I need to connect to my computer via ssh through Mikrotik router having a static IP address. Router config:
[admin#MikroTik] /ip firewall nat> print
0 chain=srcnat action=masquerade out-interface=ether1-gateway
1 chain=srcnat action=masquerade out-interface=bridge-local
2 chain=dstnat action=dst-nat to-addresses=192.168.1.18 to-ports=22
protocol=tcp dst-address-type=local dst-port=23
That's how I can connect from local router's web:
ssh user#192.168.1.18 -p 22 //directly
ssh user#192.168.1.1 -p 23 //router port forwarding
ssh user#109.173.41.*** -p 23 //router's static address
But now I try to connect from some other web with the last command - and it fails with timeout exception. What's the problem? Please tell I have to provide any more information about router configuration. Thank you!
Update:
firewall rules I do have, only rules 0, 1, 3, 4 show traffic:
[admin#MikroTik] /ip firewall filter> print
0 chain=forward action=accept connection-state=established
1 chain=forward action=accept connection-state=related
2 chain=forward action=accept protocol=igmp
3 chain=input action=accept protocol=icmp
4 chain=input action=accept connection-state=established
5 chain=input action=accept connection-state=related
6 chain=input action=accept protocol=udp dst-address=224.0.0.0/4 in-interface=ether1-gateway
7 chain=forward action=accept protocol=udp dst-address=224.0.0.0/4 in-interface=ether1-gateway out-interface=wlan1
8 chain=input action=accept protocol=udp dst-port=1001
9 chain=forward action=accept protocol=udp dst-port=5500
Some ISPs will block traffic to services on their customer's equipment in order to prevent them from running servers.
TCP port 23 is the well-known service port for the telnet daemon.
If your ISP is blocking the port, trying a few ports over 1024 may provide the connectivity that you are looking for.
Related
Avahi/mDNS is running by default on recent versions of Raspian. Great. Very convenient to just ssh pi#mypi.local.
I am doing development on a Mac and operating a local network of headless Raspberry Pis. Up until now, I was able to use mDNS to access the Pis, and the Pis used mDNS to connect to each other.
Today, I shifted the RPis to a private local network by setting them up on a wireless router unconnected to the internet. Once I join the private network, I am still able to access them via mDNS:
% ssh pi#scheduler.local
Linux scheduler 5.10.63-v7l+ #1459 SMP Wed Oct 6 16:41:57 BST 2021 armv7l
Last login: Mon Aug 1 09:07:43 2022
pi#scheduler:~ $
and
wes#macbook % ssh pi#crossing.local
Linux crossing 5.10.17-v7l+ #1414 SMP Fri Apr 30 13:20:47 BST 2021 armv7l
Last login: Mon Aug 1 09:07:46 2022
pi#crossing:~ $
But when they try to access each other, I get some results I don't understand:
pi#scheduler:~ $ ping crossing.local
PING crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=2 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=3 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=4 Destination Net Unreachable
Here's what Avahi reports:
pi#scheduler:~ $ service avahi-daemon status
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-08-01 09:07:37 PDT; 41min ago
Main PID: 388 (avahi-daemon)
Status: "avahi-daemon 0.7 starting up."
Tasks: 2 (limit: 1438)
CGroup: /system.slice/avahi-daemon.service
├─388 avahi-daemon: running [scheduler.local]
└─414 avahi-daemon: chroot helper
Aug 01 09:08:08 scheduler avahi-daemon[388]: Leaving mDNS multicast group on interface wlan0.IPv4 with address 169.
Aug 01 09:08:08 scheduler avahi-daemon[388]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.
Aug 01 09:48:29 scheduler avahi-daemon[388]: Files changed, reloading.
Aug 01 09:48:29 scheduler avahi-daemon[388]: No service file found in /etc/avahi/services.
Here's my hosts and hostname files:
pi#scheduler:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 scheduler
pi#scheduler:~ $ cat /etc/hostname
scheduler
What does avahi say about it? Let's see:
pi#brs-scheduler:~ $ avahi-resolve --name brs-crossing.local -4
brs-crossing.local 192.168.0.214
pi#brs-scheduler:~ $ ifconfig | grep "inet 192"
inet 192.168.0.109 netmask 255.255.255.0 broadcast 192.168.0.255
pi#brs-scheduler:~ $ ping brs-crossing.local
PING brs-crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
So for some reason, on this private network, mDNS is resolving correctly, but ping and ssh don't resolve properly?
What am I missing?
Unsurprisingly, since the pis worked fine on the local net and stopped working on a private net with a new router, it had to do with the configuration of the new router not mDNS.
mDNS was working fine:
pi#scheduler:~ $ avahi-resolve --name crossing.local -4
crossing.local 192.168.0.214
The new router on the private net had two operating modes "router" and "access point." In "router" mode, the router was pushing a DNS nameserver IP to clients which was somehow hosing ping and ssh and other services, despite mDNS working okay.
pi#scheduler:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.0.1
Once the router was placed in "access point" mode, and DHCP was turned on manually, everything worked.
Obscure problem. Obscure solution.
I can connect to my DigitalOcean Ubuntu 20LTS VM instant that has PostgreSQL 14 installed without issue, but I'm trying to make it more secure with only specific IPs that can connect to the database.
I heard the way to do this is to modify the /etc/postgresql/14/main/postgresql.conf file.
When I have this line, I can connect to my database without issue.
listen_addresses='0.0.0.0'
However, if I modify this line with:
listen_addresses='123.123.123.123'
I get this DataGrip error message: [08001] Connection to 111.111.111.111:12345 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
111.111.111.111:12345 is my (fake) VM's IP and port that I already set up.
