I have just setup a four nodes Cassandra 3.4 cluster running centOS 7 on AWS. I was able to configure it and get all the nodes together. Now I would like to perform some tests, monitoring the cluster behavior using the devops center which I installed on one machine.
I thought using ssh-tunneling to access it from my computer:
ssh -i Amazon-EC2-Ami.pem -L 9999:localhost:8888 centos#public_address
Using my browser, localhost:9999 gets correctly tunneled to the devops login page: http://localhost:8888/opscenter/login.html, but I got a ERR_CONNECTION_REFUSED
I tried accessing devops on that machine using a command line browser and it displays the login page. I really do not know what the issue could be. Any information is truly appreciated. This is the cassandra-yaml configuration file, in case it helps:
cluster_name: 'Cloak'
listen_address:
endpoint_snitch: GossipingPropertyFileSnitch
rpc_address:
seed_provider:
- class_name: org.apache.cassandra.locator.SimpleSeedProvider
parameters:
- seeds: "172.31.55.186,172.31.55.187"
EDIT
Using the -v option launching the ssh tunneling I can confirm that the requests are correctly tunneled:
[centos#ip-172-31-55-186 ~]$ debug1: Connection to port 9999
forwarding to localhost port 8888 requested.
debug1: channel 3: new [direct-tcpip]
debug1: Connection to port 9999 forwarding to localhost port 8888
requested.
debug1: channel 4: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 9999 for
localhost port 8888, connect from 127.0.0.1 port 43846 to 127.0.0.1
port 9999, nchannels 5
Finally I managed to access it from my computer. I had to modify the configuration file for the operation center, located in /etc/opscenter/opscenterd.conf (only for package installation):
[webserver]
port = 8888
interface = 127.0.0.1
By default the webserver accepts requests only from the localhost. Probably it won't be the best option, but since the operation center allows to configure users, I set interface = 0.0.0.0, allowing any host to contact it.
Related
I have an AWS EC2 instance which is running Rstudio and Shiny Server on an ubuntu instance.
I have a Windows machine and have up until recently used PuTTY to connect to my instance (using ssh). Using PuTTY I also use ssh tunneling to localhost:8787. I can do this through the GUI or PLINK, both work fine ie.
> plink -i myprivatekey.ppk -L 8787:localhost:8787 ubuntu#IPaddressAWS
Or by using the GUI and going to Auth -> tunneling and setting it up that way.
Then I am able to open my browser and go to localhost:8787 and I get an Rstudio login.
The Problem
Now recently I started using multipass to connect to AWS via ubuntu to remove the middle man (PuTTY (Yes add a middle man to remove a middle man)). However I cannot get the tunneling to work.
$ ssh -i myprivatekey.pem -L 8787:localhost:8787 ubuntu#IPaddressAWS
But when I go to localhost:8787 there is nothing there. I thought that what I did using PuTTY was the same as that. I have tried some variations that I have found online such as
ssh -N -L SOURCE-PORT:127.0.0.1:DESTINATION-PORT -i KEYFILE ubuntu#IPAdressAWS
When I add the verbose option -v, the logs seem okay;
Authenticated to MY INSTANCE ON AWS
debug1: Local connections to LOCALHOST:8787 forwarded to remote address localhost:8787
debug1: Local forwarding listening on ::1 port 8787.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8787.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
I could well be missing something very obvious (not great with linux). My main query is that: Isn't what I did using PuTTY the same as what I have tried using ubuntu?
I suspect the issue is the HTTP proxy in the server. But I am not sure.
I set up a hello world Flask app on Ubuntu, I was able to access the page by
elinks http://localhost:5000, # and
elinks http://127.0.0.1:5000, # but not
But NOT
elinks http://<server_ip_in_LAN>:5000 # I was also not able to remote access the page on another machine
Then I looked at my proxy settings, in /etc/environment, it has the following:
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy="http://proxy-ip:8080/"
https_proxy="http://proxy-ip:8080/"
ftp_proxy="http://proxy-ip:8080/"
git_proxy="http://proxy-ip:8080/"
no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
HTTP_PROXY="http://proxy-ip:8080/"
HTTPS_PROXY="http://proxy-ip:8080/"
FTP_PROXY="http://proxy-ip:8080/"
GIT_PROXY="http://proxy-ip:8080/"
NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"
Further, I use ufw to control the firewall, port 5000 is allowed from anywhere.
And I was able to see the following by running nmap -Pn localhost
$ nmap -Pn localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-04 21:09 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00016s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3000/tcp open ppp
5000/tcp open upnp
5432/tcp open postgresql
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
However, if I run
nmap -Pn <server_ip_in_LAN>,
the "5000/tcp open upnp" line was missing, implying the port number seems only open to my localhost, but not open to LAN.
Why? How can I solve it?
Thanks in advance.
Flask often use internal host:
127.0.0.1
. So you can connect by server_ip_in_LAN by change host IP:
app.run(host= '0.0.0.0')
I have faced the similar kind of issue when I was trying to set my first pycharm project for flask.
Things you need to check
HTTP Proxy(if you are behind a proxy)
Verify the proxy details if proxy added
Check for port if not already used.
for flask specific(if you want to run on specific host and port)
app.run(host='0.0.0.0',port='5000', debug=True)
It gets started on 0.0.0.0 you can change it to localhost.
