Error installing the UTMStack Agent: one or more of the requiered ports are closed. Please open ports 9000 and 50051. #599

lacak-sk · 2024-04-02T11:46:31Z

lacak-sk
Apr 2, 2024

Hi *,
I installed UTMStack from ISO image into VirtualBox (bridged network adapter). I can access web interface at 10.0.0.21 (UTMStackServer obtained this IP address from our DHCP server), but when I try install Windows agent on any endpoint (also in same subnet) I get error message in title.
Using PowerShell at endpoint and commands like "Test-NetConnection 10.0.0.21 -Port 9000" I can confirm that ports 9000 and 50051 are closed while ports 443 and 9090 are opened.
Similar issue is reported for example also here #370 and maybe #590 ...

When I type on UTMStackServer: "ss -ltn" it is shown that on ports 9000 and 50051 is "LISTEN" :

  root@UTMStackServer:~# ss -ltn
  State   Recv-Q   Send-Q     Local Address:Port      Peer Address:Port  Process
  LISTEN  0        511              0.0.0.0:443            0.0.0.0:*
  LISTEN  0        128              0.0.0.0:22             0.0.0.0:*
  LISTEN  0        511              0.0.0.0:80             0.0.0.0:*
  LISTEN  0        4096       127.0.0.53%lo:53             0.0.0.0:*
  LISTEN  0        4096                   *:10001                *:*
  LISTEN  0        4096                   *:10000                *:*
  LISTEN  0        128                 [::]:22                [::]:*
  LISTEN  0        4096                   *:50051                *:*
  LISTEN  0        4096                   *:9090                 *:*
  LISTEN  0        4096                   *:9000                 *:*
  LISTEN  0        4096                   *:2377                 *:*
  LISTEN  0        4096                   *:8080                 *:*
  LISTEN  0        4096                   *:7946                 *:*
  LISTEN  0        4096                   *:8000                 *:*

Is there any problem with default installation or with 10.0.0.x address ranges (or internal routing in Ubuntu)?
(in our LAN we use VLANs (1-9, 10, 20, 90) and VM where UTMStackServers runs is in VLAN 4: 10.0.0.16-10.0.0.31)

Answered by lacak-sk

Apr 29, 2024

This is the sequence of steps (for changing IP addresses of docker networks) that solved the problem for me:
(type in terminal on UTMStackServer)

1.) sudo su

2.) docker stack ls (outputs: utmstack 17 services)

3.) docker stack rm utmstack (outputs: "Removing service ..." + "Removing network utmstack_default")

4.) nano /etc/docker/daemon.json with content:
{
"default-address-pools": [
{"base":"172.17.0.0/16","size":16}
]
}

5.) service docker restart
6.) docker info (check "Default Address Pools: Base: 172.17.0.0/16, Size: 16")

7.) nano /etc/netplan/99-vlan.yaml change "addresses" to [172.16.254.33/24]
8.) reboot

9.) sudo su
10.) ip a show (check "docker0": inet 172.17.0.1/16 and "vlan10@en…

View full answer

lacak-sk · 2024-04-04T10:48:21Z

lacak-sk
Apr 4, 2024
Author

Here is output of lsof -nP -i:

