I need to deploy a Azure Worker Role with input endpoint on port 21 so that it can accepts incoming FTP connections.so that i should be able to connect to worker role through FTP Client like Filezilla and access the azure blob storage.
for this i was able to implement FTP commands like LIST,RETR,STOR,PORT,USER and PASS.All these works fine with Active mode of FTP.
But when i switch to PASSIVE mode of FTP(execute PASV command to Azure Worker Role),I am finding the issue.Since i am newbie to Azure so not able to trace the problem..Going through few blogs got to know that since Azure Worker role are beyond the Load balancer so PASSIVE mode need configuration.I saw few blogs which talks about manual configuration of Web role for FTP..Since i am working on worker role, does configuration change and how can handle it in code and more over since we are not sure about which vm machine the role gonna deployed..how can i handle configuration
Ways i tried:
1.In the Azure Worker role,i set the following end points
FTP Input tcp 21
Endpoint1 Input tcp 1025
initially on Start(),I had this code on line
TcpListener server = SocketHelpers.CreateTcpListener(RoleEnvironment.CurrentRoleInstance.InstanceEndpoints["FTP"].IPEndpoint);
and on PASV mode i had following
TcpListener server = SocketHelpers.CreateTcpListener(RoleEnvironment.CurrentRoleInstance.InstanceEndpoints[" Endpoint1"].IPEndpoint);
so that it opens on new port 1025 and send back to the client.while sending back to client i got exception as follows:
SocketErrorCode is 10053 and SocketErrorDesc:System.Net.Sockets.SocketError.ConnectionAborthhed
Unable to write data to the transport connection: An established connection was aborted by the software in your host machine.
2.other way by getting external IP address using http://checkip.dyndns.org/,if i get IPadress from this,do i need to get the port from code using
RoleEnvironment.CurrentRoleInstance.InstanceEndpoints[" Endpoint1"].IPEndpoint???
Really I am really confused with Azure stuff and FTP configuration.
I went through following articles but could not find how to configure programmatically worker role (setting the port range,retrieving from the code) to work on PASSIVE mode.
http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx
http://angelolaris.blogspot.com/
Regards,
Vivek
First think i could confirm is that, ot sure if you are also starting the listener as below or now:
TcpListener myPortListener = new TcpListener(RoleEnvironment.CurrentRoleInstance.InstanceEndpoints["MY_PORT"].IPEndpoint);
myPortListener.Start();
Next when you have above code in your worker role the Port start to take incoming request and any application which has binding to IP/Port will receive the packets.
IF you really want to understand it how to get it working in your Worker Role, what you can do is, following this guidance to setup in a Web Role first and then try to replicate same configuration in your worker role. It is little complex to do but first you would need to understand how things work and then you would be able to implement itself.
Also your requirement is not clear because I am not sure why do you need such configuration because you can connect directly to Azure Blob storage (if your data is located at Azure Blob storage) from a Worker Role and access the content, why having FTP/local connectivity to make it complex. May be if you revisit your application architecture, you don't need to do such work.
Related
We have java application running on bluemix that is supposed to submit some files over FTP to the server located in intranet.
Everything works as expected when executing the application locally, but something goes wrong when the application tries to submit something over the secure gateway.
The Gateway has a destination configured for the port 21. Looking through the logs we can see that the application is able to connect to the server and execute some commands there, but fails when it comes to the file submission (by timeout in case of passive mode and saying that the connection is closed in active)
Passive attempt results:
Active attempt results:
We are able to use the gateway to connect to the external db2 instance successfully.
Is some additional configuration required? Is FTP is possible at all over the Secure Gateway?
This question was also asked on dW Answers at the following URL:https://developer.ibm.com/answers/questions/386433/ftp-over-secure-gateway-on-bluemix.html
As stated in response to that question, SFTP doesn't run over port 21; it runs over port 22.
Answer found at: https://developer.ibm.com/answers/questions/386433/ftp-over-secure-gateway-on-bluemix.html
"you need to define two secure gateway destinations - one for command
port 21 and one for data port, which will depend on your connection
mode."
I am having problem to access a node js rest service deployed on an ubuntu virtual machine. I am able to access the VM using putty, however I am not able to ping the reserve ip from command line. I have put the logs in the rest service as when it gets the hit it prints the log, the logs are not getting printed. I want to know if there is any additional setting which needs to be done to open a port from the virtual machine or it is supposed to be open by default. If I need to open the port in order to access the service, where should I look for it.
Thanks & Regards
I want to know if there is any additional setting which needs to be
done to open a port from the virtual machine or it is supposed to be
open by default.
No, Azure will not open other ports by default, we should open ports manually.
I am not able to ping the reserve ip from command line
It is a classic VM, am I right? if so, we should make sure the rest service listening on which port, and add endpoints via Azure portal:
More information about create an endpoint please refer to this link.
If your VM in ARM module, we should add a inbound rules to NSG.
More information about NSG, please refer to this link.
I am using Appache Tomcat to host webpages that can be accessed by authenticated users and a UDP socket has been opened on port 14550 in which devices sends a stream of communication messages. The system is working fine in the local network. I tried to host the this in Openshift and later found that Openshift does not allow external UDP communication. Now I am considering Amazon EC2 instance, new VM in Azure or in GCP. I would like to know that will there be any issue in using the sockets from my application. Thank you in advance.
