I set my linux as an access point, and then run simple web-server that print "hello world" at port 3000.
and connect it with my smart phone successfully.
in linux terminal, http://localhost:3000 works well.
But in smart phone,
If I access to http://172.24.1.105:3000, can't connect to it. (172.24... is ap's ip)
the chrome's error message is
This site can't be reached. 172.24.1.105 refused to connect
I searched Google (https://serverfault.com/questions/725262/what-causes-the-connection-refused-message) and I suspicious linux's firewall.
pi#raspberrypi:~/prj/ap_server $ sudo tcpdump -n icmp
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
... when I access to port 3000,
15:07:13.102750 IP 192.168.0.3 > 168.126.63.2: ICMP 192.168.0.3 udp port 42531 unreachable, length 386
the log is above. so I couldn't reach ap's webserver.
so I wonder two things...
1. How can I disable to its port block?
2. in tcpdump log, I access to port 3000 actually, why the log print port 42531?
Plus)
even I type sudo service iptables stop, the problem is not solved
sudo netstat -ntlp | grep 3000 logs:
**tcp6 0 0 :::3000 :::* LISTEN 1999/nodejs**
+I followed this tutorial-> https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/ .
and there is ipv4 setting.
If you want to run it on your mobile it will work on Live IP (externel) address
if it is working fine on local address (localhost) and not on live IP then
enable routing from your router
and allow that specific port it will work fine.
I found the issue.
my dhcp set was
interface=wlan0 # Use interface wlan0
listen-address=172.24.1.1 # Explicitly specify the address to listen on
bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere
server=8.8.8.8 # Forward DNS requests to Google DNS
domain-needed # Don't forward short names
bogus-priv # Never forward addresses in the non-routed address spaces.
dhcp-range=172.24.1.50,172.24.1.150,12h # Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time
like above.
I tried to connect the external ip(172.24.1.105) that I can see on mobile continuously but got failed. but when I tried with 172.24.1.1, then success.
I don't know why. maybe there is accurate ip address and something in mobile is temporal.
See similar topic at Node JS not listening to port 1337 on server
Your web server is not listening remote address.
Related
I have website working fine on my local machine as host name hml.frontend in the hosts file: 127.0.0.1 hml.frontend
In IIS I have bindings as hml.frontend 127.0.0.1 and hml.frontend 192.168.1.94. The latter I used ipconfig to get my local ip address issued to me by my BT Home Hub 5 router.
In windows 10 firewall I have allowed App/Feature NetLogon service and World Wide Web services (HTTP).
In advanced settings in Inbound Rules I have added a rule which allow the connection from all sources to ports 80 and 443. Scope is any IP addresses.
On my macbook I have added the 192.168.1.94 as hml.frontend to the hosts file.
I can ping hml.frontend OK from the macbook.
However from a web browser the http://hml.frontend site cannot be reached from the macbook.
telnet 192.168.1.94 80 from the macbook says unable to connect to remote host.
Back on the PC I have done netstat -na to see which ports IIS is listening on and 127.0.0.1:80 is there and so is 192.168.1.94:139 and many more ports against that IP address but not port 80.
Any ideas what I can check to get my PC to listen for that website hostname on port 80?
I got it to work, I was on the right track that the IP address was not being listened to.
In order to add the ip address I have to be listened to, I went into cmd as adminstrator, did
netsh
http
show iplisten
'show' result shows that just 127.0.0.1 was being listened on port 80
add iplisten ipaddress=192.168.1.94
show iplisten
quit
'show' result shows that now additionally 192.168.1.94 is being listened on port 80
Then I went back in with
netstat -na
And now I see the line I want:
TCP 192.168.1.94:80 0.0.0.0:0 LISTENING
Some information was gained from this article.
http://windowsitpro.com/windows-server/solve-iis-listener-problems
The site is now reachable from my macbook using the hostname http://hml.frontend
I'm running a "hello world" http server using node.js on Fedora 20.
I can see "hello world" using my Firefox by typing any of the following in my address bar: 192.168.2.85, localhost, 0.0.0.0, 192.168.122.1
I thought I would be able to open a browser on my wife's computer when she's connected to the same DCHP NAT router, type 192.168.2.85 in the address bar, and see "hello world".
