Having a little trouble connecting jstatd with visualvm. Below is a break down of my settings:
jstatd.policy
grant codebase "file:/usr/java/jre1.7.0/lib/tools.jar" {
permission java.security.AllPermission;
};
Called With
jstatd -p 9999 -J-Djava.security.policy=/usr/java/jre1.7.0/bin/jstatd.policy
Pulling Ports
tcp 0 0 0.0.0.0:43786 0.0.0.0:* LISTEN 22846/jstatd
tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 22846/jstatd
And Ports Nice and Open
ACCEPT tcp -- anywhere anywhere tcp dpt:9999
ACCEPT tcp -- anywhere anywhere tcp dpt:43786
The application being run is sat on vmware, although application can be accessed with no issues.
If anyone has any ideas on connecting to visualvm it would be great.
Probably you need to start jstatd with host IP addr parameter, like this:
jstatd -p 9999 -J-Djava.security.policy=/usr/java/jre1.7.0/bin/jstatd.policy -J-Djava.rmi.server.hostname=192.168.0.123
192.168.0.123 - change this IP with your IP address of remote server
Check this link: http://hwellmann.blogspot.com/2012/01/troubleshooting-visualvm-remote.html
Related
I recently launched an ecs instance with centos 7.3.
I followed a guideline to install apache and configure ports(80 and 443).
I try to visit http://my_ip but it's not responding, it says i should check proxy and firewall
Below is the iptables, i could not figure what's wrong
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 25141/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1878/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25141/httpd
tcp6 0 0 :::3306 :::* LISTEN 30048/mysqld
1.stop firewall(systemctl stop firewalld.service),make your selinux equal disabled(vim /etc/sysconfig/selinux)
2.check your apache configure file and make sure your configuration allow your client to access.
3. check your apache access.log and error.log
you can try these method,and you would better paste the error page screenshot.
I have an EC2 ubuntu server with haas online trading server installed which requires me to connect through PORT 8090 or 8092.
The xml file is configured as follows:
<HostingAdres>xx.xxx.56.78</HostingAdres>
<ExternalAdres />
<HostingPort>8090</HostingPort>
<HubPort>8092</HubPort>
I have opened these ports with Custom TCP in the Security Groups but when I see which ports are listening with:
netstat -tulpn
I get:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::9300 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::9200 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 172.31.95.106:68 0.0.0.0:* -
and I have tried:
sudo ufw allow 8090
ps -A|grep mono
produces:
1922 pts/0 00:00:03 mono
so a mono process appears to be running. the haas online server is htr only mono program.
But the port remains stubbornly unavailable.
How can I open 8090 and 8092 to accept traffic?
Thank you!
The security group, and netstat are not related. Think of the security group as your network firewall. Changes to your security group do not effect what port your server is listening on, it changes what ports your network will allow incoming traffic on. For your server to be listening on ports 8090 and 8092 some sort of service/application needs to be running and bound to those ports. It looks like you have configured the haas service to listen on those ports, but you haven't started the haas service. Or perhaps you need to restart the service to get it to pick up the modified port configuration.
I'm facing issue with firewall configuration on centos-7 vm instance on gcp.cPanel(2082,2083) and WHM(2086,2087) ports are open but still firefox in not launching the WHM. see the comand below.
[root#centos-7-1 ~]# netstat -ntlup | grep cp
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 5361/exim
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 3455/perl
tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 5361/exim
tcp 0 0 10.160.0.2:53 0.0.0.0:* LISTEN 3523/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3523/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3614/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5361/exim
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3523/named
tcp 0 0 0.0.0.0:2077 0.0.0.0:* LISTEN 5567/cpdavd - accep
tcp 0 0 0.0.0.0:2078 0.0.0.0:* LISTEN 5567/cpdavd - accep
tcp 0 0 0.0.0.0:2079 0.0.0.0:* LISTEN 5567/cpdavd - accep
tcp 0 0 0.0.0.0:2080 0.0.0.0:* LISTEN 5567/cpdavd - accep
tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
tcp 0 0 127.0.0.1:579 0.0.0.0:* LISTEN 3634/cPhulkd - proc
tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 3468/cpsrvd (SSL) -
cpanel Tech team has reply on the above saying.
