Background: I've been connecting to MySql from Windows to an Ubuntu VM through putty's ssh tunnel for years now, and it's worked great.
2 weeks ago I started up a new Ubuntu 16.06 amd64 VM, put the latest MariaDb on it, and everything worked as before. Workbench worked, and my code was able to connect through the tunnel as well.
Last week, the connection somehow became unstable. It would not connect anymore, and timeouts would occur 100% of the time until it mysteriously started working again. Even now, at the beginning of writing this question, it was not working. Now it is. It has sometimes not worked when ufw was disabled completely. Does anyone know what is going on? Are there timeouts or cooldowns on the various pieces that I'm not aware of? I've restarted the service countless times, and the VM many times as well.
Configuration:
my.cnf:
bind-address = 127.0.0.1
ufw:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
3306 on lo ALLOW IN Anywhere
127.0.0.1 3306/tcp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
3306 (v6) on lo ALLOW IN Anywhere (v6)
Related
The above one seems like an easy question, but believe me I have tried multiple methods but all seems to be in vain
For example : Port is 8080
1st - I followed many oracle docs and tried opening port 8080, but failed miserably
2nd - I followed another stack overflow posts - Opening port 80 on Oracle Cloud Infrastructure Compute node
Opening port 19132 on an Oracle compute instance (ubuntu-20.04)
still no success
3rd - I followed these oracle instructions and tried to open up the port - https://docs.cloud.oracle.com/en-us/iaas/developer-tutorials/tutorials/apache-on-ubuntu/01oci-ubuntu-apache-summary.htm
but not working -> to my surprise, when I tried port no 80 with the same method,it worked well..but not working for any other port at all
In short : ** I enabled port 8080 in Security rules in VNC - didnt work
** I tried ,installing firewalld and allowing through that -> didnt work for me
** Tried this -> didnt work
iptables -I INPUT 5 -i ens3 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
So I was hoping someone else can find me a solution Please to open up a port, or is there any way to completely disable my firewall so that I can use any port at all - currently I am able to listen to only port 80 from outside
Thank you
Ubuntu images in Oracle Cloud seem to have this 'strange' (compared to other clouds) behavior by default where you need to explicitly enable incoming traffic in the VM:
sudo iptables -I INPUT -j ACCEPT
Then you need to make this permanent:
sudo iptables-save -f /etc/iptables/rules.v4
To open a certain port it may require creating a security application specific to the port before creating the security rule. Please refer to this walkthru on it if you haven't already - https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/compute/permitting_public_tcp_traffic_to_compute_instances/permitting_public_tcp_traffic_to_compute_instances.html
I am using Oracle Linux and this worked for me.
First add a new rule inside the default security list(see the link below)
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --reload
Reference : OCI: Amend Firewall Rules
In your case, you have Ubuntu instead of Oracle Linux, so you could try the above two commands as per Ubuntu and check if it works.
I'm trying to setup the group replication plugin I specified all settings in /etc/mysql/my.cnf and did the appropriate firewall rules: However I cannot connect to the remote server. There are two different public IP address servers and not a local machine.
The ufw output settings on the target server: Iptables is not installed.
To Action From
-- ------ ----
33061 ALLOW IN Anywhere
3306 ALLOW IN Anywhere
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80,443/tcp ALLOW IN Anywhere
33061/tcp ALLOW IN Anywhere
33061 (v6) ALLOW IN Anywhere (v6)
3306 (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80,443/tcp (v6) ALLOW IN Anywhere (v6)
33061/tcp (v6) ALLOW IN Anywhere (v6)
Error Log output
2018-05-25T17:36:41.825416Z 0 [Note] Plugin group_replication reported: 'XCom protocol version: 3'
2018-05-25T17:36:41.825460Z 0 [Note] Plugin group_replication reported: 'XCom initialized and ready to accept incoming connections on port 33061'
2018-05-25T17:36:41.912783Z 0 [ERROR] Plugin group_replication reported: '[GCS] Error on opening a connection to {remote IP}:33061 on local port: 33061.'
