I've a Raspberry Pi 3 Model B. I would like to send data from raspberry to host. I use python program with socket package.
I've problem when my raspberry is client and my laptop is server.
I got next error:
OSError: [Errno 113] No route to host
Code client.py:
import socket
HOST = '192.168.0.107'
PORT = 5353
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((HOST, PORT))
s.send(b'Hello, world')
data = s.recv(1024)
print('Received', repr(data))
server.py:
hostname = socket.gethostname()
HOST = socket.gethostbyname(hostname)
print(HOST)
PORT = 5353
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.bind(('', PORT))
s.listen(1)
conn, addr = s.accept()
with conn:
print('Connected by', addr)
print(conn)
while True:
data = conn.recv(1024)
print(data)
if not data: break
conn.sendall(data)
ifconfig on server:
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.107 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::ab65:70bf:9921:1d4b prefixlen 64 scopeid 0x20<link>
ether 18:31:bf:51:9d:9c txqueuelen 1000 (Ethernet)
RX packets 213759 bytes 177479962 (169.2 MiB)
RX errors 0 dropped 27 overruns 0 frame 0
TX packets 144335 bytes 25485658 (24.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 43423 bytes 3729254 (3.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43423 bytes 3729254 (3.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
When I swap them i.e. raspberry becomes a server then all messages are send
raspberry: sudo ufw status
Status: active
To Action From
-- ------ ----
SSH ALLOW Anywhere
OpenSSH ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
443/tcp ALLOW Anywhere
5353 ALLOW Anywhere
5353/tcp ALLOW Anywhere
SSH (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
5353 (v6) ALLOW Anywhere (v6)
5353/tcp (v6) ALLOW Anywhere (v6)
raspberry: netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
udp 0 0 0.0.0.0:33841 0.0.0.0:*
udp 0 0 0.0.0.0:53 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::48624 :::*
udp6 0 0 :::53 :::*
udp6 0 0 :::5353 :::*
I think my problem is that port 5353 is not open on tcp. But the command
sudo ufw allow 5353/tcp
does not help.
Also, I reset my ufw's rules:
sudo ufw reset
added new rules like
sudo ufw allow SSH
sudo ufw allow OpenSSH
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 5353/tcp
and I disabled and enabled ufw.
It's not worked.
SOLVED:
My host machine is Fedora. Fedora has its own firewall: link
My action in host:
sudo firewall-cmd --state
>> running
firewall-cmd --list-ports
>> [empty]
sudo firewall-cmd --add-port=5353/tcp --timeout 15m
>> success
firewall-cmd --list-ports
>> 5353/tcp
Then I launched the client on raspberry and got the data. Yippee!
Related
I'm trying to setup a VPN to access my cluster's workloads without setting public endpoints.
Service is deployed using the OpenVPN helm chart, and kubernetes using Rancher v2.3.2
replacing L4 loadbalacer with a simple service discovery
edit configMap to allow TCP to go through the loadbalancer and reach the VPN
What does / doesn't work:
OpenVPN client can connect successfully
Cannot ping public servers
Cannot ping Kubernetes services or pods
Can ping openvpn cluster IP "10.42.2.11"
My files
vars.yml
---
replicaCount: 1
nodeSelector:
openvpn: "true"
openvpn:
OVPN_K8S_POD_NETWORK: "10.42.0.0"
OVPN_K8S_POD_SUBNET: "255.255.0.0"
OVPN_K8S_SVC_NETWORK: "10.43.0.0"
OVPN_K8S_SVC_SUBNET: "255.255.0.0"
persistence:
storageClass: "local-path"
service:
externalPort: 444
Connection works, but I'm not able to hit any ip inside my cluster.