COMMAND      PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd        1            root   87u  IPv6  20471      0t0  TCP *:9090 (LISTEN       )
dockerd      924            root   19u  IPv6  23827      0t0  TCP *:7946 (LISTEN       )
dockerd      924            root   20u  IPv6  21488      0t0  TCP *:2377 (LISTEN       )
dockerd      924            root   21u  IPv6  23828      0t0  UDP *:7946
dockerd      924            root   47u  IPv6  58763      0t0  TCP *:9000 (LISTEN       )
dockerd      924            root   73u  IPv6  76996      0t0  TCP *:10001 (LISTEN)
dockerd      924            root  101u  IPv6  28406      0t0  TCP *:8080 (LISTEN)
dockerd      924            root  103u  IPv6  27577      0t0  TCP *:50051 (LISTEN)
dockerd      924            root  127u  IPv6  31577      0t0  TCP *:8000 (LISTEN       )
dockerd      924            root  176u  IPv6  55241      0t0  TCP *:10000 (LISTEN)
systemd-n  10459 systemd-network   21u  IPv4  67204      0t0  UDP 10.0.0.21:68
systemd-r  10465 systemd-resolve   13u  IPv4  66368      0t0  UDP 127.0.0.53:53
systemd-r  10465 systemd-resolve   14u  IPv4  66369      0t0  TCP 127.0.0.53:53        (LISTEN)
sshd       23250            root    3u  IPv4  81579      0t0  TCP *:22 (LISTEN)
sshd       23250            root    4u  IPv6  81581      0t0  TCP *:22 (LISTEN)
nginx      23259            root    6u  IPv4  82191      0t0  TCP *:80 (LISTEN)
nginx      23259            root    7u  IPv4  82192      0t0  TCP *:443 (LISTEN)
nginx      23260        www-data    6u  IPv4  82191      0t0  TCP *:80 (LISTEN)
nginx      23260        www-data    7u  IPv4  82192      0t0  TCP *:443 (LISTEN)
nginx      23260        www-data   15u  IPv4 521131      0t0  TCP 10.0.0.21:443-       >10.0.0.17:13391 (ESTABLISHED)
nginx      23260        www-data   16u  IPv4 529486      0t0  TCP 10.0.0.21:443-       >10.0.0.17:13616 (ESTABLISHED)
nginx      23260        www-data   17u  IPv4 521202      0t0  TCP 10.0.0.21:443-       >10.0.0.17:13406 (ESTABLISHED)
nginx      23261        www-data    6u  IPv4  82191      0t0  TCP *:80 (LISTEN)
nginx      23261        www-data    7u  IPv4  82192      0t0  TCP *:443 (LISTEN)
nginx      23262        www-data    6u  IPv4  82191      0t0  TCP *:80 (LISTEN)
nginx      23262        www-data    7u  IPv4  82192      0t0  TCP *:443 (LISTEN)
nginx      23263        www-data    6u  IPv4  82191      0t0  TCP *:80 (LISTEN)
nginx      23263        www-data    7u  IPv4  82192      0t0  TCP *:443 (LISTEN)
sshd      119726            root    4u  IPv4 539886      0t0  TCP 10.0.0.21:22->       10.0.0.17:13790 (ESTABLISHED)
sshd      119871        utmstack    4u  IPv4 539886      0t0  TCP 10.0.0.21:22->       10.0.0.17:13790 (ESTABLISHED)

and iptables -L :

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-INGRESS  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISH                                                      ED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISH                                                      ED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10001
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:10001 ctstate REL                                                      ATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9000
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:9000 ctstate RELA                                                      TED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:webmin ctstate RE                                                      LATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8000
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:8000 ctstate RELA                                                      TED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:50051
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:50051 ctstate REL                                                      ATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http-alt ctstate                                                       RELATED,ESTABLISHED
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
utmstack@UTMStackServer:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-INGRESS  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10001
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:10001 ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9000
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:9000 ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:webmin ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8000
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:8000 ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:50051
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:50051 ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http-alt ctstate RELATED,ESTABLISHED
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

and nmap -p- 10.0.0.21 (from Ubuntu console):

Not shown: 65524 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
443/tcp   open  https
2377/tcp  open  swarm
7946/tcp  open  unknown
8080/tcp  open  http-proxy
9000/tcp  open  cslistener
9090/tcp  open  zeus-admin
10000/tcp open  snet-sensor-mgmt
10001/tcp open  scp-config
50051/tcp open  unknown

0 replies

lacak-sk · 2024-04-04T11:46:03Z

lacak-sk
Apr 4, 2024
Author

I can confirm findings from #370 that docker uses networks 10.0.0.0/24 (ingress) and 10.0.1.0/24 (utmstack_default)
sudo docker network inspect ingress and sudo docker network inspect utmstack_default

Does that means, that I can not use UTMStack in our network where we use these address ranges? Does is it somewhere documented?
Can somebody from UTMStack core team confirm it (and probably provide workaround)?

0 replies

CT-Pellegrino · 2024-04-05T14:47:58Z

CT-Pellegrino
Apr 5, 2024

Im also having the same issue. Confirmed ports 9000, 50051 and 5044 are open for TCP and UDP on my windows machine and linux, but still receive the same error as above. I was able to install the linux agent on the UTMStack server without issue. I have no weird rules or network setup either.