I realise that the firewall should not block traffic moving between terminal sessions on the same server, but I have included detail of my firewall here as it might be related somehow. The crux of this problem is "What linux/AWS setting could be stopping me from communicating on a port on the same instance"
I have an amazon instance (not build by me) running Debian. I am trying to get an email relay running, but that question is in another post. For starters, I just want to make sure that a port is open. The way I do this on other servers is, I make sure the firewall is not blocking the port, and then get netcat to listen on that port. So, for my instance I went to AWS security management and opened port 2525 both UDP and TCP
nothing is blocked outbound
and checked the local firewall
root#lamp # iptables-save
# Generated by iptables-save v1.4.14 on Sun Feb 28 10:36:57 2016
*nat
:PREROUTING ACCEPT [727933:41936189]
:INPUT ACCEPT [727933:41936189]
:OUTPUT ACCEPT [4341889:262878645]
:POSTROUTING ACCEPT [4341889:262878645]
COMMIT
# Completed on Sun Feb 28 10:36:57 2016
Then I ran netcat to listen on port 2525
root#lamp # nc -l 2525
logged on via a different terminal session to the same server
root#lamp /home/www# nc localhost 2525
localhost [127.0.0.1] 2525 (?) : Connection refused
root#lamp /home/www# netstat -anp | grep 2525
root#lamp /home/www# telnet localhost 2525
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
I try this on my ubuntu laptop or on my rackspace instance, the nc command should get me a kind of chat session which I terminate with a CTRL^D.
I am not too familiar with the way Amazon do things, so I guess I am missing some AWS web interface, but what confuses me is I would expect all traffic to be free to travel between different sessions on the same localhost. Any light that could be shed on allowing traffic on this port would be appreciated.
AWS Security Groups wouldn't be getting involved here in terms of opening + connecting to the server locally.
It's only relevant when trying to connect to and from other servers.
I suspect your issue is a Linux configuration issue, but of what flavour I do not know.
I know there is a lot of similar question but I haven't be able to make it work.
I have a VM (VirtualBox) running CentOS 7
I set up 2 adapters, a NAT and a host-only adapter. This way I have internet output on the VM and I can enter via ssh using a ip (192.168.56.102) from the host
Now, I'm trying to reach a django server running on the guest from the host
I've tried running at 0.0.0.0:8000 and 192.168.56.102:8000 but I always got
$ curl 192.168.56.2:8000
curl: (7) Failed connect to 192.168.56.2:8000; No route to host
I've read some solutions using a bridge instead of NAT, but I need to keep the output to internet and the access via ssh
Finally I opened the port 8000 on the guest firewall and its working now.
For CentOS 7, i followed those steps centos 7 - open firewall port
firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --reload
I'm running OS X Mountain Lion on a machine with local IP address 192.168.1.6 (as reported by both the Network utility and ifconfig) and am running a local (Django) development web server on port 8000 that I would like to connect to from a virtual machine running a guest OS on the same machine.
On the host OS (ie, OS X running on the metal of the machine w/ address 192.168.1.6) I can connect to my test web server through the browser by navigating to 127.0.0.1:8000; or localhost:8000; but not when using the machine's local IP address. Here's what makes this extra confusing:
The router is not filtering the ports; and, just to be sure, I've set it to explicitly forward ports 8000 and 22 to 192.168.1.6; And speaking of port 22,
When I start the SSH service, I can connect (from the command line) via ssh 192.168.1.6
It's not a browser issue, because I also can't telnet to 192.168.1.6 port 8000 (connection refused) while I can telnet to 127.0.0.1 port 8000, and I can also telnet to 192.168.1.6 port 22
The firewall is set to off (as reported in System Preferences) but to be extra safe, I've also set an ipfw rule to allow everything through
Here are the ipfw rules:
00100 allow tcp from any to any dst-port 8000
65535 allow ip from any to any
Here is additional confirmation that the port is, indeed, being listened to by my test server:
netstat -an | grep 8000
tcp4 0 0 127.0.0.1.8000 *.* LISTEN
so what's going on here? Somehow port 22 is being treated differently than port 8000, but every place I can think to look for those differences I can't find any. Why can't I get into this machine's port 8000 using its local ip address?
When you start Django development server you need to give the address explicitly:
python manage.py runserver 192.168.1.6:8000
Or if you want the server to run on all interfaces you can use:
python manage.py runserver 0.0.0.0:8000
In other case Django development server defaults to running on the local interface only.
The problem for me was I accidentally quit the server whenever trying to copy the server address. So instead of using ctrl+C just write down the address into your browser.
I solved the issue.There are a few things you might be missing.Listing them below-
1.Once it starts the server, do not press Ctrl+C anyhow .u might be pressing it to copy to url and that accidently closes the server due to which it might be happening.
2.instead of http://127.0.0.1:8000/ ...change the port number to http://127.0.0.1:8080/ ...That would work.
3.Try changing the firewall setting and allow the app.
4.Try opening it with different browsers and incognito too.
The above steps helped solve my issue.Hope they help u too...:)