The only ip I'm able to reach is the openvpn cluster ip.
openvpn.conf:
server 10.240.0.0 255.255.0.0
verb 3
key /etc/openvpn/certs/pki/private/server.key
ca /etc/openvpn/certs/pki/ca.crt
cert /etc/openvpn/certs/pki/issued/server.crt
dh /etc/openvpn/certs/pki/dh.pem
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto tcp
port 443
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
push "route 10.42.2.11 255.255.255.255"
push "route 10.42.0.0 255.255.0.0"
push "route 10.43.0.0 255.255.0.0"
push "dhcp-option DOMAIN-SEARCH openvpn.svc.cluster.local"
push "dhcp-option DOMAIN-SEARCH svc.cluster.local"
push "dhcp-option DOMAIN-SEARCH cluster.local"
client.ovpn
client
nobind
dev tun
remote xxxx xxx tcp
CERTS CERTS
dhcp-option DOMAIN openvpn.svc.cluster.local
dhcp-option DOMAIN svc.cluster.local
dhcp-option DOMAIN cluster.local
dhcp-option DOMAIN online.net
I don't really know how to debug this.
I'm using windows
route command from client
Destination Gateway Genmask Flags Metric Ref Use Ifac
0.0.0.0 livebox.home 255.255.255.255 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 256 0 0 eth0
192.168.1.17 0.0.0.0 255.255.255.255 U 256 0 0 eth0
192.168.1.255 0.0.0.0 255.255.255.255 U 256 0 0 eth0
224.0.0.0 0.0.0.0 240.0.0.0 U 256 0 0 eth0
255.255.255.255 0.0.0.0 255.255.255.255 U 256 0 0 eth0
224.0.0.0 0.0.0.0 240.0.0.0 U 256 0 0 eth1
255.255.255.255 0.0.0.0 255.255.255.255 U 256 0 0 eth1
0.0.0.0 10.240.0.5 255.255.255.255 U 0 0 0 eth1
10.42.2.11 10.240.0.5 255.255.255.255 U 0 0 0 eth1
10.42.0.0 10.240.0.5 255.255.0.0 U 0 0 0 eth1
10.43.0.0 10.240.0.5 255.255.0.0 U 0 0 0 eth1
10.240.0.1 10.240.0.5 255.255.255.255 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 256 0 0 lo
127.0.0.1 0.0.0.0 255.255.255.255 U 256 0 0 lo
127.255.255.255 0.0.0.0 255.255.255.255 U 256 0 0 lo
224.0.0.0 0.0.0.0 240.0.0.0 U 256 0 0 lo
255.255.255.255 0.0.0.0 255.255.255.255 U 256 0 0 lo
And finally ifconfig
inet 192.168.1.17 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2a01:cb00:90c:5300:603c:f8:703e:a876 prefixlen 64 scopeid 0x0<global>
inet6 2a01:cb00:90c:5300:d84b:668b:85f3:3ba2 prefixlen 128 scopeid 0x0<global>
inet6 fe80::603c:f8:703e:a876 prefixlen 64 scopeid 0xfd<compat,link,site,host>
ether 00:d8:61:31:22:32 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.240.0.6 netmask 255.255.255.252 broadcast 10.240.0.7
inet6 fe80::b9cf:39cc:f60a:9db2 prefixlen 64 scopeid 0xfd<compat,link,site,host>
ether 00:ff:42:04:53:4d (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 1500
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0xfe<compat,link,site,host>
loop (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
For anybody looking for a working sample, this is going to go into your openvpn deployment along side your container definition:
initContainers:
- args:
- -w
- net.ipv4.ip_forward=1
command:
- sysctl
image: busybox
name: openvpn-sidecar
securityContext:
privileged: true
Don't know if it is the RIGHT answer.
But I got it to work by adding a sidecar to my pods to execute
net.ipv4.ip_forward=1
which solved the issue
You can set ipForwardInitContainer option to "true" in values.yaml
Having a time trying to connect to a PostgreSQL database on Ubuntu 18.04 server.
Here is my:
postgresql.conf file:
port=5432
listen_addresses='*'
pg_hba.conf:
host all all 0.0.0.0/0 md5
firewall is currently disabled
here is the output when I did the command (saw in another thread to do this...):
sudo netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 608/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 842/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2922/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1055/master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 867/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 842/sshd
tcp6 0 0 :::25 :::* LISTEN 1055/master
tcp6 0 0 :::80 :::* LISTEN
I have restarted postgresql each when making a change using the command:
sudo service postgresql restart.
I have tried to access the db using the python library psycopg2 on macOS and getting this error
could not connect to server: Connection refused
Is the server running on host "<ip_address>" and accepting
TCP/IP connections on port 5432?
