Connecting to remote service to test RPC program - linux

I am working in a Linux Debian 7 distribution.
I programmed a very simple procedure to test onc-rpc.
The 'remote' call works fine when I call it this way:
test_client localhost
However, when I invoke it by calling a remote server IP:
test_client 202.170.91.155
I get an error message:
202.170.91.155: RPC: Port mapper failure - RPC: Unable to receive
I am just learning and I know almost nothing about portmapping in Linux.
The IP I was trying to call for the service is the IP address of the same machine. I speculate the rpcbind daemon does the necessary mapping for the server when you register a new service, but I really have no clue.
Which steps should I take in order to fix this error?

In the end, the issue has nothing to do with programming.
This kind of error may appear when the rpcbind daemon (In charge on giving information about the port where the requested service is listening) does not give a response to the calling machine.
This can happen due to errors in NAT or firewalling.
So, a first attempt to diagnose the problema, as with anything regarding networking, could involve verifying the connection is fine by making ping to every interface involved, from closest to furthest, making sure each jump works fine.
For instance, in the issue decribed above: Pinging the supposed internal server ip address (it failed) helped to discover that the machine was using an IP other than the intended (the one mapped to receive request to port 111).
Stopping and restarting eth0 configuration with ifdown/ifup correctly updated ipv4 info, effectively making reachable the rpc service.

Related

getting issues while trying to call api (local host) from real ios device(Mac OS)

first, I run the nodeJs server on localhost
then I tried to call API's from my real ios device, but I’m getting issues while connecting with local host
everything in working fine in case of android device and emulator
Try binding the backend on 0.0.0.0 if you want to test from a different device, but in the same network. The 0.0.0.0 will listen on all network interfaces where localhost might only listen to your local loopback net device.
You should also point to your network address where the backend is running from your iOS device.
You may find this other stack overflow question helpful.
That localhost URL would make the iPhone try to reach out to itself, you need to set that variable to an IP or URL that the iPhone can actually reach out to. You may find it helpful to use a tunnelling service like ngrok which will make an external URL that your server's localhost can be reached at.

Unable to Add Azure DB Firewall Rule to Allow Build Server to Run Tests

We use a Visual Studio Online-hosted build server to automate our build process. As part of this I'm looking into adding unit and integration tests into this process.
These tests require access to our SQL Azure DBs (2 of them, both on the same server), which in turn requires access through the DB server's firewall.
I have a PowerShell script which uses New-AzureRmSqlServerFirewallRule to add IP addresses to the DB server, and these firewall rules are successfully showing up in the Azure portal.
Specifically, the script adds firewall rules for:
All IPv4 addresses* on the build server (as returned by Get-NetIPAddress)
Build server's external IP address (as returned by https://api.ipify.org)
In conjunction, it appears that the pre-defined AllowAllAzureIPs and AllowAllWindowsAzureIps rules are automatically added.
However, the tests subsequently fail with the exception:
System.Data.SqlClient.SqlException:
System.Data.SqlClient.SqlException: A network-related or
instance-specific error occurred while establishing a connection to
SQL Server. The server was not found or was not accessible. Verify
that the instance name is correct and that SQL Server is configured to
allow remote connections. (provider: Named Pipes Provider, error: 40 -
Could not open a connection to SQL Server)
I'm unsure why the build server is unable to reach the DB server - could it be that the host of the test processes is using yet a different IP address?
Update
As has been pointed out, the exception message mentions "Named Pipes Provider" which suggests that the DB connection is using a named pipe instead of an IP/TCP connection. To test this I changed the local app.config to contain an unknown/random/inaccessible IP and ran the tests locally (they otherwise run successfully locally): I received exactly the same exception message mentioning "Named Pipes Provider". Perhaps at some level the ReliableSqlConnection class resolves to a named pipe but my point is that I can induce this very same exception by changing to an unknown or inaccessible IP address in my DB connection string.
Furthermore, the DB connection string starts with tcp: which, as per this blog post, explicitly tells the connection to use TCP/IP and not named pipes.
I have also modified the firewall rule to permit all IP addresses (0.0.0.0 to 255.255.255.255) but the same exception is still thrown. This suggests that the SQL Azure firewall rule is not the cause of the 'blockage'.
My suspicion therefore turns to network access being blocked (though a whitelist is probably present to permit the build server to reach the code repository). I added a very simple PowerShell script to the start of the build process:
Test-Connection "172.217.18.100" #resolves to www.google.com
This results in
Testing connection to computer '172.217.18.100' failed: Error due to lack of resources
Have the build servers disabled ping/ICMP or is all outgoing traffic blocked?
* The script only considers IPv4 addresses because I haven't had any success in passing IPv6 addresses to New-AzureRmSqlServerFirewallRule.
We finally solved the issue. The problem had nothing to do with Firewalls. The issue was that the app.config files in our unit test didn't go through the transformation step that our web.config files did. So all the settings were from our local development and therefore wrong.
More about this here:
Connect to external services inside Visual Studio Online build/test task
What connection string are you using? Your error seems to indicate that this is not truly a firewall issue, but rather a connection is being attempted to a server that doesn't exist.
My * incorrect * hypothesis right now is that your connection string contains only the server name, without .database.windows.net suffix which causes the client driver to look for server on local network. The error presented appears to not be a firewall related issue.
( Edited to reflect author feedback. )
If you're connecting over TCP, then why is your error message saying Named Pipes?
[...]
(provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
I'd look into this paradox first.
The firewall test is very simple, allow 0.0.0.0 to 255.255.255.255 or 0.0.0.0/0 and re-test. My money is on the same error message.

