Unable to connect to COTURN server from localhost - google-chrome
I am new to webRTC and wanted to try it out. This is my setup below all of which are running on localhost. I am running the setup on MacOS
2 web clients on chrome browser
coturn server running on localhost
signalling mechanism done on server using socket.io lib which is also running on localhost
I am unable to get remote audio and video data on the web clients.
This is how I have installed coturn
brew install coturn
I have not done any custom configuration.
This is how I am running the coturn server
turnserver --no-auth --verbose
This is how I am running the web server
node index.js
This is the webRTC configuration in javascript which is executed on the Chrome browser
var pcConfig = { 'iceServers': [ { 'urls': 'turn:localhost:3478', 'credential': 'test', 'username': 'test' } ], iceTransportPolicy: "relay" };
This is the error I is see on chrome://webrtc-internals/ URL
icecandidateerror url: turn:localhost:3478?transport=tcp address: [0:0:0:x:x:x:x:x] port: 61077 host_candidate: [0:0:0:x:x:x:x:x]:61077 error_text: TURN allocate request timed out. error_code: 701
This is the coturn output log
0: log file opened: /var/tmp/turn_21094_2020-05-02.log
0: WARNING: Cannot find config file: turnserver.conf. Default and command-line settings will be used.
0: WARNING: Cannot find config file: turnserver.conf. Default and command-line settings will be used.
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 32767
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 16000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1d 10 Sep 2019 (0x1010104f)
0:
0: SQLite supported, default database location is /usr/local/Cellar/coturn/4.5.1.1_1/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 1 (UDP listening socket per session)
=====================================================
0: Domain name:
0: Default realm:
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: WARNING: cannot find certificate file: turn_server_cert.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
0: WARNING: cannot find private key file: turn_server_pkey.pem (1)
0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: ::1
0: Listener address to use: 192.168.0.10
0: Listener address to use: 2601:647:4001:73e0:83:ba63:ccbf:4787
0: Listener address to use: 2601:647:4001:73e0:983b:50cc:a7b8:c474
0: Listener address to use: 172.131.240.199
0: Listener address to use: 2001:4998:effd:7801::1041
0: =====================================================
0: Total: 5 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.0.10
0: Relay address to use: 172.131.240.199
0: Relay address to use: 2601:647:4001:73e0:83:ba63:ccbf:4787
0: Relay address to use: 2601:647:4001:73e0:983b:50cc:a7b8:c474
0: Relay address to use: 2001:4998:effd:7801::1041
0: =====================================================
0: Total: 5 relay addresses discovered
0: =====================================================
Cannot create pid file: /var/run/turnserver.pid: Permission denied
0: Cannot create pid file: /var/run/turnserver.pid
0: pid file created: /var/tmp/turnserver.pid
0: IO method (main listener thread): kqueue
0: IPv6: On this platform, I am using alternative behavior of TTL (HOPLIMIT) according to RFC 6156.
0: Wait for relay ports initialization...
0: relay 192.168.0.10 initialization...
0: relay 192.168.0.10 initialization done
0: relay 172.131.240.199 initialization...
0: relay 172.131.240.199 initialization done
0: relay 2601:647:4001:73e0:83:ba63:ccbf:4787 initialization...
0: relay 2601:647:4001:73e0:83:ba63:ccbf:4787 initialization done
0: relay 2601:647:4001:73e0:983b:50cc:a7b8:c474 initialization...
0: relay 2601:647:4001:73e0:983b:50cc:a7b8:c474 initialization done
0: relay 2001:4998:effd:7801::1041 initialization...
