Openshift binding a TCP port with port forward? - sockets

according to this doc
Does this mean we could port forward 8000 and 8443?
If I deploy a spring integration project with TCP port binding to 8000 or 8443, will I able to telnet to openshift?
I have tried, but not sure what happened. When I use putty RAW mode connect to 8443, and send some text, nothing happened on the server console, my program should print out what it received. so I suppose I failed, right?
P.S. that project was tested using localhost tomcat, it works locally.
this related question seems to successfully forwarding many port.

Related

Issue getting my web server to work from external devices

I am attempting to set up an apache2 web server on my raspberry pi. I am able to connect to it by doing http://localhost:8080 (8080 because my router blocks port 80). Although when I do http://my.pub.lic.ip:8080 the connection times out. I set up port forwarding so that requests going to my router on port 8080 go to my raspberry pi on port 8080. This does not seem to work but I'm also not sure if the port forwarding is the cause or if it is something else. Any suggestions?
Is your web server configured to listen on the network interface besides localhost?
https://httpd.apache.org/docs/2.4/bind.html
For example, to make the server accept connections on both port 80 and port 8000, on all interfaces, use:
Listen 80
Listen 8000
To make the server accept connections on port 80 for one interface, and port 8000 on another, use
Listen 192.0.2.1:80
Listen 192.0.2.5:8000
You can try using nmap by finding your router's public IP and on the raspberry pi type nmap my.pub.lic.ip This will show you what services are actually being published to the world. This gives more insight to the problem.
I got the web server up and running although for some reason it appears that my isp would only allow it to be hosted securely (as an https page)(I'm not sure if that's the right way to phrase it). To achieve this for free, I used cloudflare's ssl service. A tutorial to set it up for apache2 can be found here

Internet ports: connect to personal server from work, not on port 22 or 443

Sorry for the basic question but im a complete noob on those matters.
I have a cloud server where i run a jup[yter notebook server, which normally is run on port 8888.
However when i try to connect to it from work, it doesnt work, which i suspect is due to the firewall.
I can connect from work to a regular ssh session through port 22 or 443.
However the jupyter notebook refuses to be run on those ports, probably because they are allocated already.
I tried to run PortQry to get the open ports on my work server (which is windows) and it reurned port 50248. I tried to have my jupyter server to listen on that one but it didnt work.
I also tried to scan the open port of my work server, but i received a warning from AWS! And the few ports that were returned as seemingly opened didnt work either when i set up my jupyter notebook to listen on them.
I would like to understand:
On my own server: How can i identify which port the jupyter server program can listen on?
On my work machine: How can i identify which one of my own server port would be let through the firewall of my work?
You need to use SSH local port forwarding.
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
You will open a SSH connection to your server but a local port, lets say 4444, will connect over the SSH connection and resolve to 8888 on the remote server.
With this you'd be able to open a browser locally and go to localhost:4444 and it would resolve to your remote hosted site. The command for this locally would be something like -
ssh -L 4444:localhost:8080 yourremoteserveraddress
An alternative option would be to use a SOCKS proxy via dynamic forwarding but this would involve needing to reconfigure your browser.
Always keep in mind any company policies around this type of thing. Even though 22 and 443 are open to the internet, use of them in this manner may break a policy and there is always the possibility of the company using a MITM proxy to monitor for this type of usage, specifically on 443.

Explain SSH tunneling process and limitations (for a remote Xdebug session)