However, her Chrome33 says "This webpage is not available" or "Oops! ...could not connect to 192.168.2.25." Her IE9 says "...cannot display the webpage." But from her command prompt I can ping 192.168.2.85.
On her computer (Windows 7), I tried turning off Windows Firewall and turning off antivirus.
On my computer, I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
On our microsoft router, I tried Persistent Port Forwarding (inbound port range 80-80, private port range 80-80, type TCP, Private ip 192.168.2.85) and Enable virtual DMZ for 192.168.2.85. (I hope I'm not giving enough info to allow an attack?) I saw no reference to WDS in my router.
what should I do to make my node.js app available to other computers in my home? I'm new to all this.
Here's some more details . . .
netstat -ntlp
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4566/node
cat test.js
var http = require("http");
var app = http.createServer(function(request, response) {
response.writeHead(200, {
"Content-Type": "text/plain"
});
response.end("hello world\n");
});
app.listen(80); //192.168.2.85
console.log("Server running...");
I've looked at:
Cannot browse site hosted on local machine from a mobile
Node.js connect only works on localhost
How do I run Node.js on port 80?
connecting to node.js http server on linux machine from windows machine
Node.JS Not working on the internet
and others.
If you have a Linux server without a GUI, you can set up the firewall manually using the firewall-cmd command...
# list current settings prior to changes; this is your baseline
firewall-cmd --zone=internal --list-all
# add the http services (https is optional based on your needs)
firewall-cmd --zone=internal --add-service=http
firewall-cmd --zone=internal --add-service=https
# I am using port 8080 with node.js just to differentiate it (optional)
firewall-cmd --zone=internal --add-port=8080/tcp
# the zone 'public' is the default zone on my machine but it is not
# associated with the eth0 network adapter. however, the zone 'internal' is,
# therefore, make 'internal' the default zone
firewall-cmd --set-default-zone=internal
# make the changes permanent so that they are present between reboots
firewall-cmd --runtime-to-permanent
# reload all of the firewall rules for good measure
firewall-cmd --complete-reload
# list out the current settings after changes
firewall-cmd --zone=internal --list-all
That's it. Hope this helps someone.
First, I added a zone line to the ifcfg file for the home network.
# vi /etc/sysconfig/network-scripts/ifcfg-<router-ssid-name>
. . .
ZONE=internal
Then I rebooted to ensure change took place.
Then in terminal I typed
firewall-config
It opens in the public zone, which is default, and allows the administrator to select trusted services.
(If I get 10 reputation points I can include my screenshot here.)
If the ZONE is not set in ifcfg as above, then selecting the (public) http checkbox will still work.
But if ZONE=internal in the ifcfg file, then click on internal zone and select http there, for the added security. (Or I could have used ZONE=home or ZONE=work or ZONE=trusted. Same idea.) The change is immediately applied. The other computer's browser could see my "hello world".
Finally, at the top, I changed Runtime to Permanent from the dropdown list and closed the window.
I had thought I was accomplishing the same thing earlier when I tried
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
so I guess I need to look into what the difference is.
Thanks to jfriend00 for pointing me in the right direction. (If I had reputation I would upvote your comment.)
My laptop is running a local neo4j server. I can use it with localhost:7474 but when i try connecting it with 192.168.1.12:7474 it is unreacheable.
Turns out linux is blocking connections other than web server port 80. Because i can access my Apache server on 192.168.1.12/
I am trying to allow TCP connections on port 7474 by using
iptables -A TCP -p tcp --dport 7474 -j ACCEPT
but it gives a response as -
iptables: No chain/target/match by that name.
How can i make other clients access neo4j server running at my laptop on port 7474. My laptop IP addr is 192.168.1.12.
I doubt that it is blocking it. Probably your neo4j server is only running at 127.0.0.1. You can check this out with netstat -nplt: you will probably see something (the apache) listening on 0.0.0.0:80 or :::80 (e.g. catchall address) but on port 7474 you will probably only see 127.0.0.1:7474 or ::1:7474. If this is the case you need to reconfigure your neo4j server to listen not only on localhost (don't know how, checkout the documentation).
Okay. I had uncommented the webserver address line but it still wasn't working.
So i reinstalled neo4j. That solved it. Weird but worked.
Hi StackOverflow members,
I have an issue with ssh connection on my Debian 7 system to a remote OpenSSH server located on the same network. It looks like there is some network configuration problem but I cann't find where it lays. This two debian machines are connect with a switch that is NOT connected to a router. So the two machines have no internet connection.
