Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
When I run $ netstat -ntlp I get the following output:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
To make sense of the output I have a few questions:
What is the difference in the "Foreign Address" between 0.0.0.0:* and :::*?
Why do some ports, such as 22 have an entry in both tcp and tcp6?
For the local address, what is the difference between ::: and 127.0.0.1 and 0.0.0.0 (and localhost)?
What is the difference in the "Foreign Address" between 0.0.0.0:* and :::*?
In the first case it is is IPv4, in the second one IPv6.
Why do some ports, such as 22 have an entry in both tcp and tcp6?
Because the server is listening with two different sockets on IPv4 and IPv6. Some servers try to use a single socket for both (not supported on all OS), some use different sockets. In case of OpenSSH: it supports listening on multiple IP:port anyway and it also originates from OpenBSD where listening for IPv4 and IPv6 with a single socket is not supported (explicit decision, for security).
For the local address, what is the difference between ::: and 127.0.0.1 and 0.0.0.0 (and localhost)? Are these all the same, or why are they referenced differently?
::: is the ANY address for IPv6 while 0.0.0.0 is the any address for IPv4 - with these listener address the server will accept traffic on all IP addresses it has (i.e. all interfaces: local, ethernet, wifi, VPN...). 127.0.0.1 is localhost for IPv4, i.e. only connections from the local machine are possible. The IPv6 localhost would be ::1. What localhost means depends on the entries in /etc/hosts, typically the same as 127.0.0.1.
Related
I'm trying to run a second web service on my VPS at port 3000.
On the VPS I run:
# php -S myhost.com:3000
and then in a browser, navigate to http://myhost.com:3000 but the browser times out and the service logs/outputs nothing.
If I run the service on port 80 (i.e., php -S myhost.com:80 and navigate to http://myhost.com), it works.
So firewall. Except that:
[root#spinal ~]# firewall-cmd --list-ports
3887/tcp 3000/tcp
(the 3887 is another service, which is working correctly.) And I rebooted the VPS after setting up port 3000 in the firewall. I reckon the service is listening correctly because:
[root#spinal ~]# netstat -tupl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:imap 0.0.0.0:* LISTEN 1907/dovecot
tcp 0 0 0.0.0.0:ciphire-data 0.0.0.0:* LISTEN 1876/sshd
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 1903/nginx: master
tcp 0 0 0.0.0.0:urd 0.0.0.0:* LISTEN 2004/master
tcp 0 0 myhost.com:hbci 0.0.0.0:* LISTEN 2206/php
tcp 0 0 localhost.loca:postgres 0.0.0.0:* LISTEN 1908/postgres
tcp 0 0 0.0.0.0:smtp 0.0.0.0:* LISTEN 2004/master
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 1903/nginx: master
tcp 0 0 0.0.0.0:imaps 0.0.0.0:* LISTEN 1907/dovecot
tcp 0 0 localhost.lo:cslistener 0.0.0.0:* LISTEN 1878/php-fpm: maste
tcp6 0 0 [::]:imap [::]:* LISTEN 1907/dovecot
tcp6 0 0 [::]:ciphire-data [::]:* LISTEN 1876/sshd
tcp6 0 0 [::]:urd [::]:* LISTEN 2004/master
tcp6 0 0 [::]:smtp [::]:* LISTEN 2004/master
tcp6 0 0 [::]:imaps [::]:* LISTEN 1907/dovecot
I can however connect locally. This works, when run on the VPS:
$ curl http://myhost.com:3000
so that again points at the firewall. But disabling the firewall doesn't help:
# systemctl stop firewalld
so it could be a DNS problem: my browser and the VPS differ on what myhost.com resolves-to. Except that, as mentioned above, switching to port 80 solves the problem. So it's something to do with coming-in on port 3000, from outside. But not firewalld.
The question at Can't reach nodejs on port 3000 from external on CentOS 7 is close to mine, but isn't conclusively answered.
I feel pretty stupid. It was a firewall; not on the VPS, but on my local network. When I tried it on a machine that doesn't go through my local network, it worked. I hope my public confession helps someone else.
I've setup a linux VM in Azure. I've added incoming port access to the current listening port on Apache. I've also done a curl localhost on the VM and see the apache html text. I hit the public IP of the VM and get nothing. Any ideas?
According to your description, please check those settings:
1. Please check Azure VM's NSG settings, make sure we have add port to inbound rules:
2. Vnet-->subnet's security group settings:
3. Check which port apache listening on:
netstat -ant
root#ubuntu:~# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 10.1.0.4:55870 191.237.32.134:443 TIME_WAIT
tcp 0 0 10.1.0.4:55874 191.237.32.134:443 TIME_WAIT
tcp 0 0 10.1.0.4:55876 191.237.32.134:443 TIME_WAIT
tcp 0 0 10.1.0.4:55868 191.237.32.134:443 TIME_WAIT
tcp 0 0 10.1.0.4:57772 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.1.0.4:57766 168.63.129.16:80 TIME_WAIT
tcp 0 36 10.1.0.4:22 167.220.255.8:53651 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
By the way, for test please disable ufw with this command ufw disable, then try to access the public IP address.