0: relay 2001:4998:effd:7801::1041 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): kqueue
0: turn server id=0 created
0: IO method (general relay thread): kqueue
0: turn server id=1 created
0: IO method (general relay thread): kqueue
0: turn server id=2 created
0: IO method (general relay thread): kqueue
0: turn server id=3 created
0: IO method (general relay thread): kqueue
0: turn server id=4 created
0: IO method (general relay thread): kqueue
0: turn server id=5 created
0: IO method (general relay thread): kqueue
0: turn server id=6 created
0: IO method (general relay thread): kqueue
0: turn server id=7 created
0: IO method (general relay thread): kqueue
0: turn server id=8 created
0: IO method (general relay thread): kqueue
0: turn server id=9 created
0: IO method (general relay thread): kqueue
0: turn server id=10 created
0: IO method (general relay thread): kqueue
0: turn server id=11 created
0: IPv4. UDP listener opened on: 127.0.0.1:3478
0: IPv4. UDP listener opened on: 127.0.0.1:3479
0: IPv6. UDP listener opened on: ::1:3478
0: IPv6. UDP listener opened on: ::1:3479
0: IPv4. UDP listener opened on: 192.168.0.10:3478
0: IPv4. UDP listener opened on: 192.168.0.10:3479
0: IPv6. UDP listener opened on: 2601:647:4001:73e0:83:ba63:ccbf:4787:3478
0: IPv6. UDP listener opened on: 2601:647:4001:73e0:83:ba63:ccbf:4787:3479
0: IPv6. UDP listener opened on: 2601:647:4001:73e0:983b:50cc:a7b8:c474:3478
0: IPv6. UDP listener opened on: 2601:647:4001:73e0:983b:50cc:a7b8:c474:3479
0: IPv4. UDP listener opened on: 172.131.240.199:3478
0: IPv4. UDP listener opened on: 172.131.240.199:3479
0: IPv6. UDP listener opened on: 2001:4998:effd:7801::1041:3478
0: IPv6. UDP listener opened on: 2001:4998:effd:7801::1041:3479
socket: Protocol not supported
0: IPv4. TCP listener opened on : 127.0.0.1:3478
socket: Protocol not supported
0: IPv4. TCP listener opened on : 127.0.0.1:3479
socket: Protocol not supported
0: IPv6. TCP listener opened on : ::1:3478
socket: Protocol not supported
0: IPv6. TCP listener opened on : ::1:3479
socket: Protocol not supported
0: IPv4. TCP listener opened on : 192.168.0.10:3478
socket: Protocol not supported
0: IPv4. TCP listener opened on : 192.168.0.10:3479
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2601:647:4001:73e0:83:ba63:ccbf:4787:3478
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2601:647:4001:73e0:83:ba63:ccbf:4787:3479
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2601:647:4001:73e0:983b:50cc:a7b8:c474:3478
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2601:647:4001:73e0:983b:50cc:a7b8:c474:3479
socket: Protocol not supported
0: IPv4. TCP listener opened on : 172.131.240.199:3478
socket: Protocol not supported
0: IPv4. TCP listener opened on : 172.131.240.199:3479
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2001:4998:effd:7801::1041:3478
socket: Protocol not supported
0: IPv6. TCP listener opened on : 2001:4998:effd:7801::1041:3479
0: Total General servers: 12
0: IO method (auth thread): kqueue
0: IO method (auth thread): kqueue
0: IO method (auth thread): kqueue
0: IO method (auth thread): kqueue
0: IO method (auth thread): kqueue
0: IO method (auth thread): kqueue
0: IO method (admin thread): kqueue
0: SQLite DB connection success: /usr/local/Cellar/coturn/4.5.1.1_1/var/db/turndb
6: IPv6. tcp or tls connected to: ::1:51182
6: IPv6. tcp or tls connected to: ::1:51183
6: IPv6. tcp or tls connected to: ::1:51184
6: IPv6. tcp or tls connected to: ::1:51185
6: IPv6. Local relay addr: ::1:58105
6: IPv6. Local relay addr: ::1:52192
6: IPv6. Local relay addr: ::1:59628
6: session 003000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: IPv6. Local relay addr: ::1:53728
6: session 008000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 002000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 009000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: IPv6. tcp or tls connected to: ::1:51186
6: IPv6. tcp or tls connected to: ::1:51187
6: IPv6. tcp or tls connected to: ::1:51188
6: IPv6. tcp or tls connected to: ::1:51189
6: IPv6. Local relay addr: ::1:58982
6: session 002000000000000002: new, realm=<>, username=<>, lifetime=600
6: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
6: IPv6. Local relay addr: ::1:50091
6: IPv6. Local relay addr: ::1:64548
6: IPv6. Local relay addr: ::1:59514
6: session 007000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 004000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 005000000000000001: new, realm=<>, username=<>, lifetime=600
6: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
6: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
7: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
9: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
13: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
21: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
29: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 002000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 003000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 008000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 009000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 002000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 007000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 004000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
