Nodejs site cannot be shown in browser - node.js

I have set up a nodejs site on RHEL6. Everything looks fine but I cannot view our site in browsers (all fail in Chrome, Safari and IE9). I can use curl getting correct html response. Here is the test result with different tools.
Did anyone meet the same situation before?
~]$ nmap -v -A 123.150.207.18 -p80
Starting Nmap 5.21 ( http://nmap.org ) at 2013-06-13 07:51 CST
NSE: Loaded 36 scripts for scanning.
Initiating Ping Scan at 07:51
Scanning 123.150.207.18 [2 ports]
Completed Ping Scan at 07:51, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:51
Completed Parallel DNS resolution of 1 host. at 07:51, 4.00s elapsed
Initiating Connect Scan at 07:51
Scanning 123.150.207.18 [1 port]
Discovered open port 80/tcp on 123.150.207.18
Completed Connect Scan at 07:51, 0.00s elapsed (1 total ports)
Initiating Service scan at 07:51
Scanning 1 service on 123.150.207.18
Completed Service scan at 07:51, 11.13s elapsed (1 service on 1 host)
NSE: Script scanning 123.150.207.18.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 07:51
Completed NSE at 07:51, 0.03s elapsed
NSE: Script Scanning completed.
Nmap scan report for 123.150.207.18
Host is up (0.00057s latency).
PORT STATE SERVICE VERSION
80/tcp open http?
|_http-favicon: Unknown favicon MD5: 1D0E785BFCEDDE5326C2460E9F9B261D
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=5.21%I=7%D=6/13%Time=51B90999%P=x86_64-redhat-linux-gnu%r(
SF:GetRequest,233B,"HTTP/1\.1\x20200\x20OK\r\nX-Powered-By:\x20Express\r\n
SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x208714
SF:\r\nETag:\x20\"891558458\"\r\nSet-Cookie:\x20connect\.sid=s%3AkL3pj-Tzt
SF:rF-hh7Mtjhc85Br\.Nfkgt%2FzHRJ%2FIFiIIqNqW0sSQ7%2F%2Brx%2FWldcrVkNrhQLA;
SF:\x20Path=/;\x20HttpOnly\r\nDate:\x20Wed,\x2012\x20Jun\x202013\x2023:51:
SF:53\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20l
SF:ang=\"en\">\n<head>\n\x20\x20\x20\x20<meta\x20charset=\"utf-8\">\n\x20\
SF:x20\x20\x20<meta\x20http-equiv=\"content-type\"\x20content=\"text/html;
SF:\x20charset=UTF-8\">\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20con
SF:tent=\"width=device-width,\x20initial-scale=1\.0\">\n\x20\x20\x20\x20<m
SF:eta\x20name=\"description\"\x20content=\"\">\n\x20\x20\x20\x20<meta\x20
SF:name=\"author\"\x20content=\"\">\n\x20\x20\x20\x20<title>\xe7\x95\xaa\x
SF:e8\x8c\x84\xe5\xbf\xab\xe8\xb7\x91\x20--\x20\xe4\xb8\xad\xe5\x9b\xbd\xe
SF:6\x9c\x80\xe5\xb0\x8f\xe5\xb7\xa7\xe7\x9a\x84\xe6\x97\xb6\xe9\x97\xb4\x
SF:e7\xae\xa1\xe7\x90\x86\xe5\xb7\xa5\xe5\x85\xb7</title>\n\x20\x20\x20\x2