Amazon Nodejs webserver

I'm getting stuck here, so i have an amazon ec2 (standard redhat server) host up and working. i can connect to it personally no problem, however it cannot be connected to outside of my ip.
I've checked the rules and i have port 80 and 3000 open to 0.0.0.0/0 to be able to communicate, however outside of my computer (and computers in this network) i can not connect.
Everything I've found is about connecting to ssh which works fine, i have no rules in iptables, i haven't dealt much with them before, but since i can connect to the service i don't think its the issue.
summary:
Web server is running, i can connect from my computer to it, and any others in my local network, but nothing outside of it works.
i do have httpd installed as well as a simple forward from the browser to port 3000, however i cant connect to it either from outside my network.
so this is a new one for me, the dns forwarding works in houst, but not outside. so inside and outside here, i can use IP address to connect, but inside only i can connect with my dns lookup. not sure what caused this, but its not an amazon problem at least. going to look at that side.

linux refuse to open listening port from localhost

I have problem to open a listening port from localhost in a heavy loaded production system.
Sometimes some request to my port 44000 failed. During that time , I checked the telnet to the port with no response, I'm wonder to know the underneath operations takes there. Is the application that is listening to the port is failing to response to the request or it is some problem in kernel side or number of open files.
I would be thankful if someone could explain the underneath operation to opening a socket.
Let me clarify more. I have a java process which accept state full connection from 12 different server.requests are statefull SOAP message . this service is running for one year without this problem. Recently we are facing a problem that sometimes connection from source is not possible to my server in port 44000. As I checked During that time telnet to the service is not possible even from local server. But all other ports are responding good. they all are running with same user and number of allowed open files are much more bigger than this all (lsof | wc -l )
As I understood there is a mechanism in application that limits the number of connection from source to 450 concurrent session, And the problem will likely takes when I'm facing with maximum number of connection (but not all the time)
My application vendor doesn't accept that this problem is from his side and points to os / network / hardware configuration. To be honest I restarted the network service and the problem solved immediately for this special port. Any idea please???
Here's a quick overview of the steps needed to set up a server-side TCP socket in Linux:
socket() creates a new socket and allocates system resources to it (*)
bind() associates a socket with an address
listen() causes a bound socket to enter a listening state
accept() accepts a received incoming attempt, and creates a new socket for this connection. (*)
(It's explained quite clearly and in more detail on wikipedia).
(*): These operations allocate an entry in the file descriptor table and will fail if it's full. However, most applications fork and there shouldn't be issues unless the number of concurrent connections you are handling is in the thousands (see, the C10K problem).
If a call fails for this or any other reason, errno will be set to report the error condition (e.g., to EMFILE if the descriptor table is full). Most applications will report the error somewhere.
Back to your application, there are multiple reasons that could explain why it isn't responding. Without providing more information about what kind of service you are trying to set up, we can only guess. Try testing if you can telnet consistently, and see if the server is overburdened.
Cheers!
Your description leaves room for interpretation, but as we talked above, maybe your problem is that your terminated application is trying to re-use the same socket port, but it is still in TIME_WAIT state.
You can set your socket options to reuse the same address (and port) by this way:
