncomment it by removing the “#” symbol at the beginning of the line. Replace “yourpassword” with a strong password of your choice. Save the file and exit the editor.
Restart the Redis server using the following command:
$ sudo systemctl restart redis
Now, when you try to access the Redis server from a remote machine, you will be prompted to enter the password.
Conclusion
Opening a port for the Redis server on Linux Mint (VirtualBox guest) is a simple process that can be done using the ufw tool. However, you should take additional security measures to prevent unauthorized access to your system. Enabling password authentication for the Redis server is one way to enhance the security of your system. By following the steps outlined in this blog post, you can open a port for the Redis server and secure your system from potential attacks.
The “Local Address” column indicates that your Redis server is only able to receive connections from “localhost” addresses (namely, 127.0.0.1 and [::1]). However, you are attempting to connect to the IP address 10.14.30.51, which is not configured to accept connections.
This is a security measure implemented by Redis, which is not intended for network use and does not require a password by default. Instead, it prioritizes network-level protection (such as the listen address and firewall rules) to prevent other hosts from connecting to the service. This is because allowing such connections would make Redis installations vulnerable to becoming DDoS attack targets, as has happened in the past with Memcached.
To enable network access to Redis, you should follow the instructions in the previously linked article. Essentially, you need to:
1. Ensure that the Linux system hosting Redis is not reachable from the Internet on the Redis port. This can usually be accomplished using a firewall on your home router.
2. Enable Redis password authentication using the “requirepass” option in the “redis.conf” configuration file.
3. Remove any “bind” configuration options in the “redis.conf” file that restrict Redis to listening on specific addresses only (such as “bind 127.0.0.1” or “bind ::1”). After making this change, the “netstat” command should report that Redis is listening on the “all-zero” addresses 0.0.0.0 and [::].