SF:0<link\x20rel=\"shortcut\x20icon\"\x20href=\"\./tomatodo/img/tomato_32\
SF:.png\">\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20href=\"\./boots
SF:trap/css/bootstrap\.css\">\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"
SF:\x20href=\"\./bootstrap/css/bootstrap-responsive\.css\">\n\x20\x20\x20\
SF:x20<link\x20rel=\"styleshee")%r(HTTPOptions,109,"HTTP/1\.1\x20404\x20No
SF:t\x20Found\r\nX-Powered-By:\x20Express\r\nContent-Type:\x20text/plain\r
SF:\nSet-Cookie:\x20connect\.sid=s%3A_s6k4167c1xZ4bmi6GaUW0ld\.OcixsFK4HAI
SF:53dXqebPJ%2FNp0EPpGtDMPsFRvTFkLj8A;\x20Path=/;\x20HttpOnly\r\nDate:\x20
SF:Wed,\x2012\x20Jun\x202013\x2023:51:53\x20GMT\r\nConnection:\x20close\r\
SF:n\r\nCannot\x20OPTIONS\x20/")%r(FourOhFourRequest,12A,"HTTP/1\.1\x20404
SF:\x20Not\x20Found\r\nX-Powered-By:\x20Express\r\nContent-Type:\x20text/p
SF:lain\r\nSet-Cookie:\x20connect\.sid=s%3AiYSdu5oWddVC54Rergi65gAg\.TOE5n
SF:nutt90l1Xjv%2BG28sy%2BA230zvU9ccDqNTgQEQco;\x20Path=/;\x20HttpOnly\r\nD
SF:ate:\x20Wed,\x2012\x20Jun\x202013\x2023:51:53\x20GMT\r\nConnection:\x20
SF:close\r\n\r\nCannot\x20GET\x20/nice%20ports%2C/Tri%6Eity\.txt%2ebak");
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.36 seconds
~]$ sudo netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2183/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2073/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2259/master
tcp 0 0 0.0.0.0:56378 0.0.0.0:* LISTEN 1924/rpc.statd
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 20904/mongod
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 11590/redis-server
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1903/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21220/node
tcp 0 0 0.0.0.0:28017 0.0.0.0:* LISTEN 20904/mongod
tcp 0 0 :::22 :::* LISTEN 2183/sshd
tcp 0 0 ::1:631 :::* LISTEN 2073/cupsd
tcp 0 0 ::1:25 :::* LISTEN 2259/master
tcp 0 0 :::40334 :::* LISTEN 1924/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1903/rpcbind
udp 0 0 0.0.0.0:55512 0.0.0.0:* 1924/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1903/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2073/cupsd
udp 0 0 0.0.0.0:806 0.0.0.0:* 1903/rpcbind
udp 0 0 0.0.0.0:828 0.0.0.0:* 1924/rpc.statd
udp 0 0 :::49640 :::* 1924/rpc.statd
udp 0 0 :::111 :::* 1903/rpcbind
udp 0 0 :::806 :::* 1903/rpcbind
~]$ sudo /sbin/service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 80,8080
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
~]$ curl 123.150.207.18:80
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
......

