I have been trying to open ports for a server program and have had no luck with the process.
I am using Redhat linux and have created and applied a security group for the ports 22, 3306, 5500 from the address 0.0.0.0:0.
When running nmap on the server address it reports the ports 22 and 111 are both open and when checking the port 5500 directly it reports filtered instead of open.
I have tried accepting the port directly within iptables as well as stoping iptables but no luck with either.
Any help would be greatly appreciated.
Thanks!
Are you running anything on port 5500? Can you run on the instance ?
lsof -i:5500
If nothing returns you don't have anything running on 5500.
If you are running something there, what is it ? It's possible that whatever is running on 5500 is filtered by the app. For example if you are running a web server it could be bound to 127.0.0.1 or localhost instead of 0.0.0.0
Hope it helps.
Related
I suspect the issue is the HTTP proxy in the server. But I am not sure.
I set up a hello world Flask app on Ubuntu, I was able to access the page by
elinks http://localhost:5000, # and
elinks http://127.0.0.1:5000, # but not
But NOT
elinks http://<server_ip_in_LAN>:5000 # I was also not able to remote access the page on another machine
Then I looked at my proxy settings, in /etc/environment, it has the following:
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
http_proxy="http://proxy-ip:8080/"
https_proxy="http://proxy-ip:8080/"
ftp_proxy="http://proxy-ip:8080/"
git_proxy="http://proxy-ip:8080/"
no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
HTTP_PROXY="http://proxy-ip:8080/"
HTTPS_PROXY="http://proxy-ip:8080/"
FTP_PROXY="http://proxy-ip:8080/"
GIT_PROXY="http://proxy-ip:8080/"
NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"
Further, I use ufw to control the firewall, port 5000 is allowed from anywhere.
And I was able to see the following by running nmap -Pn localhost
$ nmap -Pn localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-04 21:09 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00016s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3000/tcp open ppp
5000/tcp open upnp
5432/tcp open postgresql
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
However, if I run
nmap -Pn <server_ip_in_LAN>,
the "5000/tcp open upnp" line was missing, implying the port number seems only open to my localhost, but not open to LAN.
Why? How can I solve it?
Thanks in advance.
Flask often use internal host:
127.0.0.1
. So you can connect by server_ip_in_LAN by change host IP:
app.run(host= '0.0.0.0')
I have faced the similar kind of issue when I was trying to set my first pycharm project for flask.
Things you need to check
HTTP Proxy(if you are behind a proxy)
Verify the proxy details if proxy added
Check for port if not already used.
for flask specific(if you want to run on specific host and port)
app.run(host='0.0.0.0',port='5000', debug=True)
It gets started on 0.0.0.0 you can change it to localhost.
I realise that the firewall should not block traffic moving between terminal sessions on the same server, but I have included detail of my firewall here as it might be related somehow. The crux of this problem is "What linux/AWS setting could be stopping me from communicating on a port on the same instance"
I have an amazon instance (not build by me) running Debian. I am trying to get an email relay running, but that question is in another post. For starters, I just want to make sure that a port is open. The way I do this on other servers is, I make sure the firewall is not blocking the port, and then get netcat to listen on that port. So, for my instance I went to AWS security management and opened port 2525 both UDP and TCP
nothing is blocked outbound
and checked the local firewall
root#lamp # iptables-save
# Generated by iptables-save v1.4.14 on Sun Feb 28 10:36:57 2016
*nat
:PREROUTING ACCEPT [727933:41936189]
:INPUT ACCEPT [727933:41936189]
:OUTPUT ACCEPT [4341889:262878645]
:POSTROUTING ACCEPT [4341889:262878645]
COMMIT
# Completed on Sun Feb 28 10:36:57 2016
Then I ran netcat to listen on port 2525
root#lamp # nc -l 2525
logged on via a different terminal session to the same server
root#lamp /home/www# nc localhost 2525
localhost [127.0.0.1] 2525 (?) : Connection refused
root#lamp /home/www# netstat -anp | grep 2525
root#lamp /home/www# telnet localhost 2525
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
I try this on my ubuntu laptop or on my rackspace instance, the nc command should get me a kind of chat session which I terminate with a CTRL^D.
I am not too familiar with the way Amazon do things, so I guess I am missing some AWS web interface, but what confuses me is I would expect all traffic to be free to travel between different sessions on the same localhost. Any light that could be shed on allowing traffic on this port would be appreciated.
AWS Security Groups wouldn't be getting involved here in terms of opening + connecting to the server locally.
It's only relevant when trying to connect to and from other servers.