No, on AWS EC2 everything is allowed, you just need to configure your Security Group to allow specific web traffic, UDP traffic can also be allowed their.
I was also looking for possible workaround for this issue, but it's quite easy irrespective of what platform language you are using to develop socket program on AWS EC2, as am using Node.js nginx in my case, this should work for all supporting platforms.
Configure Security Group
In the AWS console, open the EC2 tab.
Select the relevant region and click on Security Group.
You should have an default security group if you
have launched an Elastic Beanstalk instance in that region for your
app.
click on Actions button at top, and select Edit inbound rules.
here in Type column select All UDP, or you can set some Custom UDP
rule as well to listen at your socket port.
And there just enter port of your UDP server Ex: 2020.
And that's it!
Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.
I have an application that can connect to the Principal, but can't connect to the Mirror during a failover.
(Note to moderator: please let me know if this question is more appropriate for serverfault. I posted it here because I found more questions similar to this issue than on serverfault.)
This is the error I receive when my application attempts to connect to the Mirror after a failover:
Named Pipes Provider: Could not open a connection to SQL Server [53].
Cannot open database "MY_DB_NAME" requested by the login. The login failed.
I am familiar with the fact that when initially connected to the Principal, the name of the Mirror server is cached to be used during the failover and that the failover partner I specify in my connection string is only used if the initial connection to the Principal fails.
This clearly describes the problem I'm having:
http://blogs.msdn.com/b/spike/archive/2010/12/15/running-a-database-mirror-setup-with-the-sqlbrowser-service-off-may-produce-unexpected-results.aspx
...but the SQL Browser Service is running and I can't figure out why the name won't resolve when connecting to the mirror.
I'm assuming there is a service that must be running to enable NetBIOS name resolution that is not running, because this is what I see in WireShark consistently without a response from the Mirror:
Source Destination Protocol Length Info
10.200.3.111 10.200.5.255 NBNS 92 Name query NB SQL-02-SVR-<00>
Question 1: What could be causing the problem? ;-)
Question 2: I really don't want to enable NetBIOS (for security reasons) and I'm using IP addresses (no FQDNs) in the mirror configuration and in the connection string. Given the caching behavior of the mirror partner when connecting to the Principal, is there a way to force TCP/IP to be used so the value that is cached is the IP address and not the name? Do I need to run the SQL Server Browser/Computer Browser services?
The configuration:
App Is Delphi XE2 using SDAC 6.5.9 (I don't think this is relevant to the component I'm using because it works in other installations with mirroring and has no issues)
SQL Server 2012 Enterprise installed as a default instance on Principal, Mirror and Witness in a non-domain configuration using certificate authentication.
Windows Server 2008 R2 SP1 64-bit on all machines
Firewalls disabled on Principal, Mirror and Client (where app is running)
TCP/IP and Named Pipes enabled on Principal and Mirror
SQL Server Browser service running on Mirror
Computer Browser service running on Mirror
Mirroring is configured for automatic failover with a witness and works properly (I can fail back and forth between mirror and principal without issue)
SQL Native Client 2012 installed on Client machine
Same app login (with same SID and user rights) exists on both Principal and Mirror
Correct server, failover partner, database name, user name and password verified in my app log
In connection string, principal server is 'tcp:10.200.3.15,1433' and failover partner is 'tcp:10.200.3.16,1433' using the SQL Native client
I can ping both servers from the Client machine
NetBIOS over TCP/IP has been enabled in the adapter under the WINS tab (on the Mirror and Client machines)
I've been able to get the application working with mirroring on several other installations, but this one is baffling me.
I found the problem, which was that the customer had the Principal and Mirror in one VLAN and the Client(s) in another. Although the IP addressing scheme was the same, the policy for communication between the VLANs prevented broadcast messages, which is why the NetBIOS query was failing on the client. A WINS or DNS server will be implemented to resolve this issue.
However, I am still interested in an answer to my Question #2, above.
I am developing an iPhone application which is communicating with a remote service over a tcp socket connection (the service actually listens on telnet and takes telnet commands too). The connection is of course insecure and all requests (with quite a bit of sensitive data, such as passwords) and responses are transmitted as plain text. My first reaction was to consider a web service with ssl, but developing a web service from scratch seems too lengthy.
Because of that I have been thinking of using an ssh tunnel in order to secure the traffic. Is it possible to set up an ssh tunnel in an iPhone application (with libssh2 for example) and then use that tunnel to securely connect to the remote service? If so, how should I set up the tunnel and most importantly, how should I connect to the remote service and give commands/receive responses? Lastly, what should I keep in mind regarding the tunnel?
EDIT: I forgot to mention that the server running the service is using Windows. SSH is achieved via Cygwin.
I am sorry if the question is too basic but this is really my first real brush with ssh.
I think you may have more security issues by using an ssh tunnel because there isn't a secure way to tie down the authentication information in the app and well, if someone can get that login information they could conceivably connect to your ssh session and start trying to issue arbitrary commands. Of course there are ways to lock down an ssh session, but still, I'd be very wary of that. At least with a web service, it acts as a "broker" between the iPhone app and the telnet session so you can add an extra layer of protection.