Hello,
Thank you for your reply back!
Attempting to connect to the server over port 2087 from the outside it seems that there is some sort of firewall rule in place that is filtering out the requests to that port:
======
[root#test ~]# nmap 35.200.142.242 -p 2087
Starting Nmap 6.40 ( http://nmap.org ) at 2019-01-23 04:37 CST
Nmap scan report for 242.142.200.35.bc.googleusercontent.com (35.200.142.242)
Host is up (0.26s latency).
PORT STATE SERVICE
2087/tcp filtered eli
Nmap done: 1 IP address (1 host up) scanned in 9.54 seconds
However, I was able to confirm that the port 2087 is open for outgoing at this moment in time:
======
[10:41:08 centos-7-1 root#11256229 ~]cPs# telnet portquiz.net 2087
Trying 5.196.70.86...
Connected to portquiz.net.
Escape character is '^]'.
I would recommend to review over the port configuration again or reach out to a system administrator that may be able to assist further with the firewall setup and configuration through Google Cloud.
Please keep in mind this problem does not appear to be related to or caused by cPanel or by the basic configuration of the cPanel-bundled software. We're happy to help as much as possible but our technical analysts aren't replacements for a qualified systems administrator. We've provided the data and information that will help you carry on to the next step.
I certainly understand that not everyone has a Systems Administrator.
For a list of System Administration Services, feel free to reference our public services list available here: http://go.cpanel.net/sysadmin
Please note, however, that cPanel cannot be held liable for any services performed by third-party providers.
First check that you have created the required firewall rules in Google Cloud Platform, refer to this documentation on how do it, also verify the firewall rules inside your instance using:
iptables -L
firewall-cmd --get-active-zones
firewall-cmd --info-zone= {activezone}
I also ran an nmap -Pn 35.200.142.242 and got the following output:
So the port 2087 isn't open, I couldn't telnet either.
Finally when trying to debug network issues I suggest you to use one of these tools:
iftop, iptraf-ng and tcpdump.
Edit: If you have SELinux in enforcing mode, be sure that the cPanel files are in the correct context.
For whatever reason, I cannot open any ports on my Instance. Before I add a firewall rule trying to open 25565, I used https://www.yougetsignal.com/tools/open-ports/ and it had taken a few seconds to check. Now, when I added the firewall rule, it immediately says the port is closed. GCP Firewall Rules Image
I then tried running netstat -an | grep "LISTEN ", and the output was
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
Then, I tried deleting the firewall rules I made and tried adding through the GCP command line.
My output there was
Creating firewall...done.
NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
minecraft default INGRESS 1000 tcp:25565 False
I then tried running netstat -an | grep "LISTEN " again, and my output was the same. Any help would be greatly appreciated. I am running Ubuntu 16.04 on a custom 1vCPU 4.75gb ram setup.
I highly suspect that the port 25565 is already being used by another process. For this reason, you are unable to connect to it.
Try the following troubleshooting steps.
Type:
$ netstat -tulpn
This command will show a list of all processes running on their respective ports. If the port 25565 is there, take a look at the existing process running on it. You may then kill that process.
For more information on troubleshooting the processes running on port 25565, you may consult this article.
I was trying remote debug a webapp. Follows the instruction on this jetty document . I got java process like this.
jetty 9682 0.4 2.2 4433620 87568 ? Sl 15:52 0:03 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7.x86_64/jre/bin/java -Xdebug -agentlib:jdwp=transport=dt_socket,address=12000,server=y,suspend=n -Djava.io.tmpdir=/tmp -Djetty.home=/opt/jetty -Djetty.base=/opt/jetty
But the process only listens on 0.0.0.0.
Here is the output of netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:12000 0.0.0.0:* LISTEN
So i can't connect this port on other IP.
My questions how this happen and how to fix it?
EDIT: I was wrong. I was confused by the output of netstat. Because the output of port 8080 is
tcp 0 0 :::8080 :::* LISTEN
I finally realized this may caused by the firewall. I solved the problem by add this port to iptables.
0.0.0.0 means "all IPv4 addresses on the local machine". If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs.
From: https://en.wikipedia.org/wiki/0.0.0.0
More info at Is binding to 0.0.0.0 in Java guaranteed to bind to all network interfaces?