All connection attempts on RhodeCode on CentOS 6.3 are refused except from localhost.
Note that iptables is not running, and I am only trying to visit the web interface.
I have googled the exact error message below and looked around SO. I have yet to find a solution.
abort: error: No connection could be made because the target machine actively refused it
If the firewall is down, and I am not trying to modify any repository, what else is preventing me from connecting? EDIT: See #5 below. Not sure how to address it yet.
Things tried and other info
Using localhost, 127.0.0.1 and hostname in production.ini
service iptables stop
Connected over HTTP successfully. In other words, connections are accepted outside RhodeCode.
Made sure no authentication methods were enabled or configured in production.ini
Although the server accepts connections on localhost, netstat -l does not show that port 5000 is listening. Port 5000 is set in production.ini and ps uax | grep paster confirms the server is running. No other software tries to grab port 5000.
Ok, apparently I have been misunderstanding the host configuration. I was running on the assumption that host should be set to 127.0.0.1 or localhost in production.ini for RhodeCode to know what host to look for for another service. This was a faulty presumption on my part, since I am used to pointing web applications to local systems to look for databases.
It turns out that host binds the application to a specific address for access, meaning that it RhodeCode was supposed to only respond to local requests, regardless of what other system policies say. The setup docs did not make this clear because it did not specify that external connections would be refused. All it said was:
This command [paster serve] runs the RhodeCode server. The web app should be available at the 127.0.0.1:5000. This ip and port is configurable via the production.ini file created in previous step
The problem was fixed by binding RhodeCode to 0.0.0.0, which opened it to outside connections. Kudos to Ćukasz Balcerzak for pointing this out in the RC support google group.
Related
Sorry for the basic question but im a complete noob on those matters.
I have a cloud server where i run a jup[yter notebook server, which normally is run on port 8888.
However when i try to connect to it from work, it doesnt work, which i suspect is due to the firewall.
I can connect from work to a regular ssh session through port 22 or 443.
However the jupyter notebook refuses to be run on those ports, probably because they are allocated already.
I tried to run PortQry to get the open ports on my work server (which is windows) and it reurned port 50248. I tried to have my jupyter server to listen on that one but it didnt work.
I also tried to scan the open port of my work server, but i received a warning from AWS! And the few ports that were returned as seemingly opened didnt work either when i set up my jupyter notebook to listen on them.
I would like to understand:
On my own server: How can i identify which port the jupyter server program can listen on?
On my work machine: How can i identify which one of my own server port would be let through the firewall of my work?
You need to use SSH local port forwarding.
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
You will open a SSH connection to your server but a local port, lets say 4444, will connect over the SSH connection and resolve to 8888 on the remote server.
With this you'd be able to open a browser locally and go to localhost:4444 and it would resolve to your remote hosted site. The command for this locally would be something like -
ssh -L 4444:localhost:8080 yourremoteserveraddress
An alternative option would be to use a SOCKS proxy via dynamic forwarding but this would involve needing to reconfigure your browser.
Always keep in mind any company policies around this type of thing. Even though 22 and 443 are open to the internet, use of them in this manner may break a policy and there is always the possibility of the company using a MITM proxy to monitor for this type of usage, specifically on 443.
I have an application with a server written in F# and serve web files using suave. I remote login using powershell into another machine in the network to run the application (The application is also in one of the network drives). I do that because that machine have access to third party APIs needed for the server. Now when I do [IPAddress_Of_Remote_Machine]/[html_file] or [name_of_pc]/[html_file] then chrome is waiting forever and doesn't ever return the webpage. This wasn't happening before and I ran into this problem recently. I opened a different port and used it instead of the default one 80. This made things work but the problem keeps showing up after a couple of days. I don't think it's a firewall issue but I'm clueless to why this is happening.
When running netstat -an, this is what I get (I hid the IP address):
As you can see all of the connections are either in CLOSE_WAIT or ESTABLISHED but not LISTENING. All of these TCP connections is probably because I have PhantomJS and two other APIs running in the application as well. However the loop back address is also open on the same port 5959:
I'm not sure what is difference between these two but when using PortQryUI to query the remote server it returns a success!
I have already made an inbound rule for port 5959 on the server so it should be allowed. The web page is stuck at Waiting for [name_of_pc]. Also, sometimes this problem disappears and everything works fine.
What is the potential problem behind this? Why would this happen all of a sudden?
UPDATE:
I re-ran the application today and it's working correctly. It could be that something is dynamically set within the firewall? Not really sure what is going on. The machine I'm running the server on has a bunch of applications running on it as well so maybe there is an external process that is affecting it?
I made a hello world app with Suave and deployed it on the network drive to test if it's going to work. I opened inbound rule for port 6001
Then I ran the app:
However, it's still not working and this time it says the site cannot be reached when I do: http://[name_of_pc]:6001.
Moving this to an answer so that it can be closed:
Could you post the bindings section of your suave cfg? I'm guessing you know where that is since you are using a non-standard port but if you need don't, search for HttpBinding. I suspect you will find it pointing to 127.0.0.1 which is not good enough for remote access. You could try changing it to 0.0.0.0 or to the server's actual IP address. I would try 0.0.0.0 first for the flexibility it provides
I have setup a simple HTTP java server running locally on port 8000. It simply prints a message "Hello world" when a request comes. When I try to ping it from the browser by running http://localhost:8000/test I get my message printed.
