I am trying to run a socket server on an aws ec2 ubuntu instance and then connecting with it using my local machine. I was successful with sending HTTP GET requests to my server hosted on aws ec2 instance and getting a response, but I am unable to connect the server and client using sockets, even after enabling custom TCP on the complete range of ports on the instance.
Here is a screenshot describing my instance's inbound and outbound rules :
screenshot
I used this python code from the internet to test socket networking :
socket_client.py :
import socket
def client_program():
host = "<aws instance public ip address>"
port = 8080 # socket server port number
client_socket = socket.socket() # instantiate
client_socket.connect((host, port)) # connect to the server
message = input(" -> ") # take input
while message.lower().strip() != 'bye':
client_socket.send(message.encode()) # send message
data = client_socket.recv(1024).decode() # receive response
print('Received from server: ' + data) # show in terminal
message = input(" -> ") # again take input
client_socket.close() # close the connection
if __name__ == '__main__':
client_program()
socket_server.py :
import socket
def server_program():
host = "0.0.0.0"
port = 8080 # initiate port no above 1024
server_socket = socket.socket() # get instance
# look closely. The bind() function takes tuple as argument
server_socket.bind((host, port)) # bind host address and port together
# configure how many client the server can listen simultaneously
server_socket.listen(2)
conn, address = server_socket.accept() # accept new connection
print("Connection from: " + str(address))
while True:
# receive data stream. it won't accept data packet greater than 1024 bytes
data = conn.recv(1024).decode()
if not data:
# if data is not received break
break
print("from connected user: " + str(data))
data = input(' -> ')
conn.send(data.encode()) # send data to the client
conn.close() # close the connection
if __name__ == '__main__':
server_program()
Note that the socket server-client are working completely fine when run on my local machine.
Please help if you know about how to fix this .
Edit - I have also tried with disabling firewall on the linux ec2 instance, but the problem still persists.
Thanks.
I have a java client on Windows and c++ server running on Linux (VM). I'm trying to connect client to the server. But I don't know what IP address I should use.
My Virtual Machine configuration is default, I have NAT network on it.
Here is what I get from ifconfig
enp0s3 Link encap:Ethernet HWaddr 08:00:27:97:86:ce
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::8651:2c9d:6683:e4fc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:855910 errors:0 dropped:0 overruns:0 frame:0
TX packets:267095 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:940974525 (940.9 MB) TX bytes:24398399 (24.3 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:9710 errors:0 dropped:0 overruns:0 frame:0
TX packets:9710 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:875898 (875.8 KB) TX bytes:875898 (875.8 KB)
And here is what i get from ipconfig:
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Połączenie lokalne* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::ddca:c63d:1b9e:6255%14
IPv4 Address. . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Połączenie sieciowe Bluetooth:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Połączenie lokalne* 4:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:10c9:14d5:da7f:e55c
Link-local IPv6 Address . . . . . : fe80::10c9:14d5:da7f:e55c%13
Default Gateway . . . . . . . . . : ::
I tried to connect using:
socket = new Socket("10.0.2.15", 1236);
When Im using client on VM with localhost everything is fine.
So I assume there is a problem with connection between Windows and VM.
you should read https://blogs.oracle.com/scoter/networking-in-virtualbox-v2
Basically, you have to configure the port forwarding. Follow the instructions provided in the link, by the end of the page.
The configuration you shoud use is:
Name: Rule 1 (or any actually)
Protocol: TCP
Host IP: 127.0.0.1
Host Port: 1236
Guest IP: (leave blank)
Guest Port: 1236
The guest port could be any, but must be the same you are using on your server application. Leave the Guest IP blank.
Now, in order to you connect from the host to the guest, you should use in the client application:
socket = new Socket("127.0.0.1", 1236);
If you want to connect from the guest VM to the host machine, using this configuration, you should use in the client application instead:
socket = new Socket("10.0.2.2", 1236);
Alternatively, you could also use the NIC in bridge mode, also explained in the article. But you should configure the router properly.