37: session 005000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
50: session 003000000000000001: TCP socket closed remotely [::1]:51182
50: session 003000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 003000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51182, reason: TCP connection closed by client (callback)
50: session 002000000000000001: TCP socket closed remotely [::1]:51183
50: session 002000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 003000000000000001: delete: realm=<>, username=<>
50: session 008000000000000001: TCP socket closed remotely [::1]:51184
50: session 008000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 008000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51184, reason: TCP connection closed by client (callback)
50: session 002000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51183, reason: TCP connection closed by client (callback)
50: session 009000000000000001: TCP socket closed remotely [::1]:51185
50: session 009000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 008000000000000001: delete: realm=<>, username=<>
50: session 002000000000000001: delete: realm=<>, username=<>
50: session 009000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51185, reason: TCP connection closed by client (callback)
50: session 009000000000000001: delete: realm=<>, username=<>
50: session 002000000000000002: TCP socket closed remotely [::1]:51186
50: session 007000000000000001: TCP socket closed remotely [::1]:51187
50: session 002000000000000002: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 004000000000000001: TCP socket closed remotely [::1]:51188
50: session 002000000000000002: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51186, reason: TCP connection closed by client (callback)
50: session 004000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 005000000000000001: TCP socket closed remotely [::1]:51189
50: session 007000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 002000000000000002: delete: realm=<>, username=<>
50: session 004000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51188, reason: TCP connection closed by client (callback)
50: session 005000000000000001: usage: realm=<>, username=<>, rp=9, rb=252, sp=9, sb=972
50: session 007000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51187, reason: TCP connection closed by client (callback)
50: session 004000000000000001: delete: realm=<>, username=<>
50: session 005000000000000001: closed (2nd stage), user <> realm <> origin <>, local [::1]:3478, remote [::1]:51189, reason: TCP connection closed by client (callback)
50: session 007000000000000001: delete: realm=<>, username=<>
50: session 005000000000000001: delete: realm=<>, username=<>
My understanding is Chrome browser is waiting for TURN server to response, but times out and closes the connection. Is this correct? If so why does the TURN server not respond ?
I am new to webRTC and don't know what I am supposed to look for. Can anyone please help on what I am doing wrong here or where am I supposed to look for the issue?
Note: If i remove iceTransportPolicy: "relay", I am able to get video and audio streams. Only when I enforce relay the streams do not get sent to the peer connections.
Related
Locked out of SSH terminal
I manated to lock myself out of SSH on an Canonical-Ubuntu-22.04 SSH always free server. do anyone know how i can get access back? PS C:\Users\mikel> ssh -i ~/.ssh/ssh-key-2022-10-19.key ubuntu#129.xxx.200.16 ssh: connect to host 129.xxx.200.16 port 22: Connection refused
ssh: connect to host 129.xxx.200.16 port 22: Connection refused means the remote host is sending the reject flags back, it can be due to firewall blocking ssh port iptables blocking port 22 security groups (Ingress, egress) blocking port 22 First check if you have allowed port 22 in console, if yes then login to instance via console connection and then try to debug 1,2 points
Can't connect to database: Host 'XX.XX.XX.XX' is not allowed to connect to this MySQL server [closed]
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 9 months ago.
Improve this question
I am trying to connect my database from my Perl program on linux, it is actually a work project. I need to fetch some values which are present in different tables.
The code I am using for the connection is below :
my $dbType = "mysql";
my $database = "trustid";
my $host="XXX.XX.X.XX";
my $dsn="";
my $userid="";
my $password="";
if($dbType eq "mysql") {
$dsn = "DBI:$dbType:database=$database;host=$host:port=3306";
$userid = "user_id";
$password = 'password';
} else {
$dbType = "postgres";
$userid = "postgres";
$password = "postgres";
$dsn = "DBI:$dbType:database=$database;host=$host,port=XXXX";
}
my $dbcon = DBI->connect($dsn, $userid, $password) or
die "Can't connect to database: $DBI::errstr\n";
print "connected to the database\n";
When I am trying to execute it by ./aa.pl it is showing the following error:
root#tc-lab-02:/home/abcdefgi/Ajay_POC/XL_Parsing# ./aa.pl
DBI connect('database=abcdefgi;host=XXX.XX.X.XX:port=XXXX','trusavc_sa',...) failed: Host 'YYY.YY.Y.YY' is not allowed to connect to this MySQL server at ./aa.pl line 40.