It resolved after I correct the iptables settings. No issue in other configurations.

Related

Docker on AWS ElasticBeanstalk: "host.docker.internal: host-gateway": Connection refused. Iptables issue?

So I have a multicontainer project running on AWS ElasticBeanstalk (latest Docker platform).
The containers share the same bridge network since they need to be able to communicate with each other (ports 3000, 8080, 9090, 9100). But one of those containers needs to be able to communicate with the host too (ports 55113, 56113).
This is normally possible by just adding extra_hosts: "host.docker.internal:host-gateway" to that container and then using host.docker.internal instead of localhost inside the container, i.e. host.docker.internal:55113. I've successfully used it before on a Debian.
But this is not working on AWS ElasticBeanstalk, the connection is refused.
Am I doing something wrong? Is there any workaround?
AWS ElasticBeanstalk Platform:
Docker running on 64bit Amazon Linux 2/3.4.2
Host's Docker & Docker-Compose versions:
$ sudo docker --version
Docker version 20.10.4, build d3cb89e
$ sudo docker-compose --version
docker-compose version 1.29.2, build unknown
Project's docker-compose.yml: (showing only the relevant parts)
version: "3.9"
services:
prometheus:
image: prom/prometheus:v2.28.1
container_name: prometheus
ports:
- 9090:9090
extra_hosts:
- host.docker.internal:host-gateway # <-------- EXTRA HOST
networks:
default:
name: monitoring
Container debug:
$ sudo docker exec -it prometheus cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.1 host.docker.internal # <-------- the mapping is present
172.25.0.4 f01ffc6b2a8a
$ sudo docker exec -it prometheus wget host.docker.internal
Connecting to host.docker.internal (172.17.0.1:80)
wget: can't connect to remote host (172.17.0.1): Connection refused
$ sudo docker exec -it prometheus wget host.docker.internal:55113 # <-------- the port I want to reach
Connecting to host.docker.internal:55113 (172.17.0.1:55113)
wget: can't connect to remote host (172.17.0.1): Connection refused
Host's iptables (configured by AWS and/or Docker, I didn't edit it):
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o br-a8a58f19c627 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-a8a58f19c627 -j DOCKER
-A FORWARD -i br-a8a58f19c627 ! -o br-a8a58f19c627 -j ACCEPT
-A FORWARD -i br-a8a58f19c627 -o br-a8a58f19c627 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.25.0.2/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER -d 172.25.0.3/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 9100 -j ACCEPT
-A DOCKER -d 172.25.0.4/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 9090 -j ACCEPT
-A DOCKER -d 172.25.0.5/32 ! -i br-a8a58f19c627 -o br-a8a58f19c627 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i br-a8a58f19c627 ! -o br-a8a58f19c627 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o br-a8a58f19c627 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
Host's open ports:
$ netstat -tuplen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN 0 200315 -
tcp 0 0 127.0.0.1:55113 0.0.0.0:* LISTEN 1000 119886 -
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN 0 200280 -
tcp 0 0 127.0.0.1:22221 0.0.0.0:* LISTEN 1001 197452 -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 14121 -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 0 201081 -
tcp 0 0 127.0.0.1:56113 0.0.0.0:* LISTEN 1000 119890 -
tcp 0 0 127.0.0.1:38581 0.0.0.0:* LISTEN 0 20325 -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18585 -
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 0 201164 -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 16235 -
tcp6 0 0 ::1:55113 :::* LISTEN 1000 119885 -
tcp6 0 0 :::111 :::* LISTEN 0 14124 -
tcp6 0 0 ::1:56113 :::* LISTEN 1000 119889 -
tcp6 0 0 :::22 :::* LISTEN 0 18594 -
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 15762 -
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 14119 -
udp 0 0 127.0.0.1:323 0.0.0.0:* 0 14990 -
udp 0 0 0.0.0.0:979 0.0.0.0:* 0 14120 -
udp6 0 0 fe80::ed:19ff:fe84::546 :::* 0 16539 -
udp6 0 0 :::111 :::* 0 14122 -
udp6 0 0 ::1:323 :::* 0 14991 -
udp6 0 0 :::979 :::* 0 14123 -
I'm new in the field.
Your logs shows that your port is listening on localhost (127.0.0.1:56113) instead of all IPs (eg 0.0.0.0:8080).
In my case the port forward rule on the host machine has to be modified to -L0.0.0.0:<lport>:<ip>:<rport> .

Tight VNC server and Gucamole

I have a VM in which I installed the VNC server (TightVNC) using the link : https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-18-04
It is installed successfully and I can see the port 5901 running
/etc/tigervnc$ netstat -tulpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 16460/Xtigervnc
tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 16183/Xtigervnc
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:5901 :::* LISTEN 16460/Xtigervnc
tcp6 0 0 ::1:5902 :::* LISTEN 16183/Xtigervnc
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
udp 0 0 0.0.0.0:36618 0.0.0.0:* -
udp 29184 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 7680 0 0.0.0.0:5353 0.0.0.0:* -
udp6 0 0 :::37372 :::* -
udp6 20736 0 :::5353 :::*
Now from my local machine, I tried to do the port binding to my local from VM (as per the link https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-18-04)
ssh -L 5901:127.0.0.1:5901 -C -N -l test 172.1.1.1
In my local machine, I able to see the port is binded to 5901
/etc/guacamole$ fuser 5901/tcp
5901/tcp: 22049
Now when I try to take the VNC connection using 127.0.0.1:5901, It promopts for VM's password and shows only the blank page.
Could someone help me with this?
Thanks,
Hari
edit your ~/.vnc/xstartup file thus:
#!/bin/sh
startxfce4 &
I had the same problem and this solved it
For reference i got it from here:
https://www.raspberrypi.org/forums/viewtopic.php?t=52557
You can also try killing and restarting your VNC server
kill $(pgrep Xvnc)
vncserver
Are you trying to VNC from the local machine to the local machine? I am assuming just for testing correct?
If you are not getting a rejection, at least it should be talking to the service.