int srv_sock;
int i = 1;
srv_sock = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(srv_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
Basically, you are telling the OS that the same socket address & port combination can be re-used, without waiting the MSL (Maximum Segment Life) timeout. This timeout can be several minutes.
This does not permit to re-use the socket when it is still in use, it only applies to the TIME_WAIT state. Apparently there is some minor possibility of data coming from previous transactions, though. But, you can (and should anyway) program your application protocol to take care of unintelligible data.
More information for example here: http://www.unixguide.net/network/socketfaq/4.5.shtml
Start TCP server with sudo will solve or, in case, edit firewalls rules (if you are connecting in LAN).
Try to scan ports with nmap (like with TCP Sync Handshake), or similar, to see if the port is opened to any protocol (maybe network security trunkates pings ecc.. to don't show hosts up). If the port isn't responsive, check privileges used by the program, check firewalls rules maybe the port is on but you can't get to it.
Mh I mean.. you are talking about enterprise network so I'm supposing you are on a LAN environment so you are just trying to localhost but you need it to work on LAN.
Anyway if you just need to open localhost port check privileges and routing, try to "tracert" and see what happens and so on...
Oh and check if port is used by a higher privilege service or deamon.
Anyway I see now that this is a 2014 post, np gg nice coding byebye

CentOS server: how to detect network status changes

I have setup a CentOS 6.4 server (minimal install) which is connected to network through an ethernet cable. The problem is that when the network link goes down, the status changes are not automatically detected but if i type "ifconfig" the interface still keeps its IP address (which is assigned by a DHCP server). After some time that the link is down the interface loses the address but when the link comes up again the network connection is not automatically restored like it would happen in a desktop computer. Even the command "dhclient eth0" does not always work to restore things, and I have to restart the whole network service with "/ect/init.d/network restart".
Is there any way to automatically detect network status changes like it happens in desktop installations? I'm thinking about a cron script that every 5 minutes pings a server outside my network and if it doesn't get any response it restarts network service, but this does not sound very efficient... is there another way?
EDIT: I realized I have not explained the situation correctly. My network topology is: server --> switch --> router --> external network (the router is another centos server with DHCPD).
For some reasons (that i'm not getting), when it happens that the router goes down and reboots, the other server becomes unreachable, and I have to manually restart network service on it. So the link does not effectively go down (the switch keeps it up), but the status change is at IP level.
You can check if you have NetworkManager enabled, I usually don't use it in the servers but it can help you in this case because it will monitor automatically the connections (it is quite common in desktop installations).
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-NetworkManager.html
To look for messages indicating an issue with the NIC just check the kernel ring buffer using the dmesg command.
For example when the cable is disconnected from a given interface this is what I get:
igb: eth1 NIC Link is Down
The first word will depend on the name of your network driver.
You could also configure the system to log these messages also to /var/log/messages (by default I am not sure if they appear there). Then it would be just a matter of monitoring the log, look for similar messages and restart the network service.
In any case the NetworkManager, if it is not already enabled, it should be an easier solution.
There is a module called miimon for monitoring the network interface's status. ethtool will give you the link status.
$ethtool eth0
...
Link detected: yes

Resources