Can't connect to database: Host 'YYY.YY.Y.YY' is not allowed to connect to this MySQL server
I have changed the user to the root, still I am unable to make the connections.
You need to connect to localhost (instead of XXX.XX.X.XX) if the database server is local (i.e. on the same machine as the Perl program).
If the database is remote, you'll need to create a tunnel to that machine's localhost, or you'll need to adjust the MySQL server's configuration to accept connections from your machine.
When communicating over the internet, one doesn't communicate with a machine so much as with a network adapter on that machine. A machine might have multiple network adapters, each with its own network address. These logical network adapters correspond to physical network adapters (e.g. ethernet, wifi, etc) and to virtual network adapters (e.g. an interface between a host system and a VM hosted on that system).
All internet-capable systems have a special virtual adapter known as the loopback adapter. This is the one assigned the IP address to which localhost resolves (usually 127.0.0.1 [IPv4] and/or ::1 [IPv6]).
What's special about this adapter is that it can only be used to communicate with itself. This means two things:
When you communicate with localhost, you also communicate from localhost.
When you communicate to something other from localhost, you also from something other than localhost.
For security reasons, MySQL only authorizes connections from this interface by default. This ensures that you only expose your database to programs running on your system.
But because of the "rules" listed above, it means you must connect to localhost to access your database, not some other interface such as a your ethernet or wifi interface.
For example, consider a system with these interfaces:
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.241.85 netmask 255.255.240.0 broadcast 172.24.255.255
inet6 fe80::215:5dff:feef:f494 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:ef:f4:94 txqueuelen 1000 (Ethernet)
RX packets 620620 bytes 187701194 (187.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 179 bytes 12626 (12.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(This is from Linux. On Windows, you can use ipconfig, but newer version don't actually show the loopback adapter.)
If this machine runs MySQL with its default configuration, it will listen to all interfaces for connections. However, it will only authorize connection coming from 127.0.0.1 and from ::1.
This can be achieved by connecting to 127.0.0.1 or ::1, but it can't be achieved by connecting to 172.24.241.85 or fe80::215:5dff:feef:f494. The latter two would reach the MySQL server (since it listens to all interfaces on the machine), but it would reject the connection with the error message you obtained ("Host 'ADDRESS' is not allowed to connect to this MySQL server").
Can I use fail2ban behind router for mail server?
I'm running Docker on NAS in a home network behind a FritzBox router. Mail and web server are dockerized, external ports 22, 80, 443 are forwarded to the respektive ports on the NAS, Traefik serves as reverse proxy. While traefik works fine thanks for X-Forwarded headers and HTTP 1.1 Host headers, I'm unable to setup fail2ban to block excessive login attempts of rogue clients. Thanks to NAT on the router, the mail container always seems the router's IP as source. Server logs look like this: dovecot: auth: passwd-file(luv5#xn--...,172.19.0.1): unknown user (SHA1 of given password: 63f39e) postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 postfix/smtpd[1028]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server postfix/smtpd[1028]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 postfix/smtpd[1066]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server postfix/smtpd[1066]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 dovecot: auth: passwd-file(mathew#xn--...,172.19.0.1): unknown user (SHA1 of given password: 011c94) postfix/smtpd[2295]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 postfix/smtpd[2295]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36922 to [172.19.0.11]:25 postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36922 postfix/smtpd[1118]: connect from unknown[172.19.0.1] postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36948 to [172.19.0.11]:25 dovecot: auth: passwd-file(psycho#xn--...,172.19.0.1): unknown user (SHA1 of given password: 7c4a8d) postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36950 to [172.19.0.11]:25 postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36958 to [172.19.0.11]:25 postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36948 postfix/smtpd[2295]: connect from unknown[172.19.0.1] postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36950 postfix/smtpd[1066]: connect from unknown[172.19.0.1] Is there anything that can be done to get fail2ban to block based on IP address for SMTP behind NAT (except for using an "exposed host")?