If i check the remote port I get:
root#li111-4:/etc/nginx/sites-available# nc -zv {remote IP} 33061
nc: connect to {remote IP} port 33061 (tcp) failed: Connection refused
I have been trying to setup Zabbix to monitor my 2 tomcat servers on 2 different Amazon EC2 machines, but in vain.
The Z on the host is green, however te JMX is red with these errors
- ZBX_TCP_READ() failed: [4] Interrupted system call
- Someother error [111] connection refused
and many such errors, one after another, in the sense I resolve an error to see one more new error popping up.
These are some assumptions
All the machines run Ubuntu 12.10 and later
Server's IP address: 66.55.12.120 (Runs Zabbix server v2.2.4 (revision 46772) (23 June 2014) )
Agent's IP address: 87.52.45.198 ( Runs Zabbix agent v2.2.2 (revision 42525) (12 February 2014) )
My local machine's IP address: 76.89.54.111
Here is what I've done so far.
On Server Side:
1) Installed Zabbix_server using sudo apt-get install zabbix-server-mysql.
2) The GUI, mysql database all have been installed and configured.
3) The following are the only 3 changes that I've made in the file /etc/zabbix/zabbix_server.conf
...
JavaGateway=localhost
JavaGatewayPort=10052
StartJavaPollers=5
...
4) The Zabbix Java gateway was installed using sudo apt-get install zabbix-java-gateway.
5) The following are the only 3 changes that I've made in the file
/etc/zabbix/zabbix_java_gateway.conf
...
LISTEN_IP="127.0.0.1"
LISTEN_PORT=10052
START_POLLERS=5
...
On Client Side:
1) Installed Zabbix Client using
sudo apt-get install zabbix-agent
2) The following are the only 3 changes that I've made in the file
/etc/zabbix/zabbix_agentd.conf
...
Server=66.55.12.120
StartAgents=5
ServerActive=66.55.12.120:10051
Hostname=Security-test-JMX-EC2
... <br />
3) The Hostname is the same as the one that is mentioned while creating the Host on the GUI.
I believe that there are some issues with the IP and ports. So, here are the outbound rules for both the machines as obtained from Amazon EC2 Security Groups for the machines
OUTBOUND RULES for SERVER SECURITY GROUP:
Type Protocol Port Source Reasoning
Custom- TCP 8080 0.0.0.0/0
TCP Rule
All ICMP All N/A 0.0.0.0/0
Custom- TCP 10052 27.52.52.128/32 For access from Agent
TCP Rule
Custom- TCP 8081 76.84.120.130/32 To access Zabbix GUI from-
TCP Rule -my local machine's web browser
Custom- TCP 10051 27.52.52.128/32 As the agent responds to-
TCP Rule -the server on Port 10051TCP Rule-
-Must allow inbound communications-
- from the agent.
Custom- TCP 11000 27.52.52.128/32 The agent's JMX reporting-
TCP Rule -happens on port 11000(not on 12345).
OUTBOUND RULES for CLIENT SECURITY GROUP:
Type Protocol Port Source
HTTPS TCP 443 0.0.0.0/0
Custom- TCP 10050 66.55.12.120/32
TCP Rule
Custom- TCP 10052 66.55.12.120/32
TCP Rule
Custom- TCP 11000 66.55.12.120/32
TCP Rule
HTTP TCP 80 76.89.54.111/32
Custom- TCP 8080 76.89.54.111/32
TCP Rule
Custom- TCP 8443 76.89.54.111/32
TCP Rule
What am I missing? Please guide me.
Any help is appreciated.
Thanks
Goutham
If you can, then run VisualVm (probably using a tunneled X session) on the zabbix host, and see if you can connect to the target JVM with that. If you can't connect from that, you won't be able to connect from Zabbix.
Try with the following CATALINA_OPTS, replacing with the IP on the target that you want JMX to listen on:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.local.only=falseom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<LOCAL_IP>"
This will disable all JMX security so be aware!
Once you hopefully get it to connect, the "Tomcat JMX" items in Zabbix are also all incorrect! e.g.