I want to get the same results from another computer that is not local. When I try to use my public IP lets say http:/43.xxx.xxx.xxx:8000/test (even from the same machine) I get an ERR_CONNECTION_REFUSED .
I probably suspect that has something to do with the firewall. Can anyone guide me a little more because I lack the experience?
Thanks in advance
You don't specify what host OS your server/firewall is running so I'll keep this generic...
Without knowing your application, it seems like the server is sending a reset (RST packet) when the first SYN packet shows up indicating that the port (on that interface [your external]) is closed. You can do a quick port scan from here (https://mxtoolbox.com/PortScan.aspx) if you don't have access to a remote machine to test with. Odds are, TCP/8000 will not be open.
If it is, in fact, closed, you'll have to look at the firewall that your host OS is running and find out how to allow TCP/8000 to your host. In a major firewall vendor, your rule would look similar to this:
Source: Any
Destination: Your Public IP Address
Service: TCP/8000
Action: Allow
Logging: Full
That being said, you mentioned this was a PC so look into "iptables" (if you're running *nix) or the Windows Firewall (if you're running Windows) on adding firewall rules (Unfortunately I just joined and can't ask questions/comments, yet).
If you really want to find out what packet is being sent, run a tcpdump on your external interface (let's say eth1) (assuming your remote IP is 1.2.3.4 and your home public IP is 4.5.6.7):
tcpdump -nn -vvv -e -s 0 -X -c 100 -i eth1 host 1.2.3.4 and host
4.5.6.7 and port 8000
Here you're looking for the SYN/SYN-ACK/ACK for a successful TCP negotiation or SYN/RST if there is a firewall rejecting (not dropping) the TCP stream to the port.
Once the port is open on the host OS firewall, take a look at the application to make sure it's configured properly. If this were a standard webserver, you could take a look at the configuration files for the "Allow from" directives to make sure that everyone can access the site. If this is a custom application that you've created, you'll have to check this yourself.
I finally solved my problem. I needed to open a forwarding port in my router that maps my local ip address to the public. My router is TP Link so this what I did:
http://www.tp-link.com/us/faq-72.html
Also in order for this to work every time and not to have to reconfigure this every time I reconected to the router (because I get a new local IP), I have created a static local ip for my server following this guide:
http://www.tp-link.com/us/faq-182.html
Thanks for all the replies.
I have configured jetty-maven-plugin in my eclipse Mars and I can run the server using jetty start and stop goals. I can able to access the website using http://localhost:8080/myapp but not using local IP address(i.e., http://192.168.0.5:8080/myapp) from my own computer or other computers connected in the same network via LAN and Wi-Fi.
As mentioned as a solution in these posts,
how to make jetty server accessible from LAN?
Configuring Jetty to accept connections from all hosts
I configured the server host to 0.0.0.0 from localhost to listen on all hosts. With this setting I can see on server start log,
INFO:oejs.AbstractConnector:Started SelectChannelConnector#0.0.0.0:8080
and it works only on http://localhost:8080 but it's not accessible from http://192.168.0.5:8080.
I also tried running that if the interface is accessible using the Networks Interface Listing as mentioned in this comment. and I got,
Display name: NETGEAR WNA1000M N150 Wireless USB Micro Adapter
Name: wlan4
InetAddress: /192.168.0.5
I also tried turning off my Windows Firewall/antivirus but din't help. My jetty version is <jetty.version>9.3.0.M1</jetty.version> and JDK 1.7. What could be the problem? Any help is appreciated.
McAfee Endpoint Security was the culprit here. It was blocking the requests with IP addresses from my very own computer. Turned off the firewall inside the Antivirus and I was able to access the site with http://192.168.0.5:8080/mysite from the browser and other devices connected through the network.
Sometimes some other program opens your port on external address before you do that with Jetty. It will receive all traffic instead. On Windows you will not know it if you reuse port (that is Jetty's default behavior). Check with netstat -ano what is the IP of the process that is indeed listening on 0.0.0.0:8080. Verify if it is your Jetty process only.
Then try connecting with telnet or netcat and see if you can open the connection and what is the response.
I can't connect to ContextBroker from another machine, even a machine in the same LAN.
Accessing by ssh without any problem
ssh geezar#192.168.1.115
and then
curl localhost:1026/statistics
the terminal shows the statistics, all right
<orion>
<xmlRequests>3</xmlRequests>
<jsonRequests>1</jsonRequests>
<updates>1</updates>
<versionRequests>1</versionRequests>
<statisticsRequests>2</statisticsRequests>
<uptime_in_secs>84973</uptime_in_secs>
<measuring_interval_in_secs>84973</measuring_interval_in_secs>
</orion>
But when I try without ssh connection...
curl 192.168.1.115:1026/statistics
curl: (7) Failed to connect to 192.168.1.115 port 1026: No route to host
Even, I routed the port 1026 to that machine (192.168.1.115) on the router configuration, and tried to access from my public IP, the result is the same, failed to connect
I think I am missing something, but.. what is it?
The most probable causes of this problem are:
Something in the host (e.g a firewall or security group) is blocking the incoming connection
Something in the client (e.g a firewall) is blocking the outcoming connection
There is some other network issue is causing the connection problem.
EDIT: in GNU/Linux system, iptables is usually used as firewall. It can be disabled typically running iptables -F.