123.123.123.123 is my (fake) computer's external IP that I get from here or here
Any suggestions? Is there a log I can search from that will give me a better understanding of what is going on?
Also to note, with listen_addresses='0.0.0.0', running ss -ptl gives an output of
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 244 0.0.0.0:12345 0.0.0.0:*
LISTEN 0 128 [::]:ssh [::]:*
with listen_addresses='123.123.123.123', running ss -ptl gives an output of
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 128 [::]:ssh [::]:*
Documentation that I used so far:
https://www.postgresql.org/docs/current/runtime-config-connection.html
https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
I have created an asio server with acceptor:
m_acceptor(m_ios, asio::ip::tcp::endpoint(asio::ip::address_v4::any(), port_num)
where port number is 3333
At this point, the netstat -antup command shows :
13:tcp 0 0 0.0.0.0:3333 0.0.0.0:* LISTEN 26566/./test
So, I believe this means that local address 0 0.0.0.0:3333 is ready to listen to any connection on port 3333
After this, I start the client which creates the endpoint to ip : 127.0.0.1 and port 3333
After this, the netstat output is:
tcp 0 0 0.0.0.0:3333 0.0.0.0:* LISTEN 26566/./test
tcp 0 0 127.0.0.1:3333 127.0.0.1:46675 ESTABLISHED 26566/./test
tcp 0 0 127.0.0.1:46675 127.0.0.1:3333 ESTABLISHED 26685/./test
Process 26566 is master process
Process 26685 is slave process
What I do not understand is what does the the port 46675 mean in the address shown above? This definitely represents the client side, but from where was this port number allocated to the client?
Does this mean that client has connected to port 3333 but the port from which it itself connects is 46675?
Does this mean that client has connected to port 3333 but the port from which it itself connects is 46675?
Basically. It describes the client endpoint. This is BSD/Posix sockets jargon.
What I do not understand is what does the the port 46675 mean in the address shown above? This definitely represents the client side, but from where was this port number allocated to the client?
It gets automatically chosen (by the TCP stack, usually in the kernel) from the local port range. E.g. on linux you can manipulate that range (if you have permission):
sudo sysctl -w net.ipv4.ip_local_port_range="60000 61000"
(Warning: don't do this unless you know what you're doing). See also https://en.wikipedia.org/wiki/Ephemeral_port
I have installed and configured RabbitMQ on Ubuntu 16.04 server using reference. Since the default user that is guest is only allowed to connect locally by default, I added a new user with the administrator tag and set its permission so that it can access / virtual host. I enabled RabbitMQ management console. I am successfully able to login with the user I created. I am also able to connect with RabbitMQ when I am connecting to it via localhost using my created user. But when I am trying to connect with the RabbitMQ server through other servers using following code:
import pika
credentials = pika.PlainCredentials('new_user', 'new_pass')
parameters = pika.ConnectionParameters('<server's Public IP>', 5672,'/',credentials)
connection = pika.BlockingConnection(parameters)
It throws an error:
Traceback (most recent call last):
File "", line 1, in
File "/Library/Python/2.7/site-packages/pika/adapters/blocking_connection.py", line 339, in init
self._process_io_for_connection_setup()
File "/Library/Python/2.7/site-packages/pika/adapters/blocking_connection.py", line 374, in _process_io_for_connection_setup
self._open_error_result.is_ready)
File "/Library/Python/2.7/site-packages/pika/adapters/blocking_connection.py", line 395, in _flush_output
raise exceptions.ConnectionClosed()
pika.exceptions.ConnectionClosed
The same code works fine when I run this code on server, on which RabbitMQ is installed and by replacing <server's Public IP> with 0.0.0.0.
Output of sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 18021/beam
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 18110/epmd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1230/sshd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 18021/beam
tcp6 0 0 :::5672 :::* LISTEN 18021/beam
tcp6 0 0 :::4369 :::* LISTEN 18110/epmd
tcp6 0 0 :::22 :::* LISTEN 1230/sshd
What could be causing this error?
this usually happens with a very low connection timeout. adjust your connection string to include a larger connection timeout, such as 30 or 60 seconds, and you should be good to go.
looks like pika uses this setting https://pika.readthedocs.io/en/latest/modules/parameters.html#pika.connection.ConnectionParameters.blocked_connection_timeout
I'm trying to configure Sendmail to listen on on 110 POP3 on a ec2 server. I need it for a newsletter app so that it can check for bounces. When I try to telnet in on port 110 I get a connection error.
root:/# telnet sub.domain.com 110
Trying 5?.??.?.?0...
telnet: Unable to connect to remote host: Connection refused
root:/# telnet sub.domain.com 25
Trying 5?.??.?.?0...
Connected to sub.domain.com.
Escape character is '^]'.
220 ip-172-31-54-114.ec2.internal ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Wed, 30 Nov 2016 10:24:50 GMT; (No UCE/UBE) logging access from: [5?.??.?.?0](FORGED)-ec2-5?-??-?-?0.compute-1.amazonaws.com [5?.??.?.?0] (may be forged)
^]
telnet> quit
Connection closed.
When I lsof on port 25 I can see that it's working but not on 110.
root:/# lsof -n -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail- 4279 root 4u IPv4 2349285 0t0 TCP *:smtp (LISTEN)
root:/# lsof -n -i :110
root:/#
Do I need to edit the sendmail.mc file, previously I commented out the below lines so that smtp would listen to all IPs.
dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
I've searched the sendmail.cf & sendmail.mc for any references to pop3/port110 configuration but can't see anything.
Sendmail MTA acts like SMTP server. You need separate program/server to service POP3 protocol e.g. dovecot IMAP/POP server.
Sendmail-FAQ-4.19 : How do I configure sendmail for POP/IMAP/...?