Btw, don't forget to disable your firewall, or configure it, otherwise it can block the incoming connections.
You can disable ufw using the command:
sudo ufw disable
I have an Amazon EC2 instance running and I am trying to set up StatsD+InfluxDB+Grafana. InfluxDB and Grafana work well (and Grafana sees the data from InfluxDB), but I can't manage to get any data from StatsD to InfluxDB.
I have a domain registered, which is pointed to my EC2 instance with an Elastic IP.
What I can see is that:
- I can perfectly interact with the InfluxDB database (including inserting values) when I don't use StatsD
- StatsD seems to be getting the data I randomly generate from Python (I can see it in its logs). It is sent through the port 8125 to StatsD.
- UTC packets sent from StatsD to InfluxDB through port 8086 seem to not be getting to InfluxDB (or not sending....?)
- Port 8086 is open on my AWS security settings for both TCP and UDP
- Port 8125 is open on my AWS security settings for UDP
I am wondering whether some of my settings are wrong, but I don't know what else to try:
InfluxDB configuration file contains:
# hostname = "localhost"
hostname = MYDOMAIN.com
[[udp]]
enabled = true
bind-address = ":8086"
database = "MY_DATABASE"
retention-policy = ""
batch-size = 1000 # will flush if this many points get buffered
batch-pending = 10 # number of batches that may be pending in memory
batch-timeout = "1s" # will flush at least this often even if we haven't hit buffer limit
read-buffer = 0 # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max.
udp-payload-size = 65536
My StatsD configuration file contains (among other things) the following lines:
{
influxdb: {
/*
host: '127.0.0.1', // InfluxDB host (default 127.0.0.1)
*/
host: 'MYDOMAIN.com', // InfluxDB host (default 127.0.0.1)
port: 8086, // InfluxDB port (default 8086)
database: 'MY_DATABASE', // InfluxDB db instance (required)
username: 'MY_USERNAME', // InfluxDB db username (required)
password: 'MY_PASSWORD', // InfluxDB db password (required)
flush: {
enable: true // enable regular flush strategy (default true)
},
proxy: {
enable: false, // enable the proxy strategy (default false)
suffix: 'raw', // metric name suffix (default 'raw')
flushInterval: 1000
}
},
port: 8125, // statsD port
backends: ['./backends/console'],
debug: true,
legacyNamespace: false
}
As far as I understand, the process is:
Python --> Port 8125 --> StatsD --> Port 8086 --> InfluxDB
Is there a need to use something like Telegraf or statsd-influxdb-backend to connect StatsD and InfluxDB?
I would truly appreciate any helps because I have been trying to set it up for hours and I don't see what could be wrong.
Thanks!
The part of the stack I'm not sure about is your StatsD server. It's probably having a problem posting the data to InfluxDB. If you use Telegraf instead it should "just work". Telegraf can act as a StatsD server (among many other things) and send data to InfluxDB via either UDP or the regular HTTP protocol.
I'm working with tcl script under ubuntu 12.04, and I'm facing some problem when I try to configure a multicast socket. What I'm trying to do is to forward traffic from some socket to a multicast one, but I don't know why although the multicast socket is created well,apparently; it isn't bound to the multicast group I want to.
This is the script I'm using
#!/bin/sh
# test.tcl \
exec tclsh "$0" ${1+"$#"}
package require udp
set multicastPort "50003"
proc connector {unicastIP multicastIP port {protocol tcp}} {
if { [string equal $protocol "tcp"] } {
socket -server serverTCP -myaddr $unicastIP $port
puts "tcp"
} elseif {[string equal $protocol "udp" ] } {
serverUDP $unicastIP $multicastIP $port
puts "udp"
}
}
proc serverUDP {unicastIP multicastIP port} {
global multicastPort
set socketUDP [udp_open $port]
puts " $unicastIP"
fconfigure $socketUDP -blocking false -translation binary -buffering none -remote [list $unicastIP $port]
#fileevent $socketUDP readable [list gettingData $socketUDP]
set multicastSocket [udp_open $multicastPort]
udp_conf $multicastSocket -ttl 4
fconfigure $multicastSocket -blocking false -translation binary -buffering none -mcastadd $multicastIP -remote [list $multicastIP $port]
fileevent $socketUDP readable [list forwarding $socketUDP $multicastSocket ]
#puts $socketUDP "hello!"
