I don't know what's wrong, I just changed /etc/httpd/conf/httpd.conf and now I can't access it from non-loopback address.
After the change:
Listen 2999
<VirtualHost *:*>
DocumentRoot "/var/www/html"
</VirtualHost>
Output of lsof -i:2999
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 23989 root 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24001 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24002 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24003 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24004 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24005 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24006 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24007 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
httpd 24008 apache 4u IPv4 27581116 TCP *:remoteware-un (LISTEN)
I can access apache using nc localhost 2999 or w3m http://localhost:2999
But I can't access 2999 port using my ip or dns. I can access other ports using my ip or DNS.
I don't have an idea what's wrong. Iptables isn't blocking that port.
EDIT: Okay, iptables was actually blocking that port. I tried service stop iptables and I could access it.
If you are using an external router you should forward the new port to the server.
If you are not using an external router then be sure that you don't have iptables configured to only accept connections from localhost.
Related
I've created an openshift 3.11 3 node cluster, 2 of which are compute
nodes. I've installed storageos on this cluster. One of the compute
nodes seems fine with the storageos installation, however the 2nd
compute node can't reach the 1st node. It appears that the error
is routing related.
the 2nd node will not route to the 1st node it appears.
[root#cortado-o1 standard]# oc get pod -n storageos
NAME READY STATUS RESTARTS AGE
storageos-47qgc 1/1 Running 0 6m
storageos-6bqqp 0/1 Running 3 7m
[root#cortado-o2 ~]# netstat -na | grep 5705
tcp6 0 0 :::5705
[root#cortado-o3 ~]# netstat -na | grep 5705
tcp 0 0 192.168.0.101:43588 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43548 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43522 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43458 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43628 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43602 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43562 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43502 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43476 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43412 192.168.0.101:5705 TIME_WAIT
tcp 0 0 192.168.0.101:43430 192.168.0.101:5705 TIME_WAIT
tcp6 0 0 :::5705 :::* LISTEN
[root#cortado-o3 ~]# !nc
nc 192.168.0.102 5705
Ncat: No route to host.
[root#cortado-o3 ~]# hostname --ip-address
192.168.0.101
time="2018-11-13T04:24:38Z" level=error msg="failed to join existing cluster" action=create category=etcd endpoint="192.168.0.102,192.168.0.101" error="Get http://192.168.0.102:5705/v1/members: dial tcp 192.168.0.102:5705: connect: no route to host" module=cp
time="2018-11-13T04:24:38Z" level=info msg="not first cluster node, joining first node" action=create address=192.168.0.101 category=etcd host=cortado-o3 module=cp target=192.168.0.101
time="2018-11-13T04:24:38Z" level=error msg="failed to join existing cluster" action=create category=etcd endpoint="192.168.0.102,192.168.0.101" error="503 Service Unavailable" module=cp
time="2018-11-13T04:24:38Z" level=info msg="retrying cluster join in 5 seconds..." action=create category=etcd module=cp
any suggestions? many thanks.
I can see on your netstat output that StorageOS is bound to the port, not that they can communicate. In fact the Ncat shows that there is no route to host, so they can't connect. StorageOS needs to be able to communicate among its nodes.
The StorageOS docs have a reference about the prerequisites of the ports and how to open them. https://docs.storageos.com/docs/prerequisites/firewalls
It depends on your OpenShift installation if you use ufw, firewalld or straight ip tables.
For ufw try this:
ufw default allow outgoing
ufw allow 5701:5711/tcp
ufw allow 5711/udp
For firewalld try this:
firewall-cmd --permanent --new-service=storageos
firewall-cmd --permanent --service=storageos --add-port=5700-5800/tcp
firewall-cmd --add-service=storageos --zone=public --permanent
firewall-cmd --reload
For straight iptables:
# Inbound traffic
iptables -I INPUT -i lo -m comment --comment 'Permit loopback traffic' -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -m comment --comment 'Permit established traffic' -j ACCEPT
iptables -A INPUT -p tcp --dport 5701:5711 -m comment --comment 'StorageOS' -j ACCEPT
iptables -A INPUT -p udp --dport 5711 -m comment --comment 'StorageOS' -j ACCEPT
# Outbound traffic
iptables -I OUTPUT -o lo -m comment --comment 'Permit loopback traffic' -j ACCEPT
iptables -I OUTPUT -d 0.0.0.0/0 -m comment --comment 'Permit outbound traffic' -j ACCEPT
Check also the troubleshooting page of storageos for this particular issue.
https://docs.storageos.com/docs/platforms/openshift/troubleshoot/install#peer-discovery---networking
In addition, less than 3 node cluster is not supported. You can have 1 node for testing or 3+. But having 2 nodes makes impossible to ensure quorum in a distributed environment unless you use StorageOS pointing the kv store to a external etcd.
Hello I've an issue on MySQL I can't connect to it remotely, I already looked for the answers posted here but none of them works for me!
