I have a computer, let's call it linux#home.
I have a dedicated distant linux server, let's call it linuxHost#datacenter.
I have a virtualbox virtual machine running windows 7 on the dedicated server, let's call it windowsGuest#datacenter.
I set up a NAT network interface on windowsGuest through virtualbox manager.
windowsGuest#datacenter is running a service that needs to access an sql database on linuxHost#datacenter, and that works fine. The same service on windowsHost needs to listen to connections on an udp port, let's say 12345. windowsGuest can access internet, web browsing works properly (doesn't need to, but that works fine).
So, now i need linux#home tu run a client application that connects on udp port 12345 on windowsGuest#datacenter. What i did is configure a port forward on the NAT network i use for windowsGuest :
-host ip : 127.0.0.1
-host port : 12346
-protocol : UDP
-guest ip : 10.0.2.4 (which is windowsGuest#datacenter ip address)
-guest port : 12345
I expect that any connection on linuxHost#datacenter on UDP port 12346 would be forwarded to windowsGuest#datacenter UDP port 12345, but that doesn't seem to happen.
a few more information :
- windowsGuest#datacenter's firewall is turned OFF
- linuxHost#datacenter runs iptables and is configured to allow any connection from linux#home, both tcp and udp.
- linuxHost#datacenter 's iptables doesn't log any blocked packets.
- I don't want to turn off iptables since linuxHost#datacenter is running other services and i don't want to expose that.
- I cannot test the client application on linuxHost#datacenter
What did I do wrong? Should i manually forward connections from internet to linuxHost#datacenter on port udp 12346 to 127.0.0.1:12345? should i configure the NAT port forwarding differently? Am i totally wrong and that's not the way i should manage this situation?
Thanks to this answer i could manage what i wanted. I had to modify my NAT port forward in the virtualbox manager preferences. The host ip field can be left blank, so that connections from any ip address would be forwarded to the guest.
Related
I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
The most common problem related to your issue is that the application / server is configured for localhost or 127.0.0.1, which means accept connections only on the local machine. You need to bind with 0.0.0.0 which means listen on all available networks.
When connecting from the public network (outside your system) Connection refused means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
Connect to your instance via SSH. Then run this command: netstat -a. Look for a line that says LISTENING on your port number. Then look at the IP address. If it shows 127.0.0.1, this is your problem. If you do not see your port number in LISTENING state, then you do not have a process listening on that port.
I'm trying to launch a socket server on Amazon EC2. It binds the socket to 0.0.0.0:5000 and then listens on this port, printing every incoming message
However, when I simply try to connect to ec2-18-x-x-x.us-east-2.compute.amazonaws.com:5000 via Chrome, it throws an error: ERR_CONNECTION_TIMED_OUT. Of course, when I try to connect to it with a client using socket.connect(), a client is also unable to set up a connection.
I've already added the port to the security group inbound rules like that:
netstat -a shows that this port is open:
I use the public DNS IPv4 address, that is stated in instance description.
As I've successfully launched the server and tested netstat, it's obvious I can connect to EC2 using RDP.
Guided by this troubleshooting manual, I've also checked the route table for subnet and ACL for subnet, but everything was OK.
What's the problem then?
netstat is simply showing that some process is listening on that port, not that the port is "open". You still need to open port 5000 in the Windows firewall.
I am relatively new to AWS and I've been looking at quite a few tutorials for the past couple of days trying to figure out how to make my AWS ubuntu instance accessible from the browser.
What I've done:
1st: I configured security groups to accept all traffic for ssh, http, https just to see if the public DNS listed in the instance is accessible.
2nd: I changed the IP of my instance to an elastic IP
3rd: I wrote a simple node.js file that listens on port: 9000 and console.logs 'hello world'
For some reason ssh works, and I can run my node.js file, but agina I cannot access the remote instance from the browser.
Any help would be greatly appreciated since I've been on this for a couple of days
Thanks!
Thank you everyone for the quick responses!
My issue was I did not include a TCP rule to my specific port. Now I am able to access that port via ec2-DNSNAME:9123.
And, just to clarify, if I want to host that DNS for all traffic I should specify 'anywhere' for the TCP rule, correct?
I configured security groups to accept all traffic for ssh, http, https
In security groups, "HTTP" does not mean "HTTP on any port"... it means "any traffic on TCP port 80" -- 80 being the standard IANA assigned port for HTTP.
Security groups are not aware of the type of traffic you are passing, only the IP protocol (e.g. TCP, UDP, ICMP, GRE, etc.) and port number (for protocols that use port numbers) and any protocol specific information (ICMP message types).
You need a rule allowing traffic to port 9000.
Firstly go to your EC2 and see if curl http://localhost works..
Also, if you are exposing your nodejs on port 9000 ; did u open 9000 also on security groups or not ?
Few things to check:
Security groups
Subnet NACLS (these can function as a subnet level
firewall, but unless you've messed with these they should allow all
traffic.)
On the server if you run netstat -na | grep <PORT> do you see your
application listening on the correct ports?
You may also check your system for a firewalls that could be short circuiting the requests.
If the above doesn't point you towards where your issue is you can grab tcpdump and filter it just for requests coming from your web browser (e.g after installing tcpdump -vvn host 10.20.30.40 port 8000 Substitute your ip and port). This will let you know if you're running into a network issue (Packets aren't reaching the server) or if its something with the app.
I'd also recommend using IP addresses while doing your initial troubleshooting. That way we can establish it is not network/server configuration before going into DNS.
I am using VMware 9.0.0 on a Windows 7(64bits) host, the guest OS is CentOS 6.5(I have tried Ubuntu 12.04 also).
Firewall on Windows 7 is completely disabled. My host is connected to a router via wireless network adapter.
Guest's network configuration is NAT, and guest IP address is 192.168.117.130. Default gateway of the guest is 192.168.117.2. The Nat Interface(VMware Network Adapter VMnet8) on Windows 7 have an IP address of 192.168.117.1.
The problem I met is that I can have Internet access, actually, every network service using TCP and UDP is ok. But I can't ping any host other than hosts on the network of 192.168.17.0/24.
I used wireshark to locate the problem. I found a strange phenomenon, my host can receive the ping echo request from the guest and ping echo response, but it is not forwarding to the guest. Seems the NAT of ICMP packet is not working.
Any suggestions?
I'm wondering if anyone can give me reasons why Winsock is not connecting to WAN IP addresses.
It only connects to my LAN IP address or the looping address 127.0.0.1.
I'm running the client and the server on the same computer. I first run the server program, then verify that it is in fact listening on 0.0.0.0::3307 from the command prompt, then make the appropriate port forwarding by routing port 3307 to the computer in my LAN running the server. But it still cannot connect. I have also restarted my router.
What could be causing my client not to connect to the server running on the same computer?
I guess 0.0.0.0 as listening Adress is the Problem here.
May you inform yourself about IP address rooms and reserved addresses in detail.
Not quite shure, if i got you right here, but if you're able to get a connection using localhost's address or LAN IP Address everything's allright.