I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
The most common problem related to your issue is that the application / server is configured for localhost or 127.0.0.1, which means accept connections only on the local machine. You need to bind with 0.0.0.0 which means listen on all available networks.
When connecting from the public network (outside your system) Connection refused means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
Connect to your instance via SSH. Then run this command: netstat -a. Look for a line that says LISTENING on your port number. Then look at the IP address. If it shows 127.0.0.1, this is your problem. If you do not see your port number in LISTENING state, then you do not have a process listening on that port.
Related
I cannot connect to my GCP VM through ssh. It is not working either through terminal (which gives a timeout error) or through the browser (eternally loading)
With nmap, I found out that there is no ssh service provided on the external IP address of the machine
Host is up (0.076s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
However, I do have the default-allow-sshrule in my firewall.
My question is what I should do now to have this ssh access. Thanks in advance!
You can find in the official documentation :
Troubleshooting
SSH
Test connectivity:
Check your firewall rules,
Test the network connection,
Connect as a different user,
Debug the issue in the serial console
Inspect the VM instance without shutting it down
Use a startup script
Use your disk on a new instance
I have an ec2 instance on which i login as:
ssh -L 5001:localhost:5000 sumit#<public DNS>
I have an application (superset) which I run as:
2020-04-01 08:18:24,531:INFO:root:logging was configured successfully
2020-04-01 08:18:24,620:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2020-04-01 08:18:25,600:INFO:werkzeug: * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Now when I open my browser and type, then it works:
http://127.0.0.1:5001/
I already have setup all http and https traffic:
Now when I change 127.0.0.1 to the aws public dns address it doesn't work. Please let me know what am I missing?
You method is using something call Port Forwarding.
This command:
ssh -L 5001:localhost:5000 sumit#<public DNS>
is saying: "Please SSH into the instance, and also forward port 5001 on this computer to the other computer, and ask it to send the traffic to localhost:5000."
Therefore, any traffic sent to port 5001 on your computer will be forwarded to port 5001 on the target computer. This is a good way of preventing other people from being able to access port 5000 on that computer, unless they are able to SSH into the instance (presumably using a private key).
Accessing http://127.0.0.1:5001/ means it will go to port 5001 on your computer. It would be the same as going to http://localhost:5001 on your own computer.
The flow is: 127.0.0.1:5001 -> via SSH connection -> localhost:5000 on other computer
Changing it to http://DNS-NAME:5001 will try to connect to port 5001 on the destination computer, which is not a port that is in use. You could try changing it to connect to http://DNS-NAME:5000 (which is the port where the application seems to be running) and opening the Security Group to allow port 5000, but that would probably violate the security that somebody probably wanted to put in place.
To experiment with VPN, I have created a VPN firewall rule that allows access to all the ports from all the IPs.
But when I telnet to the machine from my windows machine, I get error telnet 35.197.238.136
Connecting To 35.197.238.136...Could not open connection to the host, on port 23: Connect failed
Why am I not able to telnet?
The most likely story is that that, by default, a default Compute Engine doesn't have the telnet server software installed. If it is not installed, it is obviously not listening. If it is not listening, then a client connection to port 23 (the default telnet port) will fail.
You can install the Telnet server on your Compute Engine using:
sudo apt-get install telnetd
You will also have to "think ahead". Once telnet is running and you connect a client, you will be asked to login. Logging in requires a userid/password pair. By default, your Compute Engine has none. Consider creating a user using the Linux command adduser.
You might also want to consider your usage of telnet as compared to SSH. It appears that SSH has all but supplanted telnet connections these days.
I'm trying to launch a socket server on Amazon EC2. It binds the socket to 0.0.0.0:5000 and then listens on this port, printing every incoming message
However, when I simply try to connect to ec2-18-x-x-x.us-east-2.compute.amazonaws.com:5000 via Chrome, it throws an error: ERR_CONNECTION_TIMED_OUT. Of course, when I try to connect to it with a client using socket.connect(), a client is also unable to set up a connection.
I've already added the port to the security group inbound rules like that:
netstat -a shows that this port is open:
I use the public DNS IPv4 address, that is stated in instance description.
As I've successfully launched the server and tested netstat, it's obvious I can connect to EC2 using RDP.
Guided by this troubleshooting manual, I've also checked the route table for subnet and ACL for subnet, but everything was OK.
What's the problem then?
netstat is simply showing that some process is listening on that port, not that the port is "open". You still need to open port 5000 in the Windows firewall.
I created a new Ubuntu T2 Micro instance on EC2.
Created a new Elastic IP and selected "EIP used in: VPC"
Associated the address to my new EC2 Ubuntu instance.
I now have a Private IP and a Public/Elastic IP. No Public DNS.
My security group has SSH port 22 and HTTP port 80 open.
I can connect to the instance just fine through SSH using the Public IP, but when I try to browse to the Public IP through the browser it says connection refused. I can't ping it either.
I'm out of ideas.
Amazon EC2 HTTP connection refused, but HTTP port is open
That's already proven by the fact that you got 'connection refused'. If the port wasn't open it would have been 'connect timeout'.
'Connection refused' means that the service you tried to connect to wasn't listening at that port. Possibly it isn't started at all, or even installed.
You need to install a web server on your machine, such as Apache or Nginx. This is not provided by default in EC2.
go to security groups --> edit inbound rules --> add rule (add a custom TCP port 8888 with 0.0.0.0/0 ).
There are two major things that can happen to your web server.
Connection refused :- Which means there is no service running (http/JBOSS/nginx) on your server which is available to accept connections on port specified (which is 80 in this case)
Connection timed out :- Would mean server is not able to process any incoming connection hitting it at port 80. Once you fix the security group and your NACL (if you don't have a default one), then you need to re-check to see if it's service which is giving out the error, not to forget that the error response will change.