Hello everyone,
I have a big problem with iptables for kubernetes on the server. Unable to complete curl , curl timeout
curl --verbose http://127.0.0.1:8000
* Trying 127.0.0.1:8000...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.74.0
> Accept: */*
>
Cluster information:
Kubernetes version: 1.27.4
Cloud being used: bare-metal
Installation method: kubeadm 1.27.4
Host OS: debian bullseye 11
CNI and version: weave net v2.8.1
CRI and version: containerd 1.6.21
My yaml files:
postgres.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kong-namespace
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: storage-kong
namespace: kong-namespace
provisioner: kubernetes.io/no-provisioner
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pv
namespace: kong-namespace
labels:
type: local
app: postgres
spec:
storageClassName: storage-kong
capacity:
storage: 4Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/datastore/db-data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: postgres-pv-claim
namespace: kong-namespace
labels:
app: postgres
spec:
storageClassName: storage-kong
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-deploy
namespace: kong-namespace
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
nodeSelector:
kubernetes.io/hostname: gateway
containers:
- name: postgres
image: postgres:latest
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: "kong"
- name: POSTGRES_PASSWORD
value: "**********"
- name: POSTGRES_USER
value: user
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
livenessProbe:
exec:
command:
- 'pg_isready'
failureThreshold: 3
periodSeconds: 60
timeoutSeconds: 60
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "250m"
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: postgres-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: postgres-svc
namespace: kong-namespace
labels:
app: postgres
spec:
ports:
- port: 5432
targetPort: 5432
protocol: TCP
type: ClusterIP
selector:
app: postgres
kong.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kong-namespace
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kong-deploy
namespace: kong-namespace
annotations:
api-dev.espylid.com/team: customendpoints
api-dev-espylid.com.net/environment: Development
spec:
replicas: 1
selector:
matchLabels:
app: kong
template:
metadata:
labels:
app: kong
spec:
nodeSelector:
kubernetes.io/hostname: gateway
containers:
- name: kong
image: kong:latest
imagePullPolicy: "IfNotPresent"
securityContext:
runAsNonRoot: false
runAsUser: 0
readOnlyRootFilesystem: false
env:
- name: KONG_ADMIN_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_ADMIN_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_LISTEN
value: "0.0.0.0:8001, 0.0.0.0:8444 ssl"
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_DATABASE
value: kong
- name: KONG_PG_HOST
value: postgres-svc
- name: KONG_PG_PORT
value: "5432"
- name: KONG_PG_PASSWORD
value: "**********"
- name: KONG_PG_USER
value: user
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
ports:
- containerPort: 8000
name: gateway
- containerPort: 8001
name: kongadmin
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "250m"
initContainers:
- name: kong-migrations
image: kong:latest
imagePullPolicy: "IfNotPresent"
command: ['kong', 'migrations', 'bootstrap']
env:
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_DATABASE
value: kong
- name: KONG_PG_HOST
value: postgres-svc
- name: KONG_PG_PORT
value: "5432"
- name: KONG_PG_USER
value: user
- name: KONG_PG_PASSWORD
value: "**********"
- name: KONG_PASSWORD
value: "**********"
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "256Mi"
cpu: "250m"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kong
name: kong-svc
namespace: kong-namespace
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8000
type: ClusterIP
selector:
app: kong
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kong
name: kongadmin-svc
namespace: kong-namespace
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8001
type: ClusterIP
selector:
app: kong
Additional Information:
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kong-namespace kong-deploy-57c5c5cdd6-m7bvd 1/1 Running 0 46h
kong-namespace konga-deploy-57dcd576f4-9tgj5 1/1 Running 0 46h
kong-namespace postgres-deploy-74cd4d7f9f-bjnlz 1/1 Running 1 (46h ago) 46h
kube-system coredns-5d78c9869d-jf8n7 1/1 Running 118 (5d3h ago) 6d1h
kube-system coredns-5d78c9869d-smkx7 1/1 Running 119 (5d3h ago) 6d1h
kube-system etcd-gateway 1/1 Running 375 (5d3h ago) 6d1h
kube-system kube-apiserver-gateway 1/1 Running 382 (5d3h ago) 6d1h
kube-system kube-controller-manager-gateway 1/1 Running 400 (5d3h ago) 6d1h
kube-system kube-proxy-px5vr 1/1 Running 240 (5d3h ago) 6d1h
kube-system kube-scheduler-gateway 1/1 Running 397 (5d3h ago) 6d1h
kube-system weave-net-zxt7d 2/2 Running 492 (5d3h ago) 6d1h
kubectl get svc -n kong-namespace
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-svc ClusterIP 10.110.140.161 <none> 80/TCP 2d5h
konga-svc ClusterIP 10.111.24.100 <none> 80/TCP 2d5h
