Cannot connect to MySQL Server on RHEL 5.7 - firewall

I have a standard MySQL Server running on Red hat 5.7. I have edited /etc/my.cnf to specify the bind address as my server's public IP address.
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
# Disabling symbolic-links is recommended to prevent assorted security risks ;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
bind-address=171.67.88.25
port=3306
And I have also restarted my firewall
sudo /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
/sbin/service iptables save
When connecting from a remote computer, I issue
mysql -u jeffrey -p --host=171.67.88.25 --port=3306 --socket=/var/lib/mysql/mysql.sock
but receive an error:
ERROR 2003 (HY000): Can't connect to MySQL server on '171.67.88.25' (113).
Does anyone know why this is? I have also asked the network administrator to open port 3306 for this box

Related

How can I set SSH connection to my server via just OPENVPN

I want to connect to my server via limited ip adresses. I thought that may be I can connect to my server via OPENVPN that is installed on my server. I have modified hosts.allow and hosts.deny files in /etc
/etc/hosts.allow file :
sshd : x.x.x.x (server ip )
/etc/hosts.deny file :
sshd : ALL
But I cant connect to my server via OpenVPN at the moment. OpenVPN has different ip adress like 10.8.0.x.
How I can set SSH connection to my server via OpenVpn?
You can use the ListenAddress directive in /etc/ssh/sshd_config to force SSHD to only listen on a specific IP address, namely the OpenVPN private address of your server, e.g.:
ListenAddress 10.8.0.1
This prevents sshd from listening on any other interfaces, including the public ones (by default sshd listens on all the available interfaces). Just make sure you restart sshd after updating the configuration.
After that to connect to SSH you will need to first establish the OpenVPN connection and then ssh into 10.8.0.1.
i suggest using iptables to limit IP addresses
iptables -A INPUT -s x.x.x.x -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

How does one open a tensorboard port in Linux?

I have some tensorboard data and I want my server to let me see the data. I don't want to have to send the tensorboard data files to my computer, so it would be ideal if I can just access them remotely. How does one do that? I would assume that the server would just host it as a normal website? What are the Tensorboard commands for this?
I know that locally one can do:
tensorboard --logdir=path/to/log-directory
and then go to the browser to do:
http://localhost:6006/
but is it possible to the equivalent from a server and then just read the data in my local browser/computer from the server?
Assuming that there is no firewall preventing access to port 6006 from the outside, and that your server's address is server.example.com you should be able to simply type http://server.example.com:6006 into your browser and have it work.
In case of a restrictive firewall, tunneling the tensorboard port over SSH using Local Port Forwarding is a good approach (this is also more secure than opening random ports publicly). When logging in to your server, you could type (for instance):
ssh -L 12345:localhost:6006 server.example.com
After that, start tensorboard on the server as usual, and you will be able to access it at http://localhost:12345 in your browser.
mvoelske instructions for setting up port forwarding are correct. If you have administrative privileges on the machine, you can open port 6006 to your IP address using the following commands:
$ sudo iptables -A INPUT -p tcp -s <insert your ip> --dport 6006 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --sport 6006 -m conntrack --ctstate ESTABLISHED -j ACCEPT
The iptables change can be saved with the following command:
$ sudo service iptables save
Note that this is for CentOS v6 and below. CentOS v7 and above used Firewalld by default.
If you have reached this stackoverflow question because you are troubleshooting a previously working TensorBoard setup, you might consider adding the --bind-all flag to your command line.
$ tensorboard --logdir=path/to/log-directory --bind-all
This resolved my problem reaching TensorBoard by URL within an internal network.
http://my_server.company.com:6006

Cannot connect to google compute engine virtual machine by vnc

I have created a debian wheezy virtual machine in google compute engine but I am unable to connect to it with vnc.
Here is what I have done
Installed gnome and the rebooted the VM
install tightvncserver and started it
I have tried to connect using the static ip that I've attached to the VM but I'm getting the error: "the connection was refused by the host computer".
I thought it was the firewall that was the issue so I disabled iptable using the following commands
$ sudo iptables-save > /root/firewall.rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
and I have created rules in google firewall to allow ports 0-65535 for tcp and udp but it still does not work.
Anyone knows how to do it?
Thanks in advance
By default, all incoming traffic from outside a network is blocked and no packet is allowed into an instance without an appropriate firewall rule. To allow incoming network traffic, you need to set up firewall rules to permit these connections:
start the VNC service
look at VNC server settings or netstat -nap to find out the listening port of vnc server
under Google Developer console -> Compute Engine -> Networks -> default -> Firewall rules
create a new rule and open appropriate ports for incoming vnc connections.
VNC uses by default port 5901. In the 'VNC server' field, specify the ip address and the port 5901.
Example: VNC ***Server: 123.123.123.123:5901
Encryption: let VNC Server choose***
Be aware that the free edition of VNC doesn't support encryption, it only encrypts your user name and password. One thing also to configure is /etc/sysconfig/vncservers file where you have to specify the user and the port that VNC server should listen to, and make sure it's not commented
Example:
VNCSERVERS="1:USERNAME"
VNCSERVERAR0GS[1]="-geometry 800x600 -listen tcp -5901"