#flush $socketUDP
}
proc forwarding {socketSrc socketDst} {
set data [read -nonewline $socketSrc]
puts "Read data-> $data"
puts -nonewline $socketDst $data
puts "Written data-> [read -nonewline $socketDst]"
}
connector 127.0.0.1 224.0.1.1 50000 udp
vwait forever
However if I run the script and check out the ports in my system, the multicast port is not assigned the proper multicast IP as you can see
~$ netstat -ptnlu
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:50000 0.0.0.0:* 3334/tclsh
udp 0 0 0.0.0.0:50003 0.0.0.0:* 3334/tclsh
Could anyone tell me the reason?
THanks in advance,
Regards!
AFAIK, that is OK. I have a multicast daemon in production using Tcl and its udp package, and netstat and ss tools also show me the socket as listening on the wildcard address.
"The trick" here, I suppose, is that multicasting is one level up the stack: joining a multicast group is not merely opening a socket or an endpoint on the group address but rather sending a very real IGMP "join" message to the local transport segment (Ethernet, in most deployments) and further communicating with the nearby IGMP routers (again, on Ethernet, they're mostly switches).
So, in your case, just fire up tcpdump and see what it dumps when you start your program. A useful call to tcpdump looks something like this:
tcpdump -i eth0 -n 'igmp and host 224.0.1.1'
To observe UDP traffic exchanges use
tcpdump -i eth0 -n 'udp and host 224.0.1.1 and port 50000'
Summary:
This is a 2 part question. A simple Samba share on one ISP with router doesn't work while another ISP with a different router setup the same and a similar server with same Samba configuration works.
It seems to be either the router not forwarding the ports, although it successfully forwards SSH and others, or the ISP somehow blocking the standard Samba ports. It still bugs me that I can't figure out why it doesnt work and I'll still try to narrow down the cause.
The second question is I'm looking for a business use, simple, easy to use (for end users), secure share for a small number of people and files, hosted internally and accessible externally on the internet, between Windows 7, XP, Mac, and linux servers with simple clients for end users.
A new friend outside of stackoverflow helped with sshfs as a solution. On CentOS ssh already supports sshfs. The Windows client win-sshfs is working well and I'll be trying OSXFUSE with MACFusion described at UO.
Additionally, setup linux users for each person. To allow write by everyone in the linux group, change the umask in /etc/ssh/sshd_config described in this question at serverfault. People get to their home directory first, where I placed links to a shared folder with sticky bit set so they can't delete the folder. They can delete the links but that's easy enough to put back. The only issues I can see are lack of file locking and lack of auto-refresh.
Original Question:
I can't seem to get Samba working on a Centos 6.3 server over the internet. I have a similar test server on another internet connection working fine with the exact same setup. I've gone through http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html twice, made sure the ports are forwarded through to the internet (although not sure how to test they are really open), double checked samba configuration, its only sharing /tmp simply now. The user account is setup, it can ssh in and get to /tmp and the samba password is set the same. I can't ping the server but that is because the router or IP is set not pingable by the owner/work. SSH and HTTPS apache work well on the server with ports forwarded the same way. I haven't been able to test the share within the local network yet since I am not there, but I assume that it should work internally. When trying to connect from Windows 7 it just times out, no prompt and it has never connected, whereas my test server on my own internet connection is always working internally and externally.
Any help would be greatly appreciated.
The requirement is a easy to use internally hosted shared folder alternative to using "dropbox" for use between Windows 7, XP, mac, and linux servers that works over external internet connection. It won't see heavy usage but should be quick, easy to access/setup on the client side, and secure for business. If there are any alternatives to install on CentOS that would be great as well.
Thank you!