Incorrect Zabbix default:
jmx["Catalina:type=GlobalRequestProcessor,name=http-8080",bytesReceived]
Correct entry:
jmx["Catalina:type=ThreadPool,name=\"http-bio-8080\"", bytesReceived]
Note the escaped quotes and incorrect thread name. Add the Mbeans plugin to VisualVM, and use that to browse the MBeans on the target VM, and check the Zabbix names.
It does work eventually, but is a real pain to setup. Zabbix is however one of the few open source monitoring tools that supports JMX at all!
By default, JMX does not work very well with firewalls. You might find related bug reports on Zabbix tracker useful: ZBX-5326 and ZBX-6815. The first one contains a workaround for Tomcat which might work for you.
#gvatreya wrote:
Server: (Runs Zabbix server)
Agent: (Runs Zabbix agent)
It looks like you have to start Zabbix Java gateway as well on host where it is installed (it is a daemon/service).
I configured as follows:
Server: (Runs Zabbix server, Zabbix Java gateway)
Agent: (Runs Zabbix agent)
I think it is possible to install it on a dedicated host.
Have you tried adding -Djava.net.preferIPv4Stack=true to the VM options?
to make it work add next java_opts to your tomcat startup script
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.port=2345
-Dcom.sun.management.jmxremote.rmi.port=12345
-Djava.rmi.server.hostname=<tomcat_hostname>
I have a problem here that I had my XAMP up and running, I installed ZEND Framework, ZEND Server and ZEND Studio into my system. Now the problem is that localhost is not working. I researched to find out that both can be on a pc and run but I will have to choose between the apache for the two. I stopped the services of Apache Zend but my localhost did not start.
I also checked the error log of apache the last entry is of Today i.e. Tue 10:28am. and XAMP control panel just displays cannot start apache service.
I have changed the apache config file by changing the localhost server port to 8080 instead of 80. But no success yet. MYSQL is also shutting down unexpectedly.
Any help is appreciated.
I have a same problem when I installed Skype. Skype by default use 80 port number. So you can change it from Skype`s options. For more info see this link..
http://www.youtube.com/watch?v=n7wj1aaNwbU
Try to run this below command in cmd prompt
netstat -ano|find "port no"
Eg:
netstat -ano|find "3306"
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 5164
TCP [::]:3306 [::]:0 LISTENING 5164
You could even use the pid number and check in windows task manager who is utilizing these pid so that you would come to know the exact process name
Please provide error log file if possible.
I am having Port Problem.
Whenever I start Apache then it give me this error:
Busy - Apache Started [port 80]
And When i start Mysql then Folowing Error Appears:
Busy - ERROR: Mysql service not started [-1]
Please Anyone tell me that how to resolve this problem.
Waiting for Replies.
Thanks in Advance
Open cports.exe (http://www.nirsoft.net/utils/cports.html), find in the column Local Port the port 80. Thus, you will know which program uses this port and you will be able to kill it.
For most people, port 80 is occupied by Skype by default. Simply uninstall Skype and port 80 will be freed. Apache should then work.
Try to run this below command in cmd prompt
netstat -ano|find "port no"
Eg:
netstat -ano|find "3306"
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 5164
TCP [::]:3306 [::]:0 LISTENING 5164
You could even use the pid number and check in windows task manager who is utilizing these pid so that you would come to know the exact process name
Please provide error log file if possible.
Major issue comes if you are using skype . Just change the connection port no and restart skype and try to start apache
You should search then you ask question because this question has been asked. You need to go to C:\xampp\apache\conf edit httpd.conf file and change
Listen 80
to
Listen 8081
or another number then you restart apache.
other links
Configure apache to listen on port other than 80
Edit the httpd file
#Listen 12.34.56.78:80
Listen 80
to something like this
#Listen 12.34.56.78:80
Listen 8080
Just make sure you use any port other than 80.
Check if any instances of mysqld.exe is running from task manager. If so kill it and start it from xampp control panel.
If you have skype running on your local computer it uses port 80 also. So port 80 can not allocate for MySQL. The solution is to stop running on skype and then start your xampp server. If it is also not working just try to uninstall skype and then again install your xampp server. This time probably can run MySQL.