I have some issues with MongoDB (or Linux security, perhaps):
1 I am runing MongoDB 3.0 in an OpenSuSE 13.1 machine (which acts as the data server). I have a local network of 4 computers with different OSs.
2 I can connect from a Windows 8.1 Laptop using the mongo command, using the pymongo Python library, or Robomongo. Everything works just fine: I can query the server and insert things.
3 However, when I try to access port 27017 to see the "It looks like you're accessing..." message, the browser says "The connection was reset".
4 SuSe's Firewall and AppArmor are disabled.
QUESTION: There is one computer that can't access the address of the local server. Said computer is in the same local network and is running Windows 8.1. I tried with many other devices and OSs (see miniupdate in comments) and they all managed to access the 27017 port on the server. Of course, the server simply displayed the message "It looks like you are trying to access MongoDB over HTTP on the native driver port.". Do you have any ideas as to why the browser in the problematic computer keeps saying "Connection was reset" instead of showing the message mentioned above? Please note that this computer can do everything I mentioned in point 2. It's the browser thing that is puzzling me.
MongoDB's default port doesn't speak the http protocol. Which is what a browser can speak (among a few others). If you're looking for the web based status page, then that should be on port 28017 (27017 + 1000).
See http://docs.mongodb.org/manual/reference/default-mongodb-port/ for more details.
Found the solution on my own: disable the "Web shield" of Avast Antivirus. It somehow resets the browser's connection to Mongo.
Again, I realize that Mongo doesn't talk HTTP on that port, but still the fact that all other devices but this one were able to connect (to simply get a message) was bugging me.
Related
I use a local Python web server on my Windows machine. It’s simple, but good enough while in the static web page development stage. I just run it with something like this on my WSL command line:
python3 -m http.server
I can also access it on mobile devices on the same network, by going to my local address, e.g.: http://192.168.1.12:8000. All was good, until suddenly I could no longer access it on external devices, I got a “server not responding” type of message. Also, I could clearly see that when I refreshed the page on my phone, there was no GET request on the logs.
Immediately I tested on the local machine, and it was still working fine. This obviously smelled like a Firewall. In Linux, I’d know what to do, but it’s the first time I had to deal with this on Windows. This is what I’ve tried, without resolving the connection problem:
I opened the Event Viewer but could not see any obvious logs to check
I stopped the server (CTRL+C) and started it again on another port (5000). The Windows Firewall message popped up again asking for permission for Python3 to access the “Public network” and the “Private network”. Normally I just tick the “private network” but this time I checked both, as a troubleshooting step, in case my Wi-Fi was incorrectly being considered “public”.
I went to Windows Firewall and temporarily shut it down on the private network.
I installed and tried running nmap on the WSL, but it failed to run and prompted me to install the Windows version instead.
I installed and ran the Windows version of nmap but it told me that port 5000 was open.
What is the recommended way to troubleshoot and fix this issue?
Still suspecting the firewall, I tried something new, I switched off the “public network” firewall. I tested on my mobile and the page loaded as normal again! I immediately turned the firewall back on. Tested the page on my mobile once more, still fine. So, the solution was to toggle the public network firewall. I would make it more generic and toggle all firewall categories on Windows. And of course, I would make sure that the firewall stays on, this was a very quick operation.
I thought I’d put this here rather than ServerFault or SuperUser as it could potentially be more useful to developers, and it took a precious hour of my time. I still don’t know why it stopped working on its own in the first place. Better troubleshooting steps or suggestions are welcome, but I probably won’t be able to verify it as I don’t know how to purposely induce the issue.
Another solution that worked another time, was to delete all instances of Python 3.8 from the list of allowed apps (I don't know why Windows shows the same app multiple times) then (re)start the Python server and allow it through when the Firewall question pops up again.
In windows firewall you may have 4 options to configure your local web server when you are creating new Inbound connections rule.
1 Program
2 Port
3 Predefined
4 Custom
Try to use port only in "TCP protocol" and the custom port.
Allow connection.
Select: all checks: domain, private and public.
Enter a name.
Thats all.
