I have a server that has a rule like so when I check netstat -tulpn:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
This has been all well and good as the mysql database we've use has only needed local access, but now I want to remote connect to it too. I need my netstat -tulpn to read like so:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
How do I update this? I've been looking through nc but everything seems to only talk about setting up listening for the first time. Whenever I try to assign a new rule I get a message like this:
(base) ct#do-not-touch:/$ sudo nc -l 0.0.0.0 3306
nc: Address already in use
How do update the 127.0.0.1:3306 rule to be for 0.0.0.0:3306? Am I somehow totally off base here?
You can't* have two processes listening on the same IP and port. Since 0.0.0.0 means listen on all IPs, you can't bind to it if there's anything bound to any IP on that port. Stop the existing process listening on 127.0.0.1:3306, and then you'll be able to start one listening on 0.0.0.0:3306.
*: Technically, a flag called SO_REUSEPORT does exist, and forking after binding lets you do it as well, but neither is useful in your situation.
Ok so if you run into this in the future, you have kill the process that is using whatever port but first you must know that port.
sudo lsof -t -i:3306
Then kill whatever id.
Related
Background
First time working with Azure. I'm deploying a database server (ClickHouse) onto a VM hosted in Azure, and have it started up fine. The VM is running Ubuntu. The database server's default ports are localhost port 9000 for TCP (used by the command line client) and 8123 for HTTP (used by application clients).
Issue
The db server should be listening on the server's default http port (8123). However, when I try to connect, it just hangs. Based on the below steps, I don't think the network request is making it to the server.
Steps I've tried
Started the containerized version on my local machine and used the exact same curl command to run a simple SELECT 1 query against it (http://localhost:8123). This succeeds and proves to me that the request is not malformed.
Verified that the server is responsive via the local client on the VM (while SSH'ed in)
Added my IP address and the port in the VNET's "inbound port rules". I've been able to access my public IP via SSH after adding a similar rule for that.
my ip is valid irl
$ telnet my.public.ip.address 8123 <- obviously with the actual ip in there. this hangs as well
While SSH'ed in, I've run $ ss -atn | grep 8123 and see:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 4096 127.0.0.1:8123 0.0.0.0:*
LISTEN 0 4096 [::1]:8123 [::]:*
I'm not an expert at the network component of this. I think this means the server is listening to 8123 on localhost as well as all other addresses. I take that latter part to mean that it should be exposed publicly. I also believe LISTEN means it is ready to accept connections, but no connections are currently open.
Any ideas?
LISTEN 0 4096 127.0.0.1:8123
0.0.0.0:*
expected:
LISTEN 0 4096 *:8123 *:*
Your Clickhouse listens localhost only
solution:
cat /etc/clickhouse-server/config.d/port.xml
<?xml version="1.0"?>
<yandex>
<listen_host>::</listen_host>
</yandex>
and restart CH.
How can I use the port 80 on my local Linux machine as the port of my node server?
The netstat command netstat -ptuln says the following about this port, while the node server is running:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN -
I found on this site some recommendations for the command sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT. I executed this command but when I make a request with curl (curl 1.97.xxx.xxx.xx) it keeps responding with curl: (7) Failed to connect to xxxxxx port 80: Connection refused.
But using curl the following ways works: curl 0.0.0.0:80 or curl localhost:80.
My conclusion is, that I somehow have not opened the port correctly, but all I could find on the internet repetitively is the command I mentioned earlier.
I am aware of the fact that I could fix this easily by using an apache server, but I would like to make it without it.
Thank you!
Paste the output from
netstat -ptuln
command.I think the problem is that your web server runs on local address and can not be reachable for other machines in network.
here's my scenario:
I have IP camera behind the company firewall that I want to stream publicly, and for that, I've created two Azure VMs (Ubuntu 19.04) - let's call them vm1 and vm2
In case it's important, my VM SKU is Standard B1s (1 vcpus, 1 GiB memory)
I SSH to my camera and from there, I do a remote port forwarding for RTSP like this:
ssh -R 554:localhost:554 root#<vm1-ip>
And, I guess I need to enable root SSH because it's a "well-known" port.
I log in to vm1, and I see it's listening on the port: sudo netstat -tlnp gives me this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:554 0.0.0.0:* LISTEN 108748/sshd: root#p
tcp6 0 0 ::1:554 :::* LISTEN 108748/sshd: root#p
But, when I use nmap from from vm2, the port is shown as closed:
nmap <vm1-ip> -p 554
PORT STATE SERVICE
554/tcp closed rtsp
When I use vlc to connect to the stream, it doesn't work either: the URL I use in vlc is: rtsp://<vm1-ip>/...
I thought this might be an issue with the NSG (network security group) associated with vm1, so I tried allowing all inbound traffic:
and, needless to say that it doesn't solve the issue
Any thoughts on this?
