Cannot connect from local machine to TCP server on AWS EC2 (Ubuntu) - amazon-ec2

I've coded up a basic TCP server/client, taking code from the first example on https://docs.python.org/3/library/socket.html#example
# Echo server program
import socket
HOST = '' # Symbolic name meaning all available interfaces
PORT = 50007 # Arbitrary non-privileged port
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.bind((HOST, PORT))
s.listen(1)
conn, addr = s.accept()
with conn:
print('Connected by', addr)
while True:
data = conn.recv(1024)
if not data: break
conn.sendall(data)
# Echo client program
import socket
HOST = '1.2.3.4' # The remote host (I change this with my box's IP)
PORT = 50007 # The same port as used by the server
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((HOST, PORT))
s.sendall(b'Hello, world')
data = s.recv(1024)
print('Received', repr(data))
NOTE: I'm using my actual EC2 IP not 1.2.3.4
If I run the client on my local machine and the server on a remote box (hosted by vultr) it works.
But if host the server on an AWS EC2 instance, it doesn't.
I've gone into the Security Group for the EC2 instance, and added inbound+outbound "Custom TCP+UDP" rules. I've tried allowing the specific port the server is using, as well as putting 0-65535.
If I run a client on the same EC2 instance, that works.
I can't think what else to try.
Is anyone able to get this working on EC2?

I was using my AMI's private IP (which I use to ssh into the box).
I needed to use the PUBLIC IP.
It seems on vultr they are the same, which is why it worked.

Related

Can not assign EC2 instance Public IP to Mosquitto MQTT broker

I have installed Mosquitto MQTT in one of the EC2 instance(ubuntu) and broker running fine with localhost.
I can able to publish/subscribe in the local machine and as well another EC2 instance (both EC2 in same subnet 172.31.X.X)
Now, i want to connect the broker from a PC outside for (publish/subscribe). So, i tried to configure the broker IP to EC2 instance public IP.
VirtualBox:cat /etc/mosquitto/mosquitto.conf
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
listener 1883 50.24.39.66
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
VirtualBox:
VirtualBox:sudo mosquitto -c /etc/mosquitto/mosquitto.conf
1495801790: mosquitto version 1.4.8 (build date Fri, 19 Feb 2016 12:03:16 +0100) starting
1495801790: Config loaded from /etc/mosquitto/mosquitto.conf.
1495801790: Opening ipv4 listen socket on port 1883.
1495801790: Error: Cannot assign requested address
carun#carun-VirtualBox:~$
But, while restarting the broker am getting the above error "Cannot assign requested address"
Done so far,
Allowed (inboud/outbound) all access to EC2.
Disabled firewall in EC2
-Allowed all security level access to EC2 security group.
But no luck,
So question,
How to assign a EC2 Public IP to the broker?
How can I access MQTT broker out side of world?
Thanks in advance for your help!
Remove the ip address (50.24.39.66) from the end of listener line (or just remove the whole line) to allow mosquitto to bind to all available IP addresses

Vagrant port fowarding on macOS?

I'm running postgresql on a Vagrant centos 7.2 box on macOS. I have confirmed postgres is up and running on the Vagrant box on port 5432 by connecting to it using psql on the box itself. I am attempting to forward port 5432 on the Vagrant box to port 10001 on my host machine as follows:
config.vm.define "acc_db" do | acc_db |
acc_db.vm.box = "bento/centos-7.2"
acc_db.vm.hostname = "acc.db"
acc_db.vm.network :forwarded_port, guest: 5432, host: 10001
acc_db.vm.provision "shell",
inline: "yum upgrade -y -q --nogpgcheck"
acc_db.vm.provision "shell",
path: "install_postgres.sh"
I have altered my pg_hba.conf to bind to all ip addresses and allow password authentication, as below:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::1/128 ident
I have turned off the firewall but I am still unable to connect to postgres on port 10001 on the host machine:
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.10001"?
How do I fix this so that port forwarding works?
I have seen https://gielberkers.com/fixing-vagrant-port-forwarding-osx-yosemite/ but haven't tried it as it involves touching files I'm unfamiliar with. Is it the correct approach? It looks like you have to explicitly allow every port you want to forward via Vagrant.
...connections on Unix domain socket "/tmp/.s.PGSQL.10001" means that you are not attempting a TCP/IP connection, so port forwarding cannot happen.
By default, psql use Unix domain sockets on unix-like OSes.
Use the -h option of psql to specify a host, presumably 127.0.0.1 if using IPv4.
Additionally, the PostgreSQL server must listen to the network interface to which the connection will be routed. By default, it listens only to localhost for security reasons.
Setting listen_addresses='*' in postgresql.conf makes it listen on all existing interfaces.

