sh-3.2# vagrant -v
Vagrant 1.4.3
sh-3.2# VBoxManage -v
4.3.6r91406
sh-3.2#
iptables has been removed...
On the vagrant machine I see the port and it responds.
[vagrant#localhost ~]$ nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2014-02-04 04:00 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00028s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 998 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
8000/tcp open http-alt
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
[vagrant#localhost ~]$ curl localhost:8000
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li>.bash_history
<li>.bash_logout
<li>.bash_profile
<li>.bashrc
<li>.ssh/
<li>.vbox_version
<li>postinstall.sh
</ul>
<hr>
</body>
</html>
[vagrant#localhost ~]$
My ports are forwarded...
[web1] -- 22 => 2222 (adapter 1)
[web1] -- 80 => 8080 (adapter 1)
[web1] -- 8000 => 8081 (adapter 1)
Now... the port on the host looks open...
Starting Nmap 6.40 ( http://nmap.org ) at 2014-02-03 19:02 PST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Not shown: 811 closed ports, 183 filtered ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
2222/tcp open EtherNet/IP-1
7778/tcp open interwise
8080/tcp open http-proxy
8081/tcp open blackice-icecap
Nmap done: 1 IP address (1 host up) scanned in 5.23 seconds
But curl never returns...
sh-3.2# curl localhost:8081
Vagrant/VirtualBox forwards the port to the first (NAT) adapter, so you need to bind your web server to it's IP, or to 0.0.0.0. Probably it's then also easier to add a private_network address and skip port forwarding altogether.
Related
I had a Linux (Debian 9) VM running inside the GCP, I can ssh to it via PuTTY. Now I want to use VNC to connect it and failed.
The following steps are what I did so far.
I tried to follow the article (https://linuxize.com/post/how-to-install-and-configure-vnc-on-debian-9/) to set up a vnc server and it looks good.
clin4#chen-k8s-master:~$ sudo systemctl status vncserver#1.service
vncserver#1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver#.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-04-03 00:41:24 UTC; 17h ago
Process: 734 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 956 (vncserver)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/system-vncserver.slice/vncserver#1.service
‣ 956 /usr/bin/perl /usr/bin/vncserver :1 -geometry 1440x900 -alwaysshared -fg
Apr 03 00:41:23 chen-k8s-master systemd[1]: Starting Remote desktop service (VNC)...
Apr 03 00:41:23 chen-k8s-master systemd[734]: pam_unix(login:session): session opened for user clin4 by (uid=0)
Apr 03 00:41:24 chen-k8s-master systemd[1]: Started Remote desktop service (VNC).
Apr 03 00:41:25 chen-k8s-master systemd[956]: pam_unix(login:session): session opened for user clin4 by (uid=0)
I open the port 5901 (5901-5910) via firewalld
clin4#chen-k8s-master:~$ sudo firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client
ports: 443/tcp 6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 10255/tcp 6783/tcp 30000-32767/tcp 5901-5910/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Use netstat to check
clin4#chen-k8s-master:~$ sudo netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 1003/Xtigervnc
tcp6 0 0 ::1:5901 :::* LISTEN 1003/Xtigervnc
Create a firewall rule in the GCP, tags mapping on tcp:5901, and the VM has this tag.
remote-access Ingress remote-access IP ranges: 0.0.0.0/0 tcp:6443,3389,5900-5910 Allow 1000
Try to use Chrome VNC viewer to connect to the VM public IP with port 5901 and got the error message "Cannot establish connection. Are you sure you have entered the correct network address, and port number if necessary?"
What did I miss?
On a CentOS Linux 7 machine, I have a web app served on port 1314
$ netstat -anp | grep 1314
tcp 0 0 127.0.0.1:1314 0.0.0.0:* LISTEN 1464/hugo
tcp 0 0 127.0.0.1:60770 127.0.0.1:1314 TIME_WAIT -
and I can curl it locally.
I opened port 1314:
iptables-save | grep 1314
-A IN_public_allow -p tcp -m tcp --dport 1314 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
I checked with nmap locally:
PORT STATE SERVICE
1314/tcp open pdps
Everything seems fine.
Now if I try to curl the web app from another machine I get connection refused.