I have an application with a server written in F# and serve web files using suave. I remote login using powershell into another machine in the network to run the application (The application is also in one of the network drives). I do that because that machine have access to third party APIs needed for the server. Now when I do [IPAddress_Of_Remote_Machine]/[html_file] or [name_of_pc]/[html_file] then chrome is waiting forever and doesn't ever return the webpage. This wasn't happening before and I ran into this problem recently. I opened a different port and used it instead of the default one 80. This made things work but the problem keeps showing up after a couple of days. I don't think it's a firewall issue but I'm clueless to why this is happening.
When running netstat -an, this is what I get (I hid the IP address):
As you can see all of the connections are either in CLOSE_WAIT or ESTABLISHED but not LISTENING. All of these TCP connections is probably because I have PhantomJS and two other APIs running in the application as well. However the loop back address is also open on the same port 5959:
I'm not sure what is difference between these two but when using PortQryUI to query the remote server it returns a success!
I have already made an inbound rule for port 5959 on the server so it should be allowed. The web page is stuck at Waiting for [name_of_pc]. Also, sometimes this problem disappears and everything works fine.
What is the potential problem behind this? Why would this happen all of a sudden?
UPDATE:
I re-ran the application today and it's working correctly. It could be that something is dynamically set within the firewall? Not really sure what is going on. The machine I'm running the server on has a bunch of applications running on it as well so maybe there is an external process that is affecting it?
I made a hello world app with Suave and deployed it on the network drive to test if it's going to work. I opened inbound rule for port 6001
Then I ran the app:
However, it's still not working and this time it says the site cannot be reached when I do: http://[name_of_pc]:6001.
Moving this to an answer so that it can be closed:
Could you post the bindings section of your suave cfg? I'm guessing you know where that is since you are using a non-standard port but if you need don't, search for HttpBinding. I suspect you will find it pointing to 127.0.0.1 which is not good enough for remote access. You could try changing it to 0.0.0.0 or to the server's actual IP address. I would try 0.0.0.0 first for the flexibility it provides
Already, I've checked at least 20 resources and am out of ideas:
I have a clean, remote Ubuntu EC2 instance, fresh from the AMI, having stopped only to install LAMP, phpmyadmin, and xdebug on it. Yes, I have configured my remote EC2 instance's php.ini file as follows:
Meanwhile, back on my laptop I have Netbeans & Eclipse installed. While I can get either to seamlessly upload and Run my php web app on my EC2 site (via SSH/SFTP) as soon as I hit "Debug" from either, index.php gets uploaded, a browser window opens, and then NOTHING HAPPENS. The page doesn't load, the Debug perspective doesn't open, breakpoints don't get triggered, nothing. Netbeans just hangs out saying "waiting for connection" whereas Eclipse just sits at the notorious 57% level (& yes, I toggled the xdebug.idekey before testing with Eclipse)).
So I tested xdebug's functionality on my server according to the instructions found here and here (both passed). I tried changing to port 9001 (in remote php.ini as well as in local Netbeans/Eclipse), I even tried launching this brand spanking-new EC2 instance with pretty much open Security group settings (SSH=0.0.0.0/0), but nothing seems to be working. I am out & out flummoxed, a self-confessed noob, and appreciative of any insight seasoned professionals in the community may have to offer.
Thanks,
Debbie
This feels like a networking issue to me. Port 9000 may not be accessible. The quickest way to test is to telnet to port 9000 on the remote system (if you have a telnet client installed that allows you to specify which port to telnet to). If the telnet attempt times out or is closed by the remote system you will see the error and this verifies that there is a networking issue.
I would check /etc/services to make sure that port 9000 is not reserved for use of something else. If port 9000 exists and is uncommented then something else is using the port and that services does not know how to respond to your request so it hangs.
I would do a netstat (lookup params to see "all" listening ports) and make sure the remote system is listening on port 9000. If you don't see port 9000 then the remote system is not configured to establish the connection.
If you are on a WIFI network then port 9000 may need to be port forwarded to the remote system using the internal cable modem configuration menu/utility. This is the scenerio I favor because I've wasted so much time solving this kind of problem with different software.
Good luck, you have more troubleshooting ahead of you and different questions to ask to resolve your problem.
Im reading the mongodb guide, but I dont get this:
mongodb://fred:foobar#localhost
It says I can connect to the mongodb through web browser.
I have tried this, but it doesn't work. Safari/Firefox can't recognize the mongodb protocol.
And why should I do it?
Isn't the mongodb server just for connecting through the command line?
And what is the difference between port 27017 and 28017?