The Preamble
I start up my local SSH terminal at work behind a firewall, and connect to a remote server all the time without any problem.
The way Xdebug works, correct me if I'm wrong, is that it sends an "unsolicited" request to my network's port 9000. I actually initiated that action by sending the remote server an HTTP request through my browser with a POST/GET/COOKIE variable instructing xdebug to start up. But my network doesn't know that. All it knows is that it is getting a request on port 9000 from the internet. It doesn't know which computer in its private network to forward it to (without setting up port forwarding on the router), and can only ignore the request.
So if you can't do port forwarding, another option (and a much better one from what I can tell), is SSH tunneling. My computer sends the SSH request, the server responds. My router knows which computer in its network to route these responses to. Piggybacking on that SSH connection allows those "unsolicited" port 9000 requests from the remote server to get to me.
I think I understand that much.
I finally got tunneling to work, thanks to stackoverflow, but how it works is still fuzzy to me.
On the remote server, I tell Xdebug to connect to localhost (not to my ip via xdebug.remote_host=173.123.45.56, and not to xdebug.remote_connect_back=1 which also would end up at my IP) on port 9000. Connecting to localhost seems a bit weird, since I picture that as the server sending messages to its own IP address, as if it is sending messages into itself (but I think that connecting to localhost is probably fundamentally different than connecting to any other IP... I don't think the message gets routed out and back in to localhost).
On my computer at work, I open up an SSH connection on port 22, specifying a tunnel to/on port 9000, and remote port 9000. I've seen some explanations of the various settings here but still don't understand them. Some even seem to involve three machines. What seems to be happening though, is I'm connected as usual via port 22, but I've told the remote machine that I want to receive its port 9000 communications. I've specified "localhost" in my tunnel, and I suppose that might need to match the localhost in my xdebug.remote_host value. I wonder if I specified my IP address in both places (i.e. xdebug.remote_host=173.123.45.56 on the remote server, and same IP in my SSH terminal), would that work too?
So Xdebug on the remote server sends me a request to initiate a debug session. It comes through my port 22, but my SSH tunnel somehow makes it seem that it is coming in on port 9000. So my IDE that is listening on port 9000 receives the request and sends a response (also on 9000), which my SSH tunnel intercepts somehow and sends back to the remote server on port 22, where it is similarly spoofed into looking like port 9000 to xdebug.
The Crux
So what I'm really not clear on is, what exactly is the localhost in my SSH tunnel configuration referring to? Does it relate directly to the xdebug.remote_host=localhost value? Can I change them both to my IP address?
Are all of the remote server's outgoing communications on port 9000 being forwarded to me, or just some of them? E.g., if someone in Chattanooga initiates a debug session in their browser, will I receive Xdebug's response?
Are all of my outgoing communications on port 9000 being forwarded to that server? I.e. can I debug two applications on two different servers at the same time, with some of my port 9000 communications going one way and some the other, or would I need one port per local application? (I can use Google Chrome and Firefox browsers at the same time, both on port 80, for example.)
The tunnel consists of an SSHD listening to port 9000 (as well as 22) at your end and an SSHD listening to port 22 at the other end. When you connect your XDebug to your local 9000, the SSHDs intercommunicate and the remote SSHD connects to port 9000 at the remote. Thereafter your local port 9000 behaves identically to the remote port 9000: all data written to either end appears at the other end.

Port Forwarding without hosting server

I just want to know if I can forward port 80 or 8080 or 21 on my router just to check if those ports are open to public. I don't have a server running on my PC though. I'm sure it's possible if a server is running and configured.
This is a very detailed link on how to do it , but i guess it is also depends on the router you've got .
http://www.pcworld.com/article/244314/how_to_forward_ports_on_your_router.html

Http Listener doesn't work on Port 8080 or other ports (works only on port 80)

I wrote a simple WebServer using HttpListener class (.net 2.0)
It seems that It doesn't work on port other then 80.
When i sniff the transport to my server i can see the Syn packets on Port 8080 arrive to the server, but there is no Syn/Ack response, although when i sue netstat -a i can see that the server is listening to port 8080 (i verified that my application is the one that listens)
HttpListener server = new HttpListener()
server.Prefixes.Add("http://192.168.4.133:8080/");
server.Start();
_log.Write("Waiting for a connection... ");
HttpListenerContext context = server.GetContext();
HttpListenerRequest request = context.Request;
HttpListenerResponse response = context.Response;
_log.Write("Got request for " + request.RawUrl);
the above code doesn't receive any Context (stuck at the line server.GetContext())
if i change the Prefix to "http://192.168.4.133/"
the above code works perfectly.
when i am testing it on Port 80, i am killing the IIS services, and making sure that my application is the one that listen to the relevant port.
i am running this on XP, so i don't think it is security issues....but you never know..
i have read about the httpcfg tool, but didnt really understood it...
is there something inherntly diffrent between listening on port 80 to listening on other ports? 8080 or even better another random user port?
Thanks,
Itay
I'd suggest checking your firewall, and if you don't find anything -- try to run another server on 8080 and check if it's working (so you know that it's the port, not the server).
Check if you're firewall is on or off and if on, whether prohibiting this port access.
You can termorarily turn it of for the test just to make sure.
Side note: No need to be hunting down and killing IIS processes, simply stop the IIS windows service (run the command "services.msc" to see a list)