Postgres starting issue

I'm having an issue with PostgreSQL
anytime I run
psql -h localhost
I get
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
A. First make sure PostgreSQL server has been started to remote server.
# /etc/init.d/postgresql start
If it is running and you get above error, you need to add enable TCP/IP support. By default, the PostgreSQL server only allows connections to the database from the local machine or localhost. This is a security feature.
Step # 1: Allow remote IP address to access PostgreSQL
You need to open file called /var/lib/pgsql/data/pg_hba.conf. Login as postgres user using su command:
$ su - postgres
$ vi /var/lib/pgsql/data/pg_hba.conf
Now append following line. Let us say you would like to give access to 192.168.1.0/24 network:
host all all 192.168.1.0 255.255.255.0 trust
Please replace 192.168.1.0 and 255.255.255.0 to reflect the actual network IP address range of the clients system in your own network.
Save close the file.
Step # 2: Allow communication over TCP/IP
You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf
$ vi /var/lib/pgsql/data/postgresql.conf
Now bind and open TCP/IP port by setting tcpip_socket to true:
tcpip_socket = true
Save and close the file.
Step # 3: Restart PostgreSQL server
Restart the PostgreSQL server with the following command
# /etc/init.d/postgresql restart
This will open default port 5432.
Step # 4: Test your setup
Use psql command from client system as follows:
psql -h PostgreSQL-IP-ADDRESS -U USERNAME -d DATABASENAME
Connect to remote server by IP address 192.168.1.5 and login using vivek user to connect to sales database, use:
$ psql -h 192.168.1.5 -U vivek -d sales
Where,
-h 192.168.1.5 : Specifies the host name of the machine or IP address (192.168.1.5) on which the server is running.
-U vivek : Connect to the database as the vivek username instead of the default. You must have account and permission to connect as vivek user.
-d sales : Specifies the name of the database (sales) to connect to.
For anyone reading this and using Postgres.app, you may need host: localhost in your database.yml. http://postgresapp.com/documentation#toc_3

Openfire and Windows Azure

Has anyone installed OpenFire on Windows Azure before?
Is it easy to create another instance with the OpenFire in it?
Thanks!
Yes, I've installed openFire on both EC2 (Linux) and Azure. It is a painless as you could imagine.
get a VM
install java
install openfire
install openfire db to SQL azure (connection string syntax below)
jdbc:jtds:sqlserver://SQLAzInstance.database.windows.net:1433/OpenFireSqlDBName;ssl=require
be sure to allow proper ports through the endpoints tab of the virtual machine in the new azure management portal
TCP 5222/5223 (std/SSL client connectivity)
TCP 5269 (server-to-server)
TCP 9090 (default openfire web ui port, you could change this)
Log into your Windows Azure account.
Create a Machine running Ubuntu 14 LTS
Then go to your SSH client (for Mac and Linux users, you can use the terminal by typing
ssh username#servername e.g. ssh joel#chatserver.cloudapp.net ) and for Windows users, you can install PuTTy SSH client which comes with BitVise.
log in as an admin by typing
sudo su
then update the sever by typing
apt-get update
then check for any new releases by typing
apt-get upgrade
Then check if java is installed (it is usually not installed anyway) by typing
java -version
if it is not installed, install it by typing
apt-get install default-jre
accept it to install by typing y to mean yes
wait for it to install
then install openfire by first downloading it. You use the wget command to download it directly to your server as below. (at the time of writing, openfire 3.9.3 is the latest version)
wget -O openfire.deb http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3.9.3_all.deb
Then after it has finished downloading, install it by typing
dpkg --install openfire.deb
Before you go to the browser, go to your Windows Azure dashboard
Click on the Virtual Machine you have created
Then click on Endpoints
Add the following end points, they are all of TCP type
Public Port 5222, Private Port 5223 and this is for SSL connectivity
Public Port 5269 and Private port 5269 and this is for server to server connectivity
Public Port 9090 and private port 9090 and this is for openfire web UI
After all this, you are good to go,
Go to your browser and type in your server url and at the end put 9090 e.g.
chatserver.cloudapp.net:9090
Hope that helped and happy chatting!!
To user default port such as 80 and 443 (replace 5222 and 5223 with 80 and 443 ) use following commands to redirect traffic on linux machine.
iptables -A INPUT -i eth0 -p tcp --dport 5222 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 5222
iptables -A INPUT -i eth0 -p tcp --dport 5223 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Resources