What am I missing?
From the netstat output it is obvious that you didn't restart PostgreSQL after changing listen_addresses.
When no SSL configs applied :
pg_hba.conf
host database user 0.0.0.0/0 scram-sha-256
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’
ssl_key_file = ‘/wtc/ssl/private/ssl-cert-snakeoil.key’
I get : netstat -nltp
smadmin#studymatepro:~$ sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 3780/postgres
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
tcp6 0 0 :::5432 :::* LISTEN 3780/postgres
smadmin#studymatepro:~$
you can see the remote tcp/ip on port 5432 ; and can get SSL connection (server side authentication only)
Now , when I configure SSL , and add client.crt,client.key & root.crt to the client machine :
pg_hba.conf
hostssl database user 0.0.0.0/0 scram-sha-256 clientcert=1
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/server.crt’ // my self signed crt
ssl_key_file = ‘/etc/ssl/private/server.key’
ssl_ca_file = ‘/etc/ssl/certs/rootCert.crt’
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
password_encryption = scram-sha-256
and do : netstat -nltp ; I get
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
The remote TCP/IP on port 5432 gone !!! and thats why I’m getting the connection refused since remote port 5432 are no longer active .
The question is why this happined ...I’m I doing some wrong ?
I have postgreSQL runiing on my google cloud instance and i added firewall rule "tcp 5432" on Google cloud firewall but still i am unable to connect, even telnet is not working.
officetaskpy#instance-1:/etc/postgresql/9.5/main$ netstat -ntpl
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5910 0.0.0.0:* LISTEN 9020/Xvnc
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:44801 0.0.0.0:* LISTEN 16023/phantomjs
tcp 0 0 0.0.0.0:53619 0.0.0.0:* LISTEN 812/phantomjs
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
Result of netstat command
Above is my firewall rule. Is there anything which i am missing here.
I am running a logstash shipper, rsyslog sends logs to logstash on port 5140, I can confirm the packets are arriving with:
tcpdump -vvv -A -i any port 5140
I have logstash configured like so:
input {
udp {
type => "syslog"
port => 5140
}
}
filter { }
output {
stdout {
codec => rubydebug
}
redis {
host => "172.30.114.151"
key => "logstash"
port => "6379"
data_type => "list"
}
}
I have also tried the following on for the input:
input {
syslog {
port => 5140
}
}
Which netstat shows tcp Listen but not udp.
I have disabled ipv6 for logstash with the following flag:
_JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true
When I run:
netstat -tulpan
I get:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1191/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2135/master
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 7593/rsyslogd
tcp 0 0 172.26.33.182:22 172.30.230.152:47975 ESTABLISHED 2260/sshd:
tcp 0 0 172.26.33.182:22 172.30.230.151:42811 ESTABLISHED 6781/sshd:
tcp6 0 0 :::22 :::* LISTEN 1191/sshd
tcp6 0 0 :::4440 :::* LISTEN 1296/java
tcp6 0 0 ::1:25 :::* LISTEN 2135/master
tcp6 0 0 :::514 :::* LISTEN 7593/rsyslogd
udp 0 0 0.0.0.0:5140 0.0.0.0:* 8499/java
udp 0 0 0.0.0.0:37934 0.0.0.0:* 653/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 653/avahi-daemon: r
Process 8499 is logstash. I have tried running as root and as well as other ports. I cannot seem to get logstash to "listen" on udp
I have also confirmed that the port is open and working with:
telnet <ipaddress> 5140
Selinux is disabled:
sestatus
SELinux status: disabled
I need some help with this. I have searched and searched. I have looked into every other solution I have come across with no luck. This may seem like a duplicate. However, the other solutions are not working for me. This is a centos installation. Have also tried ports 514, 10514 to no avail.
You have to allow the port in firewall as centos comes up with default firewall which doesn't allow traffic to get to logstash input
Allow traffic on a specific port by following command:
firewall-cmd --zone=public --add-port=2888/tcp
disable firewall or stop service with following command:
systemctl disable firewalld
systemctl stop firewalld
**Disabling firewall can be a security concern but for experimental purposes you can give it a try