Thanks to NAT on the router, the mail container always seems the router's IP as source. If you're able at all to capture from log/journal an originated IP (or something else identifying the intruder) in the filter, you could: write own failregex or filter capturing forwarded IP, session or username (something you can use as ID to identify intruder), then ... either try to implement a solution described in our wiki - How to ban something other as host (IP address), like user or mail, etc. or write some actions like https://github.com/fail2ban/fail2ban/blob/0.10/config/action.d/nginx-block-map.conf (banning intruder resp. rejecting its connection on web-server or mail-service side) or write your own action to notify your proxying service, in order to ban the originated IP on the other side (no idea traefik has something like that, but there is still open RFE about that - https://github.com/containous/traefik/issues/4026). Also note similar question - How to implement fail2ban with Traefik
IntelliJ/PyCharm: Connection to localhost MySQL failed
I am using PyCharm to connect to my local MySQL database running at localhost port 3306. Here's my JDBC url in the "Data Sources and Drivers" window as shown by PyCharm: jdbc:mysql://localhost:3306/mydb When I try to connect or click "Test Connection" I am getting this error in IntelliJ: Error: Connection to MySQL failed. Connection to Local MySQL failed. [08S01] Communications link failure. The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. I can connect to mysql using the command-line client just fine, it's just PyCharm that's not working. What am I doing wrong?
Make sure your MySQL isn't listening on IPv6 address. For some reason IntelliJ/PyCharm has problems when connecting to MySQL running on IPv6 address. To see what address your MySQL server is listening on, type: $ ss -ntl|grep 3306 LISTEN 0 80 [::1]:3306 [::]:* The [::1]:3306 part means it's listening on IPv6 address on localhost. To change to IPv4, open /etc/mysql/my.cnf and add/set the bind-address parameter in [mysqld] section to 127.0.0.1 instead of localhost: ... [mysqld] ... port = 3306 bind-address = 127.0.0.1 ... Then restart mysqld.service and you'll be able to connect via IntelliJ/PyCharm.
fail to ssh remote host with error message "Permission denied (publickey)"
Recently,I meet problem with ssh remote host. At first,I can ssh the remote host when the "PasswordAuthentication" parameter is "yes" in the /etc/ssh/sshd_config file. However,after I changing the "PasswordAuthentication" parameter to "no" in the /etc/ssh/sshd_config file,I fail to ssh remote host. I know my problem is about PublicKey,because I have these parameters in my /etc/ssh/sshd_config file: RSAAuthentication yes PubkeyAuthentication yes PermitRootLogin yes The result of "# ssh root#172.17.4.17 -VVV" looks like that, debug1: Server host key: RSA 8a:bb:7f:d0:61:69:cc:b2:a1:a0:16:be:52:c1:5c:94 debug3: load_hostkeys: loading entries for host "172.17.4.17" from file "/home/jundu/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/jundu/.ssh/known_hosts:12 debug3: load_hostkeys: loaded 1 keys debug1: Host '172.17.4.17' is known and matches the RSA host key. debug1: Found key in /home/jundu/.ssh/known_hosts:12 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/jundu/.ssh/id_rsa ((nil)) debug2: key: /home/jundu/.ssh/id_dsa ((nil)) debug2: key: /home/jundu/.ssh/id_ecdsa ((nil)) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/jundu/.ssh/id_rsa debug3: no such identity: /home/jundu/.ssh/id_rsa debug1: Trying private key: /home/jundu/.ssh/id_dsa debug3: no such identity: /home/jundu/.ssh/id_dsa debug1: Trying private key: /home/jundu/.ssh/id_ecdsa debug3: no such identity: /home/jundu/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). Permission denied (publickey)?I just don't know what does it mean.Can anyone provide me with some suggestions?Thank you in advance!
In some cases of using ssh, when we meet the issues about Permission denied (publickey)?, it means two things: 1) we are using ssh key-pairs to access remote host. 2) we never let remote host know our local host's public key and don't have a private key to access. Solutions: step1: copy a public key to remote host(usually in ~/.ssh/authorized_key) step2: paste the corresponding private key in local host's ~/.ssh/id_rsa(or id_dsa)