When I try nmap from the remote machine:
PORT STATE SERVICE
1314/tcp closed pdps
So the firewall doesn't block the port, but it looks like there is no one listening on port 1314...
But we know that the web app is running on this endpoint so what is going on??
Having a process listening to a port (and that port is open and properly configured) is not enough to enable remote communication. The local address needs to be on the same network as the remote address too!
Here, on the netstat printout, we can see that the local address is localhost (127.0.0.1 or ::1). Localhost is obviously not on the same network as the remote machine I was using to curl my web app. This explains also why nmap was reporting a closed port (meaning that nothing was listening on the local end).
Note: to listen to all the network interfaces, the local address should be 0.0.0.0 or :::.
I created a AWS instance today, and I am running a server and listen to 19999 port. let's see what I got:
root#ip-172-31-18-145:/home/ubuntu# sudo lsof -i -P -n | grep 19999
ssserver 20387 root 4u IPv4 65547 0t0 TCP *:19999 (LISTEN)
ssserver 20387 root 5u IPv4 65548 0t0 UDP *:19999
But i couldn't connect my port on my remote client-side, so I was trying to use nmap. here what I got.
root#ip-172-31-18-145:/home/ubuntu# nmap -Pn 127.0.0.1
Starting Nmap 7.60 ( https://nmap.org ) at 2020-02-15 13:47 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000030s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
My question is what's wrong with nmap? To make sure the port is listening I am running nc to try to listen the 19999 again. and here is the output:
ubuntu#ip-172-31-18-145:~$ nc -l 19999
nc: Address already in use
Nothing is wrong with nmap by default it only scan a 1000 most common ports. You can you use nmap -Pn 127.0.0.1 -p 19999
I get error 'Connection refused' when try to connect from vSphere Client and web client.
I check output of command netstat -tnpl and not see 443 port in listening ports.
Which VCenter Server Applience 5.5 service should be running on 443/tcp port?
I was able to start the service running on port 443. This service is vmware-vpxd:
$ netstat -tnpl | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4780/vpxd
tcp 0 0 :::443 :::* LISTEN 4780/vpxd
In my case, i got error when vpxd started: "vpxd failed to initialize"
The problem was solved updade VCenter Server Applience, as described in the article https://kb.vmware.com/s/article/2031331
A similar problem was found in the blog:
https://blog.robinfourdeux.com/vcenter-5-1b-waiting-for-vpxd-to-initialize-failed/
I suspect the issue is the HTTP proxy in the server. But I am not sure.
I set up a hello world Flask app on Ubuntu, I was able to access the page by
elinks http://localhost:5000, # and
elinks http://127.0.0.1:5000, # but not
But NOT
elinks http://<server_ip_in_LAN>:5000 # I was also not able to remote access the page on another machine
Then I looked at my proxy settings, in /etc/environment, it has the following:
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy="http://proxy-ip:8080/"
https_proxy="http://proxy-ip:8080/"
ftp_proxy="http://proxy-ip:8080/"
git_proxy="http://proxy-ip:8080/"
no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
HTTP_PROXY="http://proxy-ip:8080/"
HTTPS_PROXY="http://proxy-ip:8080/"
FTP_PROXY="http://proxy-ip:8080/"
GIT_PROXY="http://proxy-ip:8080/"
NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"
Further, I use ufw to control the firewall, port 5000 is allowed from anywhere.
And I was able to see the following by running nmap -Pn localhost
$ nmap -Pn localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-04 21:09 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00016s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3000/tcp open ppp
5000/tcp open upnp
5432/tcp open postgresql
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
However, if I run
nmap -Pn <server_ip_in_LAN>,
the "5000/tcp open upnp" line was missing, implying the port number seems only open to my localhost, but not open to LAN.
Why? How can I solve it?
Thanks in advance.
Flask often use internal host:
127.0.0.1
. So you can connect by server_ip_in_LAN by change host IP:
app.run(host= '0.0.0.0')
I have faced the similar kind of issue when I was trying to set my first pycharm project for flask.
Things you need to check
HTTP Proxy(if you are behind a proxy)
Verify the proxy details if proxy added
Check for port if not already used.
for flask specific(if you want to run on specific host and port)
app.run(host='0.0.0.0',port='5000', debug=True)
It gets started on 0.0.0.0 you can change it to localhost.