I suspect your issue is a Linux configuration issue, but of what flavour I do not know.
I have a virtual machine (centos 7) in VirtualBox on a RHEL 5 host running MonetDB5 (server v 11.19.9). I can connect to the database from with the guest through both jdbc and mclient. However, I cannot connect to it from the host.
I have port 50000 forwarded to port 5555, and have set shared=yes in monetdb and control=yes on monetdbd. When I try to connect using
java -jar jdbcclient.jar -dmydatabase -umonetdb -hlocalhost -p5555 -Xdebug
I type in my password and it waits a long time, then says:
Database connect failed: Unable to connect (localhost:5555): Connection to server lost!
The javaclient log file is unhelpful:
RD 1438806937222: server closed the connection (EOF)
The merovingian.log file is also unhelpful since nothing is added to it. Note that the mserver command in the log says --set-mapi_open=false, even though I have set sharing and control = yes. But I can't find the MonetDB.conf file so I don't know where to change "mapi_open=true." I tried making my own MonetDB.conf file and putting it in /etc/ but it doesn't seem to work there.
Note that I can connect to the machine with
ssh me#localhost -p222 -X
where I have forwarded port 20 to 222, so I feel good about the port forwarding. Any guidance would be greatly appreciated. Thanks!
The problem was with the firewall. Even though port 22 (ssh) was automatically opened on the guest machine, port 50000 needed to be configured manually.
I'm running OS X Mountain Lion on a machine with local IP address 192.168.1.6 (as reported by both the Network utility and ifconfig) and am running a local (Django) development web server on port 8000 that I would like to connect to from a virtual machine running a guest OS on the same machine.
On the host OS (ie, OS X running on the metal of the machine w/ address 192.168.1.6) I can connect to my test web server through the browser by navigating to 127.0.0.1:8000; or localhost:8000; but not when using the machine's local IP address. Here's what makes this extra confusing:
The router is not filtering the ports; and, just to be sure, I've set it to explicitly forward ports 8000 and 22 to 192.168.1.6; And speaking of port 22,
When I start the SSH service, I can connect (from the command line) via ssh 192.168.1.6
It's not a browser issue, because I also can't telnet to 192.168.1.6 port 8000 (connection refused) while I can telnet to 127.0.0.1 port 8000, and I can also telnet to 192.168.1.6 port 22
The firewall is set to off (as reported in System Preferences) but to be extra safe, I've also set an ipfw rule to allow everything through
Here are the ipfw rules:
00100 allow tcp from any to any dst-port 8000
65535 allow ip from any to any
Here is additional confirmation that the port is, indeed, being listened to by my test server:
netstat -an | grep 8000
tcp4 0 0 127.0.0.1.8000 *.* LISTEN
so what's going on here? Somehow port 22 is being treated differently than port 8000, but every place I can think to look for those differences I can't find any. Why can't I get into this machine's port 8000 using its local ip address?
When you start Django development server you need to give the address explicitly:
python manage.py runserver 192.168.1.6:8000
Or if you want the server to run on all interfaces you can use:
python manage.py runserver 0.0.0.0:8000
In other case Django development server defaults to running on the local interface only.
The problem for me was I accidentally quit the server whenever trying to copy the server address. So instead of using ctrl+C just write down the address into your browser.
I solved the issue.There are a few things you might be missing.Listing them below-
1.Once it starts the server, do not press Ctrl+C anyhow .u might be pressing it to copy to url and that accidently closes the server due to which it might be happening.
2.instead of http://127.0.0.1:8000/ ...change the port number to http://127.0.0.1:8080/ ...That would work.
3.Try changing the firewall setting and allow the app.
4.Try opening it with different browsers and incognito too.
The above steps helped solve my issue.Hope they help u too...:)
My vagrant setup for the network is config.vm.network :private_network, ip: "192.168.56.101". If I'm accessing a php page with echo $_SERVER['REMOTE_ADDR']; I got 192.168.56.1 as result. The problem now is that I can't ping 192.168.56.1, so also the config for Xdebug with xdebug.remote_connect_back=1 will fail, because Xdebug tries to connect to 192.168.56.1. If I use my normal ip address with xdebug.remote_host=X.X.X.X everything works fine, but I want to use xdebug.remote_connect_back=1. What can I do that it will work?
I was having the same problem and then started up a Virtualbox manually and realized that I hadn't started a virtualbox since updating and the firewall had to updated. Once I restarted virtualbox I could ping 192.168.56.1 and not have to rely on a hard coded ip address. So, my guess, is that you probably have firewall issues.