Andrew
Edit, details:
Ports are forwarded:
(I had an image but as new user I cant post) 137, 138, 139, 445 are forwarded all with both TCP and UDP for testing now.
smb.conf is setup simply and exactly the same as the working test server:
# cat /etc/samba/smb.conf
[global]
workgroup=WORKGROUP
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
[tmp]
comment = temporary files
path = /tmp
read only = yes
Samba restarted for good measure:
# service smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
Windows 7 times out when trying to access the share as \ which works fine with the test server:
(I had a screenshot but new users cant post)
A search for the error 0x80004005 results in http://answers.microsoft.com/en-us/windows/forum/windows_vista-networking/cannot-access-network-share-get-unspecified-error/9f840844-9d5b-e011-8dfc-68b599b31bf5
I've checked the workgroup, share settings, and restarted windows. Since the test share works I would think the Windows machine is working. I'll continue with the details.
Edit again:
Following the troubleshooting guide again:
Simplify the smb.conf to just:
# cat /etc/samba/smb.conf
[tmp]
comment = temporary files
path = /tmp
read only = yes
/etc/resolv.conf is using the ISPs servers and they work. They are different than the working server's DNS but that one is on a different ISP:
# nslookup google.com
Server: 71.242.0.12
Address: 71.242.0.12#53
Non-authoritative answer:
Name: google.com
Address: 74.125.228.2
I'm doing everything with IP addresses so I don't know that DNS would come into play.
I added dns proxy = no to smb.conf for fun but that didn't help.
/var/log/samba/log.smbd doesn't report anything different from the working server:
[2012/09/20 16:59:41, 0] smbd/server.c:1141(main)
smbd version 3.5.10-125.el6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2012/09/20 16:59:41.484699, 0] param/loadparm.c:7648(lp_do_parameter)
Global parameter dns proxy found in service section!
[2012/09/20 16:59:41.486645, 0] printing/print_cups.c:109(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2012/09/20 16:59:41.486809, 0] printing/print_cups.c:468(cups_async_callback)
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2012/09/20 16:59:41.507198, 0] smbd/server.c:501(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use
[2012/09/20 16:59:41.507407, 0] smbd/server.c:501(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use
[2012/09/20 17:00:39, 0] smbd/server.c:1141(main)
smbd version 3.5.10-125.el6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2012/09/20 17:00:39.513793, 0] printing/print_cups.c:109(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2012/09/20 17:00:39.513955, 0] printing/print_cups.c:468(cups_async_callback)
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
[2012/09/20 17:00:39.535458, 0] smbd/server.c:501(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use
[2012/09/20 17:00:39.535689, 0] smbd/server.c:501(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use
However the working server creates a log file in the directory named log. which the non working server does not.
testparm:
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
[tmp]
comment = temporary files
path = /tmp
continuing...
Continued:
nmb is running as well:
# service nmb restart
Shutting down NMB services: [ OK ]
Starting NMB services: [ OK ]
"Respond to Ping on Internet Port" is normally turned off on the routers. I turned it on, on both the Windows client and the server. Each can ping the other, sharing still doesn't work.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\xxxx>ping xxxx
Pinging xxxx with 32 bytes of data:
Reply from xxxx: bytes=32 time=25ms TTL=51
Reply from xxxx: bytes=32 time=23ms TTL=51
Reply from xxxx: bytes=32 time=26ms TTL=51
Reply from xxxx: bytes=32 time=24ms TTL=51
Ping statistics for xxxx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 26ms, Average = 24ms
# ping xxxx -c 5
PING xxxx (xxxx) 56(84) bytes of data.
64 bytes from xxxx: icmp_seq=1 ttl=251 time=20.7 ms
64 bytes from xxxx: icmp_seq=2 ttl=251 time=24.6 ms
64 bytes from xxxx: icmp_seq=3 ttl=251 time=21.4 ms
64 bytes from xxxx: icmp_seq=4 ttl=251 time=25.3 ms
64 bytes from xxxx: icmp_seq=5 ttl=251 time=22.9 ms
--- xxxx ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4029ms
rtt min/avg/max/mdev = 20.776/23.022/25.319/1.764 ms
continuing...