kongadmin-svc ClusterIP 10.101.49.155 <none> 80/TCP 2d5h
postgres-svc ClusterIP 10.103.87.31 <none> 5432/TCP 6d1h
kubectl -n kong-namespace describe svc kong-svc
Name: kong-svc
Namespace: kong-namespace
Labels: app=kong
Annotations: <none>
Selector: app=kong
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.110.140.161
IPs: 10.110.140.161
Port: <unset> 80/TCP
TargetPort: 8000/TCP
Endpoints: 10.32.0.7:8000
Session Affinity: None
Events: <none>
kubectl -n kong-namespace port-forward service/kong-svc 8000:80
Forwarding from 127.0.0.1:8000 -> 8000
Forwarding from [::1]:8000 -> 8000
netstat -plnt
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:34585 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 1592645/kubectl
tcp 0 0 127.0.0.1:6784 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 212.83.170.83:2379 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN -
tcp 0 0 212.83.170.83:2380 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:2381 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::6781 :::* LISTEN -
tcp6 0 0 :::6782 :::* LISTEN -
tcp6 0 0 :::6783 :::* LISTEN -
tcp6 0 0 ::1:8000 :::* LISTEN 1592645/kubectl
tcp6 0 0 :::10250 :::* LISTEN -
tcp6 0 0 :::6443 :::* LISTEN -
tcp6 0 0 ::1:6379 :::* LISTEN -
tcp6 0 0 :::10256 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
sudo ufw status
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
179/tcp ALLOW Anywhere
4789/tcp ALLOW Anywhere
5473/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
6443/tcp ALLOW Anywhere
2379/tcp ALLOW Anywhere
4149/tcp ALLOW Anywhere
10250/tcp ALLOW Anywhere
10255/tcp ALLOW Anywhere
10256/tcp ALLOW Anywhere
9099/tcp ALLOW Anywhere
10248/tcp ALLOW Anywhere
2380/tcp ALLOW Anywhere
10259/tcp ALLOW Anywhere
10257/tcp ALLOW Anywhere
2381/tcp ALLOW Anywhere
10249/tcp ALLOW Anywhere
6443/udp ALLOW Anywhere
8000/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
179/tcp (v6) ALLOW Anywhere (v6)
4789/tcp (v6) ALLOW Anywhere (v6)
5473/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
6443/tcp (v6) ALLOW Anywhere (v6)
2379/tcp (v6) ALLOW Anywhere (v6)
4149/tcp (v6) ALLOW Anywhere (v6)
10250/tcp (v6) ALLOW Anywhere (v6)
10255/tcp (v6) ALLOW Anywhere (v6)
10256/tcp (v6) ALLOW Anywhere (v6)
9099/tcp (v6) ALLOW Anywhere (v6)
10248/tcp (v6) ALLOW Anywhere (v6)
2380/tcp (v6) ALLOW Anywhere (v6)
10259/tcp (v6) ALLOW Anywhere (v6)
10257/tcp (v6) ALLOW Anywhere (v6)
2381/tcp (v6) ALLOW Anywhere (v6)
10249/tcp (v6) ALLOW Anywhere (v6)
6443/udp (v6) ALLOW Anywhere (v6)
8000/tcp (v6) ALLOW Anywhere (v6)
sudo iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
ufw-before-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
ufw-before-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-logging-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-reject-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-track-output all -- 0.0.0.0/0 0.0.0.0/0
Chain KUBE-EXTERNAL-SERVICES (0 references)
target prot opt source destination
Chain KUBE-FIREWALL (0 references)
target prot opt source destination
DROP all -- !127.0.0.0/8 127.0.0.0/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
Chain KUBE-FORWARD (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-NODEPORTS (0 references)
target prot opt source destination
Chain KUBE-PROXY-FIREWALL (0 references)
target prot opt source destination
Chain KUBE-SERVICES (0 references)
target prot opt source destination
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ufw-skip-to-policy-input all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ufw-not-local all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900
ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:179
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4789
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5473
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2379
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4149
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10250
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10255
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10256
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9099
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10248
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2380
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10259
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10257
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2381
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10249
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
Despite all this, the port is still not accessible with curl. The curl does not complete until the end
curl --verbose http://127.0.0.1:8000
* Trying 127.0.0.1:8000...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.74.0
> Accept: */*
>
NOTE: On my local machine with my local IP address 192.168.203.46, ubuntu 20.0.4, I have no problem with the same config and environments
Please help me, I already lost a week on this problem.
Thanks in advance