This is the Error Message when I trying to connect to mysql
$> mysql -u user01 -h x.x.x.x -p
ERROR 2003 (HY000): Can't connect to MySQL server on 'x.x.x.x' (110)
Telnet
[root#machine2 ~]# telnet x.x.x.x 3306
Trying x.x.x.x...
telnet: connect to address x.x.x.x: Connection timed out
This the IPTABLES file
#Generated by iptables-save v1.4.7 on Thu Jan 4 21:58:18 2018
*filter
:INPUT ACCEPT [56:6256]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:3538]
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i lo -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
COMMIT
#Completed on Thu Jan 4 21:58:18 2018
-- I already create a user
CREATE USER 'user' IDENTIFIED BY 'pass';
GRANT ALL PRIVILEGES ON *.* TO 'user';
FLUSH PRIVILEGES;
and this is my.cnf file
#For advice on how to change settings please see
#http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
port=3306
skip-name-resolve
skip-external-locking
innodb_buffer_pool_size=3G
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
and My port 3306 is already open
[root#localhost ~]# netstat -petulan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 12889 2056/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 13930 2441/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 13141 2133/cupsd
tcp 0 0 0.0.0.0:32895 0.0.0.0:* LISTEN 29 12977 2078/rpc.statd
tcp 0 0 x.x.x.x:22 x.x.x.x:49964 ESTABLISHED 0 7891927 4453/sshd
tcp 0 64 x.x.x.x:22 x.x.x.x:50203 ESTABLISHED 0 7892871 4482/sshd
tcp 0 0 :::3306 :::* LISTEN 27 7896831 6648/mysqld
tcp 0 0 :::111 :::* LISTEN 0 12892 2056/rpcbind
Is there something here wrong ?, thank you !
I'm using CentOS 6.9
I'm trying to connect to MySQL remotely with pymysql and I'm getting the error message:
(2003, "Can't connect to MySQL server on 'ip address' ([WinError 10061]
No connection could be made because the target machine actively refused it)")
In my my.cnf file I've got bind-address set to 0.0.0.0 and skip-networking isn't there.
Running "sudo netstat -atn" shows port 3306 is only listening on localhost:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
My firewall allowing traffic from 3306:
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/udp ALLOW Anywhere
80/udp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
443/udp ALLOW Anywhere
3306/tcp ALLOW Anywhere
3306/udp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
22/udp (v6) ALLOW Anywhere (v6)
80/udp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
443/udp (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
3306/udp (v6) ALLOW Anywhere (v6)
I've restarted everything multiple times. I don't think its a MySQL authentication issue. I've got my users host set to '%'. How do I set the server to listen to any address on 3306, not just 127.0.0.1?
Edit:
Here's the output from 'ps auxf | grep mysqld
':
root 15493 0.0 0.4 11988 2072 pts/0 S+ 12:25 0:00 \_
grep --color=auto mysqld
root 25057 0.0 0.3 4448 1540 tty1 S Jun13 0:00 \_
/bin/sh /usr/bin/mysqld_safe --skip-grant-tables
mysql 25415 0.1 8.8 821124 44224 tty1 Sl Jun13 8:04 \_
/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-
dir=/usr/lib/mysql/plugin --user=mysql --skip-grant-tables --log-
error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --
socket=/var/run/mysqld/mysqld.sock --port=3306
mysql 15361 0.2 7.4 380788 37416 ? Ssl 12:24 0:00
/usr/sbin/mysqld
15042 0.0 7.4 380788 37164 ? Ssl 12:21 0:00 /usr/sbin/mysql
d
10061 is WSAECONNREFUSED, 'connection refused', which means either a firewall (unlikely) or more probably nothing listening at the IP:port you tried to connect to.
When I use the below command, I am able to redirect from port 3000 to port 80, but I need to redirect to port 80 when a request is for any other port.
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
Try this command , this will helpfull.
pass in on tl0 proto tcp from any to any port 5000:5500 \ rdr-to 192.168.1.20
referred from this link
I'm trying to configure an SSH tunnel to bypass the mysql calls over a remote DB (remote_mysql_server) by a host that has access to it (remote_host), but I don't know what's the difference between (notice the colon : before the local port):
> ssh -f username#remote_host -L 3306:remote_mysql_server:3306 -N
> lsof -i :3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 16797 vagrant 4u IPv6 31697 0t0 TCP localhost:mysql (LISTEN)
ssh 16797 vagrant 5u IPv4 31698 0t0 TCP development:mysql (LISTEN)
and
> ssh -f username#remote_host -L :3306:remote_mysql_server:3306 -N
> lsof -i :3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 16805 vagrant 4u IPv6 31697 0t0 TCP *:mysql (LISTEN)
ssh 16805 vagrant 5u IPv4 31698 0t0 TCP *:mysql (LISTEN)
Both of them work for me to execute the mysql -h 127.0.0.1 -u dbusername -pPasswordDB database.
The format of -L option is:
-L [bind_address:]port:host:hostport
The bind_address: part is optional and if it is missing the tunnel binds to localhost only (the default behavior can be changed using GatewayPorts option in ssh configuration). But if you specify it, it binds to what you specify or to all interfaces if you use empty bind_address or *.