I have a Windows Server 2019 and Wazuh server running without issue and didnt have to open any ports.

UTMstack server IP is 10.0.0.14, and have all ports open and specific IPs whitelisted as well all using ufw.

The product seems very well done and thorough, but these silly networking issues are a real down fall. It took us hours just to get networking fixed after setting it up on a clean ubuntu image, with the premade iso not working correctly either. :/

0 replies

lacak-sk · 2024-04-29T08:52:42Z

lacak-sk
Apr 29, 2024
Author

This is the sequence of steps (for changing IP addresses of docker networks) that solved the problem for me:
(type in terminal on UTMStackServer)

1.) sudo su

2.) docker stack ls (outputs: utmstack 17 services)

3.) docker stack rm utmstack (outputs: "Removing service ..." + "Removing network utmstack_default")

4.) nano /etc/docker/daemon.json with content:
{
"default-address-pools": [
{"base":"172.17.0.0/16","size":16}
]
}

5.) service docker restart
6.) docker info (check "Default Address Pools: Base: 172.17.0.0/16, Size: 16")

7.) nano /etc/netplan/99-vlan.yaml change "addresses" to [172.16.254.33/24]
8.) reboot

9.) sudo su
10.) ip a show (check "docker0": inet 172.17.0.1/16 and "vlan10@enp0s3": inet 172.16.254.33/24)

11.) docker swarm leave --force (outputs: "Node left the swarm.")
12.) docker swarm init --default-addr-pool 172.16.128.0/17 --advertise-addr 10.0.0.21 (instead of 10.0.0.21 use your IP address of UTMStackServer)
(outputs: docker swarm join --token SWMTKN-1-07sl6qfmb9ril86nlyl92sectk6l6ybx5op47q1qf105wu6vdl-3gzunau6v4bzhx8kedt7980fs 10.0.0.21:2377)
13.) docker info (outputs: " Default Address Pool: 172.16.128.0/17" for "Swarm")

14.) docker network rm ingress
15.) docker network ls (check that the "ingress" network is removed)
16.) docker network create --driver overlay --ingress --subnet=172.16.0.0/17 --gateway=172.16.0.2 --opt com.docker.network.driver.overlay.vxlanid_list=4096 ingress

17.) docker stack deploy -c compose.yml utmstack (outputs: "Creating network utmstack_default" + "Creating service ...")
(wait a few minutes)

1 reply

TYrorare May 2, 2024

Thanks a lot! This resolve my task. But i not change ip in 4 stage

dvc-dm · 2024-05-09T22:08:36Z

dvc-dm
May 9, 2024

I could not get this solution to work. I suspect the issue was related to the network the server was installed on is using vlan id 10. Changing the vlan id from step 7 to something else and re-running through the rest of the steps did not correct the issue. Port 9000 was still not showing as listening when running "ss -ltn".

I performed a clean re-install of ubuntu 24.04 and performed the install using the latest release and following the rest of the official documentation. I used the following to get the latest installer:
wget https://github.com/utmstack/UTMStack/releases/download/v10.4.2-202405091759/installer

I was able to add the Windows agents without any issue with this latest release.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UTMStack

Error installing the UTMStack Agent: one or more of the requiered ports are closed. Please open ports 9000 and 50051. #599

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 5 comments 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

UTMStack

Error installing the UTMStack Agent: one or more of the requiered ports are closed. Please open ports 9000 and 50051. #599

lacak-sk Apr 2, 2024

Replies: 5 comments · 1 reply

lacak-sk Apr 4, 2024 Author

lacak-sk Apr 4, 2024 Author

CT-Pellegrino Apr 5, 2024

lacak-sk Apr 29, 2024 Author

TYrorare May 2, 2024

dvc-dm May 9, 2024

lacak-sk
Apr 2, 2024

Replies: 5 comments 1 reply

lacak-sk
Apr 4, 2024
Author

lacak-sk
Apr 4, 2024
Author

CT-Pellegrino
Apr 5, 2024

lacak-sk
Apr 29, 2024
Author

dvc-dm
May 9, 2024