Redirect web server from port 5000 to port 80 on localhost (Fedora)

On Fedora 24, a web server (Node.js) is running (standalone, no apache/others) on port 5000. Trying to making it accessible on port 80.
http://localhost:5000 works
Tried this:
systemctl stop firewalld
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5000
http://localhost doesn't work
Tried this
systemctl restart firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --zone=external --add-masquerade
firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: mdns ssh dhcpv6-client samba-client https http
ports: 1025-65535/tcp 1025-65535/udp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=5000:toaddr=
source-ports:
icmp-blocks:
rich rules:
Additional info
Tried these
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 5000
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 5000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ifconfig
enp0s25: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ip route
default via 192.168.1.1 dev wlp3s0 proto static metric 600
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.4 metric 600
For others it just works:
Best practices when running Node.js with port 80 (Ubuntu / Linode)
Running node as root on port 80 works. Note, there's no IPv4:
netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:4433 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:51157 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 900/postgres
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17600 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17603 0.0.0.0:* LISTEN 3203/dropbox
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::4433 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::51157 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::5432 :::* LISTEN 900/postgres
tcp6 0 0 :::17500 :::* LISTEN 3203/dropbox
tcp6 0 0 :::34017 :::* LISTEN 10532/code
tcp6 0 0 :::5858 :::* LISTEN 30394/node
tcp6 0 0 :::5000 :::* LISTEN 30394/node
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 --permanent
#make port forwarding work on localhost
iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 5000
You should avoid using iptables for things like this, but on Fedora you'd need to setup the firewall appropriately. Also this question has nothing to do with Node.js
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
Related: https://unix.stackexchange.com/questions/39216/cannot-connect-to-fedora-on-port-80

telnet refused on specific port on AWS instances

I'm tryign to telnet from one linux env (10.205.116.141) to 10.205.117.246 on port 7199 but keep getting a connection refused. I did a chkconfig iptables off on both servers and even make sure iptables if stopped as well.
what else should I be looking at?
[root#ip-10-205-116-141 bin]# telnet 10.205.117.246 7199
Trying 10.205.117.246...
telnet: connect to address 10.205.117.246: Connection refused
trace route seems to be working as well...
[root#ip-10-205-116-141 bin]# traceroute 10.205.117.246 -p 7199
traceroute to 10.205.117.246 (10.205.117.246), 30 hops max, 60 byte packets
1 ip-10-205-117-246.xyz.cxcvs.com (10.205.117.246) 0.416 ms 0.440 ms 0.444 ms
also, I'm on a aws vpc so we don't get public IPs provisioned for use...
checked my security group and it looks like all ports are open as well
EDIT:
here is netstat as well, they look the same on both nodes:
[ec2-user#ip-10-205-116-141 ~]$ netstat -an | grep LISTEN
tcp 0 0 127.0.0.1:46626 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9160 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:36523 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9042 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2738 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 10.205.116.141:7000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4445 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7199 0.0.0.0:* LISTEN
shouldn't 127.0.0.1:7199 really be 10.205.116.141:7199?
sorry, can't post a sc of the security groups...

Unable to connect to imap via telnet remotely

If I try:
telnet localhost 143
I can get access to imap
If I try
telnet server.name 143
I get
telnet: Unable to connect to remote host: Connection timed out
See output of my netstat.
netstat --numeric-ports -l | grep 143
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp6 0 0 :::143 :::* LISTEN
What does the above output mean?
Am at my wits end cannot get imap to work remotely, works perfectly with webmail on the server.
I'm accessing the server from laptop terminal remotely, and locally for localhost connection
The output you quote:
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp6 0 0 :::143 :::* LISTEN
means that you have a program (presumably your imap server) listening on port 143 via tcp (on both IPv4 and IPv6). And the "0.0.0.0" part means it should accept connections from any source. (If it said "127.0.0.1:143" for the local address, it would mean that only local connections would be accepted.)
So, since it looks like you have the serer listening correctly, I'd first check that server.name actually resolves to the correct IP address. Can you contact any other services on that server to make sure that part works?
Assuming that that works, then the next thing I'd check would be your firewall. You might look at http://www.cyberciti.biz/faq/howto-display-linux-iptables-loaded-rules/ but you could probably start by just running:
sudo iptables -L -v
On my machine which has no firewall rules I get this:
$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
If you get something much different, the I'd take a closer look to see if that's blocking your traffic.

Resources