Setting up rabbitMQ on AWS instance

I am having trouble setting up connection to a remote RabbitMQ server.
Basically i have the consumer and the server running on a remote ubuntu machine and want my local machine to act as publisher. I have ssh access to the remote machine. I have read the answer to the following and it seems it is possible
RabbitMQ on Amazon EC2 Instance & Locally?
However when i try to connect to the remote host
connection = AMQP.connect(:host => 'hostname')
puts "Connected to server...."
channel = AMQP::Channel.new(connection)
queue = channel.queue(queue_name, :auto_delete => true)
exchange = channel.default_exchange
I get a 'Detected TCP connection failure'. i ran netstat on the remote server and the port 5672 is listening.
Have you authorized the inbound traffic at port 5672 in the Security Group of your RabbitMQ server?
This may help:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

How to open incoming port 50070 in firewall (google compute engine)

I have my Single node Hadoop installed on Google Compute Engine instance and i want to open port 50070 on that machine to access the hadoop dashboard. i configured in the firewall rule as tcp:50070 in compute engine networks. but still i am unable to access my port outside the network (ie . via internet). I tried nmap for the public ip of my GCE instance and i got a result which has only ssh port got opened all other ports are filtered .
Note: i am using debian 7.5 image
Make sure your daemon is listening on port 50070. If you have more than one networks in you project make sure the port is opened on the right network. You can run the following commands to check the information about your instance and network.
lsof -i
gcutil --project= getinstance
gcutil --project= listnetworks
gcutil --project= listfirewalls
gcutil --project= getfirewall
Check if IP/Port is allowed in iptables or not.
iptables -L
would show you all the records.
To allow port in iptables you can do the following:
sudo iptables -A INPUT -p tcp -m tcp --dport 50070 -j ACCEPT
sudo iptables-save -c
Short answer
In addition to configure the firewall rule at GCE web console make sure that your server is listening at 0.0.0.0 instead of 127.0.0.1
Long answer
In the context of servers, 0.0.0.0 means all IPv4 addresses on the local machine. If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs - Source
In contrast 127.0.0.1 is the IP address used to stablish a connection to the same machine used by the user this address is usually referred as the localhost.
It's often used when you want a network-capable application to only serve clients on the same host. A process that is listening on 127.0.0.1 for connections will only receive local connections on that socket. - Source
Hence, if you try to stablish a connection to your server from internet and your server is listening at 127.0.0.1 at your GCE machine, then, from the server point of view a request has never been received and as a consequence Goocle Cloud Firewall will refuse the connection because there is no server listening at the opened port (in your case 50070).
I hope this answer helps to solve your problem. Best regards.

Forward network connection over ssh so that my outbound IP changes

A service, for example an FTP server, only accepts connections from a specific network, where all users will have the same external IP-adress.
I want to connect to this service, but I'm currently not inside the allowed network.
I have ssh access to a server inside the network.
How do I use ssh to tunnel a certain port from my local machine, through a machine on the internal network, to the final service, so that any client opening the correct port won't notice any difference?
You can create a SSH tunnel to your specific network using the following command.
For instance, let's say you want to reach a web service on computer "mywebserver" (port 80).
Under Linux or BSD, using OpenSSH, you can use the following commandline:
ssh -f mysshserver -L 1234:mywebserver:80 -N
Under Windows, you can use MobaXterm which includes a simple graphical ssh tunnel builder
This will open a SSH tunnel between local port 1234 and remote webserver on port 80. You can then open your web browser and connect directly to your web server by typing "http://localhost:1234" in the address bar.

Resources