Should I connect through http or mongodb protocol?
When you start mongod (the MongoDB daemon), it starts listening on two ports by default.
27017: the default port accessed by the various MongoDB drivers.
28017: a port that handles HTTP requests and provides some general monitoring.
What you've listed mongodb://fred:foobar#localhost actually represents this: mongodb://fred:foobar#localhost:27017 and this is the access protocol for MongoDB drivers.
The other "thing" you're seeing is port 28017. This is (by default) simply an overview of what's happening with the mongod instance on that server. Requests made from a web browser to this port will show an HTML output of the server overview.
If you start mongod with a different port number (i.e.: 7777), the "monitor" port will always be 1000 higher (i.e.: 8777).
If you want some advanced features like the ability to query via the web browser, you can start mongod with the --rest switch. You will then be able to run certain queries with a simple http get requestlink text (http://localhost:8777/mydb/mycollection/?filter_a=1).
If you're using language-specific MongoDB drivers (like most people will). Then you'll find that you'll have "connection strings" of the form mongodb://user:pwd#host:port/. These are similar in purpose to the usual connection strings you're used to for other Database products.
Increment by one thousand (28017), and use HTTP, not mongodb.
Note that this will "connect" you to the mongodb process, but it's not like phpMyAdmin or anything.
Here's what I've done:
I wrote a minimal web server (using Qt, but I don't think it's relevant here).
I'm running it on a legal Windows 7 32-bit.
The problem:
If I make a request with Firefox, IE, Chrome or Safari it takes takes about one second before my server sees that there is a new connection to be accepted.
Clues:
Using other clients (wget, own test client that just opens a socket) than Firefox, IE, Chrome, Safari seeing the new connection is matter of milliseconds.
I installed Apache and tried the clients mentioned above. Serving the request takes ~50ms as expected.
The problem isn't reproducible when running Windows XP (or compiling and running the same code under Linux)
The problem seems to present itself only when connecting to localhost. A friend connected over the Internet and serving the connection was a matter of milliseconds.
Running the server in different ports has no effect on the 1 second latency
Here's what I've tried without luck:
Stopped the Windows Defender service
Stopped the Windows Firewall service
Any ideas? Is this some clever 'security feature' in Windows 7? Why isn't Apache affected? Why are only the browsers affected?
If you're saying "localhost" instead of "127.0.0.1", you're forcing a name lookup before the actual connection attempt, adding delay.
In addition, some browsers, like Firefox 3.5+, don't use the operating system's DNS lookup mechanism, which is why it can have different performance than, say, wget.
You may be running into some automatic proxy discovery problem. In Firefox, you can disable this in Options | Advanced | Network | Settings; select either "No proxy" or give it explicit values. There's also the Internet Properties control panel, which is IE's network settings, but other browsers on Windows may obey settings here, too. Again, disable auto-proxy discovery. This can speed connections outside localhost, too.
For some reason Windows 7 takes 1 second to resolve address localhost regardless of it being in hosts file.
Adding localhost1 to hosts file and using that works around the problem.
When connecting to localhost on a IPv4/IPv6 dual stack host:
A DNS lookup is performed for localhost.
The DNS server (whether IPv6 enabled or not - this doesn't matter) returns both the AAAA record ::1, and the A record 127.0.0.1.
The client first attempts to connect to ::1.
We assume your server program is not IPv6-capable, which is a common case - due to historical reasons, many servers bind their socket to 0.0.0.0 by default rather than [::].
Here an ECONNREFUSED error would be raised for the client. This happens immediately on most platforms; on Windows however, a single call to connect() would try 3 times in 500ms intervals before giving up, hence taking a bit more than one second (See http://stackoverflow.com/q/19440364 for more details).
The client then creates a connection to 127.0.0.1 instead.
This would explain all your clues above:
If you make a request with Firefox, IE, Chrome, Safari or any other IPv6-capable clients, it takes takes about one second trying for ::1 before connecting to 127.0.0.1.
Your own test client just opens a INET socket, so it won't try ::1 at all.
Using a dual-stack server such as Apache, the clients will connect to ::1 happily.
The problem isn't reproducible on Windows XP, of which IPv6 support is not enabled by default.
The problem seems to present itself only when connecting to localhost, as your friend connected with an IPv4-only network.
Running the server in different ports has no effect on the 1 second latency.