A-Debian 7
IP: 192.168.1.2
MASK: 255.255.255.0
GW: 192.168.1.1
B-Debian 7
IP: 192.168.1.3
MASK: 255.255.255.0
GW: 192.168.1.1
With that configuration the ssh command prompts my for a password in less then a second. But the with the following network configuration I get the password prompt after a 10+ second delay:
A-Debian 7
IP: 10.10.1.83
MASK: 255.255.255.128
GW: 10.10.1.1
B-Debian 7
IP: 10.10.1.82
MASK: 255.255.255.128
GW: 10.10.1.1
The ssh connection from the server A -> B runs with both configs on custom 1111 port.
The B machine has also a Web server running on port 8080 that has no delays with both net configurations.
Thank you in advance for any clues or tips how to solve that problem.
SOLVED: Removing of the gateway parameter "GW: 10.10.1.1" in the network settings has solved the problem.
The usual culprits here are IPv6 and DNS lookups.
SSH might try to connect via IPv6, first, but the timeout is too low for that. You can see whether IPv6 is enabled with
cat /proc/sys/net/ipv6/conf/eth0/disable_ipv6
To disable:
echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6
The second culprit is DNS; my guess is that DNS lookups don't work correctly with the second configuration. Try host www.google.com to test this theory.
If that also has a delay, you need to fix your DNS setup.
If that's not it, check the rest of your networking parameters: Gateway, cables, etc.
Start to ping the other host. Is that fast & reliable?
Next, try remote login (ssh, telnet). Note that you can give telnet a port to connect to, so if you have DB server running, you can still use telnet to connect to the server. It will print an error but it allows you to test the TCP/IP connection without any extra error sources.
Sorry in advance for such a noob question, but I'm certainly a noob.
My question is what does it mean to LISTEN or ACCEPT on a port as it relates to my example?
EXAMPLE:
I have a tomcat server, and It will use port 8080. I want to make sure that port is available for me to use.
What commands should I perform on my unix server and why?
what information would a command like this give me: netstat -an | grep LISTEN
If a port shows up as LISTEN in netstat, it means the port is in use by a server process, so you can't use it. Here is an example:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
which shows that port 631 is in use.
Ignore the UNIX type sockets at the end - they are irrelevant.
For checking port 8080 is in use or not, you can simply use the command netstat -an|grep 8080. If you get an output in below format, that means 8080 is already in use and you need to assign a new port for the tomcat.
# netstat -an
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc,
a option with netstat will give you both listening and non listening ports
n option when you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name. This also speeds up the output, as netstat is not performing any look-up.
For more understand the use of netstat command here are its options:
-a : All ports
-t : Ports TCP
-u : Ports UDP
-l : Listening ports
-n : IP address without domain name resolution
-p : Name of the program and it associated PID
So:
-To display all port (TCP & UDP), PId with the associated name of the program :
$ netstat -paunt
-To display all Listening ports (TCP), PId with the associated name of the program : (and we can also filter with the grep command)
$ sudo netstat -plnt | grep ':80'
I hope it will be helpful :)
You can also use telnet to check if the port is open and listening e.g,
Zeeshan$ telnet google.com 80
Trying 173.194.35.5...
Connected to google.com.
Escape character is '^]'.
I am telnetting google.com on port 80. If you see the third line in the output, you will notice it says it is connected with the Google's web server. The same way you have a JAVA application server called Tomcat and it is listening on port 8080. In fact it is asking clients to connect to it on port 8080 so it can give away the JAVA services to client. When I will use from a client side telnet localhost 8080 I will be connected the same way I have connected with Google's web server on port 80. Provided that Tomcat is running and listening on port 8080. If port 8080 is not free and occupied by some other application you can simply change the port 8080 to another free port. Telnet should give you the following status:
accepted (connected), refused, and timeout
connection refused - nothing is running on that port
accepted - some application is running on the port
timeout - a firewall is blocking access
So now there are two possible ways to check. From the same machine you are running Tomcat server:
telnet localhost 8080
Of if you want to check it from some other machine or outside of the network:
telnet 192.168.1.1 8080
I hope that helps.
use can also run the below command, it will list the Port and corresponding PID, if any process is using those ports
netstat -tulpn