Thank you
We are getting this strange issue on a raspberry pi.
We run a service on a socket that should work for both local and remote clients via wifi.
The trouble is that stopping the remote network also stops connections from local clients.
Our python server sets up a socket like this:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.setsockopt(socket.SOL_SOCKET, socket.SO_DONTROUTE, 1)
s.settimeout(2)
s.bind(("", 8888))
while True:
try:
conn, addr = s.accept()
except socket.timeout:
print("Socket timeout on s.accept(), continuing")
continue
#do stuff
We have a local node client running a loop like this every second or so (and actually sending data):
// every second
socket.connect("localhost", "8888" );
socket.on('connect', function() { /* do stuff */ });
socket.on('error', function(ex) { });
Everything runs fine until we cut wifi.
We server side times-out on s.accept and we see the error message in our logs.
I think that the socket is bound to listen on 0.0.0.0 but somehow does not fail over to 127.0.0.1 or some sort of strange routing situation occurs.
netstat -an | grep 8888 gives
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8888 127.0.0.1:52794 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52724 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52740 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52778 TIME_WAIT
netstart -rn gives
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 304 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan0
I'm guessing that we just need a localhost route?
The local connections establish again when the wifi comes back up. So I don't there is some permanent dropping of the bind in the python socket.
the hosts line in /etc/nsswitch.conf gives
hosts: files mdns4_minimal [NOTFOUND=return] dns
We monitored ping to localhost during the test and it continues to function fine.
We also monitored netstat to see that port stays LISTENING on 0.0.0.0 Perhaps this is the issue?
Easiest Solution
It looks like you should avoid any naming by using "127.0.0.1" as described in our comment discussion.
In more detail:
According to the source and the docs (after nodejs first tests for an ip,) it checks if you've provided a lookup function as an option to connect, if not, it does its own "dns.lookup" call as the default. Despite the name, this function is actually trying to use system naming but might be subtly different, for example it may try to prefer ipv6.
To debug further you could try to make a more direct test case with dns.lookup and compare things like the output of getent ahosts|ahostsv4|ahostsv6 localhost against your different systems and when the wifi is down, as well as comparing other configuration like the gai.conf to try to determine if system naming is a bit different on this system or being given slightly different requests.
Sorry in advance for such a noob question, but I'm certainly a noob.
My question is what does it mean to LISTEN or ACCEPT on a port as it relates to my example?
EXAMPLE:
I have a tomcat server, and It will use port 8080. I want to make sure that port is available for me to use.
What commands should I perform on my unix server and why?
what information would a command like this give me: netstat -an | grep LISTEN
If a port shows up as LISTEN in netstat, it means the port is in use by a server process, so you can't use it. Here is an example:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
which shows that port 631 is in use.
Ignore the UNIX type sockets at the end - they are irrelevant.
For checking port 8080 is in use or not, you can simply use the command netstat -an|grep 8080. If you get an output in below format, that means 8080 is already in use and you need to assign a new port for the tomcat.
# netstat -an
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc,
a option with netstat will give you both listening and non listening ports
n option when you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name. This also speeds up the output, as netstat is not performing any look-up.
For more understand the use of netstat command here are its options:
-a : All ports
-t : Ports TCP
-u : Ports UDP
-l : Listening ports
-n : IP address without domain name resolution
-p : Name of the program and it associated PID
So:
-To display all port (TCP & UDP), PId with the associated name of the program :
$ netstat -paunt
-To display all Listening ports (TCP), PId with the associated name of the program : (and we can also filter with the grep command)
$ sudo netstat -plnt | grep ':80'
I hope it will be helpful :)
You can also use telnet to check if the port is open and listening e.g,
Zeeshan$ telnet google.com 80
Trying 173.194.35.5...
Connected to google.com.
Escape character is '^]'.
I am telnetting google.com on port 80. If you see the third line in the output, you will notice it says it is connected with the Google's web server. The same way you have a JAVA application server called Tomcat and it is listening on port 8080. In fact it is asking clients to connect to it on port 8080 so it can give away the JAVA services to client. When I will use from a client side telnet localhost 8080 I will be connected the same way I have connected with Google's web server on port 80. Provided that Tomcat is running and listening on port 8080. If port 8080 is not free and occupied by some other application you can simply change the port 8080 to another free port. Telnet should give you the following status:
accepted (connected), refused, and timeout
connection refused - nothing is running on that port
accepted - some application is running on the port
timeout - a firewall is blocking access
So now there are two possible ways to check. From the same machine you are running Tomcat server:
telnet localhost 8080
Of if you want to check it from some other machine or outside of the network:
telnet 192.168.1.1 8080
I hope that helps.
use can also run the below command, it will list the Port and corresponding PID, if any process is using those ports
netstat -tulpn