Continued:
iptables are off:
# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
SELinux is off:
# sestatus
SELinux status: disabled
smbclient using a user setup in samba works from the samba server to its local IP and to its external IP. The Windows client gets:
Connection to <ip addr> failed (Error NT_STATUS_UNSUCCESSFUL)
Samba is running as a daemon/service and netbios-ssn is in listen mode:
# netstat -a|grep netbios-ssn
tcp 0 0 *:netbios-ssn *:* LISTEN
Continuing...
Continued:
We're not restricting connections or using inetd.
log.nmbd does not report any problems.
nmblookup -B BIGSERVER SAMBA works using the server's name
nmblookup -B ACLIENT * fails on all log files using the windows client name OR the external IP address
nmblookup -d 2 `*'. fails
"If your PC and server aren't on the same subnet, then you will need to use the -B option to set the broadcast address to that of the PC's subnet.
This test will probably fail if your subnet mask and broadcast address are not correct. (Refer to test 3 notes above)."
Im not sure here, since we're going over the internet do we need these to match and work?
smbclient //BIGSERVER/TMP works
On the client:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\xxxx>net view \\xxxx (ip addr)
System error 53 has occurred.
The network path was not found.
C:\Users\xxxx>
net use has the same problem, even with providing user and passwd.
nmblookup -M WORKGROUP returns a local windows machine on the network there, whereas on my test server it returns the client which is local to the test machine. Perhaps there is an issue here with workgroup being on another machine, but how would others connect from other networks if this was the issue?
I tried preferred master = yes as well.
Page 2 of samba howto next.
Update: A new friend said to try nmap to see check the ports:
# nmap -sS -P0 -sV -O xxxx
Starting Nmap 5.51 ( ) at 2012-09-21 11:09 EDT
Nmap scan report for xxxx (xxxx)
Host is up (0.024s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
25/tcp open smtp Postfix smtpd
110/tcp open pop3 Dovecot pop3d
443/tcp open ssl/http Apache httpd 2.2.15 ((CentOS))
9100/tcp open jetdirect?
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
No OS matches for host
Service Info: Host: xxxx
Since the Samba ports do not show up, I'm thinking the router or ISP is not forwarding/blocking the ports at this point.
As for a solution to sharing, I'm trying sshfs with a windows and mac client.
Answering your original question, the good way to test if your ISP is not blocking listed ports is this:
# yum -y install tcpdump
# tcpdump -i eth0 "port 137 or port 138 or port 139 or port 445"
(substitute eth0 with the name of the interface connected to the Internet).
Then you should try accessing the share (net view / net use / Windows Shell). If ports are forwarded correctly you should see something like that:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:25:48.631173 IP 192.168.0.10.54032 > 192.168.0.1.microsoft-ds: Flags [S], seq 4008761512, win 5840, options [mss 1460,sackOK,TS val 136010468 ecr 0,nop,wscale 7], length 0
01:25:48.631198 IP 192.168.0.1.microsoft-ds > 192.168.0.10.54032: Flags [S.], seq 2220435566, ack 4008761513, win 14480, options [mss 1460,sackOK,TS val 15507714 ecr 136010468,nop,wscale 7], length 0
01:25:48.631397 IP 192.168.0.10.54032 > 192.168.0.1.microsoft-ds: Flags [.], ack 1, win 46, options [nop,nop,TS val 136010468 ecr 15507714], length 0
01:25:48.642171 IP 192.168.0.10.54032 > 192.168.0.1.microsoft-ds: Flags [P.], seq 1:184, ack 1, win 46, options [nop,nop,TS val 136010479 ecr 15507714], length 183SMB PACKET: SMBnegprot (REQUEST)
...
If you see nothing at all it means that your ISP (or intermediate router) is blocking packets to those ports and it's most likely the case — SMB protocol proved to be quite insecure for open Internet deployments.
In the file /etc/samba/smb.conf, under the section [global], below the workgroup line add this two lines :
client min protocol = NT1
client max protocol = SMB3