Update:
I follow those steps to modify apache default port:
1.Modify ports.conf, change port 80 to 80:
root#ubuntu:/etc/apache2# vi ports.conf
Listen 90
<IfModule ssl_module>
Listen 443
2.Add ServerName localhost to /etc/apache2/apache2.conf
root#ubuntu:/etc/apache2# vi /etc/apache2/apache2.conf
# Global configuration
#
ServerName localhost
3.Modify default port in /etc/apache2/sites-enabled/000-default.conf
root#ubuntu:/etc/apache2# vi /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:90>
4.Add inbound rule to Network Security Group:
By the way, to troubleshoot this issue, we can follow those steps:
1.Login this VM and use curl to test apache2:
curl localhost:90
2.Use your PC to telnet this VM's public IP and port 90
telnet xx.xx.xx.xx 90
If you can't telnet this port, please check your NSG settings and subnet's security group settings.
Here is my result, it works for me:
root#ubuntu:/etc/apache2# netstat -ant | grep 90
tcp6 0 0 :::90 :::* LISTEN
Proto Recv-Q Send-Q Local Address Foreign Address State PID
tcp 0 0 ip:11080 0.0:* LISTEN -
tcp 0 0 ip:5070 0.0:* LISTEN -
tcp 0 0 ip:5071 0.0:* LISTEN -
tcp 0 0 **127.0.0.1:5072** 0.0:* LISTEN -
tcp 0 0 ip:11443 0.0:* LISTEN -
tcp 0 0 **127.0.0.1:11444** 0.0:* LISTEN -
Not able to access port (11444 & 5072) externally.
Only working on Local Host not remotely.
We are using Ubuntu on Google Compute Engine.
Firewall rules Added
Just checking - have you also configured the firewall? By default, the ports may be blocked by the firewall. You can configure it to enable ports via either the Developer Console, or with the gcloud command line tool.
Some extra information about firewall's on Google Compute Engine can be found at:
https://cloud.google.com/compute/docs/networking?hl=en#firewalls
As the netstat output shows, your services listening on port 11444 and 5072 are bound to localhost (127.0.0.1) which means they only accept connections on the local loop interface. Change the binding IP address on your service configuration to 0.0.0.0.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have two PC in my network. I want that PC1 have got ssh access to PC2.
On PC2 I have installed ssh-server. In PC2 inet addr:192.168.0.100 . Next I execute on PC1 this command: ssh root#192.168.0.100 and get error: Connection timeout. I'm use Ubuntu 15.04
Why? What I need configure for my task?
UPD:
sudo netstat -tulpen | grep ":22"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 75804 8281/sshd
tcp6 0 0 :::22 :::* LISTEN 0 75806 8281/sshd
udp6 0 0 :::22918 :::* 0 65985 6596/dhclient
UPD2:
root#v400:/ # ssh -vv ivan#192.168.0.100
OpenSSH_6.4, OpenSSL 1.0.1j 15 Oct 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.100 [192.168.0.100] port 22.
debug1: connect to address 192.168.0.100 port 22: Connection timed out
ssh: connect to host 192.168.0.100 port 22: Connection timed out
root#v400:/ # nc 192.168.0.100 22
Failed to connect nc 192.168.0.100:22
As came out in comments, disable ufw. Uncomplicated Firewall (ufw) will by default block ssh connections as well.
After installing Glassfish on a CentOS only unziping the zip archive, my server doesn't not bind on ipv4.
With
netstat -tnlup
I've got the result :
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5278/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4621/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4825/master
tcp 0 0 :::8686 :::* LISTEN 14659/java
tcp 0 0 :::4848 :::* LISTEN 14659/java
tcp 0 0 :::8080 :::* LISTEN 14659/java
tcp 0 0 :::3700 :::* LISTEN 14659/java
tcp 0 0 :::8181 :::* LISTEN 14659/java
tcp 0 0 :::22 :::* LISTEN 4621/sshd
tcp 0 0 ::1:25 :::* LISTEN 4825/master
tcp 0 0 :::7676 :::* LISTEN 14659/java
udp 0 0 0.0.0.0:68 0.0.0.0:* 1168/dhclient
How can I force glassfish listen on ipv4 addresses too ?
You may find Glassfish is bound to IPv4 (and IPv6) but is being blocked by the iptables firewall settings:
As root:
/etc/init.d/iptables stop
Then try accessing Glassfish via IPv4. If that works then you can re-enable iptables and set the appropriate rules for your environment.
That CentOS isn't showing ports bound on IPv4 when they are also bound on IPv6 looks like a bug to me (2.6.32-358.23.2.el6.x86_64).
I just had this same problem. Not sure yet what triggered the issue, as I have two other servers with the same software that don't show this issue.
In my case, I was able to fix it by adding this environment variable:
export _JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"
Once I restarted Java with this variable, it bound to IPv4, but not v6. I'm curious as to why it's not binding to both.