I got a webserver running on my Mac on localhost:3000 and I am trying to set a local DNS with dnsmasq and to be able to access that DNS from local devices (iPhone / iPad) for test purpose.
I followed this previous post:
iPhone: add entry to /etc/hosts without jailbreaking
I am looking to redirect all *.localhost here
dnsmasq.conf:
/etc/resolver/localhost:
dig google.com:
The Mac Network DNS config:
On my phone, on the same network, adding the Mac Local IP as DNS:
Wi-Fi is connected to xxxxxx and has the IP address 192.168.1.11.
I am able to connect to myapp.localhost:3000 successfully on the Mac but getting Server cannot be found on the iPhone.
Must be missing something there.
EDIT #0: 2021/07/08
netstat -anvp tcp | grep '\b192.168.1.11.53\b' output:
open a terminal and use netstat to check if your dnsmasq is open on 192.168.1.11
if the result is similar to
root#dns-01:~# sudo netstat -tnlp
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA 13376/dnsmasq
it means that it will only accept queries from the local machine, not from your network.
to query from your network you must see something like
tcp 0 0 192.168.1.11:53 0.0.0.0:* OUÇA 13376/dnsmasq
or
tcp 0 0 0.0.0.0:53 0.0.0.0:* OUÇA 104287/dnsmasq
Related
I'm trying to connect to host OS MySQL via host.docker.internal, I'm able to connect if i directly mention my internal IP in Laravel application hosted inside docker container.
OS / ENVIRONMENT:
Host operating system and version: MacOS Monterey 12.5.1
Docker desktop version: 4.12.0 (85629)
Docker desktop engine: Engine: 20.10.17
Docker desktop compose version: v2.10.2
Problem:
These are the steps i took to connect my Laravel application inside docker to my host OS MySQL. I successfully managed to connect my application via internal IP address of my Host OS, but the internal IP keep changing and its kind of getting dificult to keep changing the DB_HOST inside laravel .env each time the IP change. so i want to use host.docker.internal but i won't work.
Steps:
1: docker-compose down (Delete all the containers)
2: I removed the devilbox .env port HOST_PORT_MYSQL=
3: I changed the port of my host OS MySQL to 3306 and using sequel ace i successfully connected to mysql with these credentials
Host: 127.0.0.1
user: root
database: hanger
port: 3306
4: In order to connect from docker to my Host OS MySQL i had to edit my my.cnf file OR in this case created a new one for MySQL here the my.cnf
[mysqld]
bind_address = 0.0.0.0 # default is 127.0.0.1 Change to 0.0.0.0 to allow remote connections
5: Restarted the MySQL server and confirmed that MySQL can now listen to all IP's and NOT just localhost
6: used this command
netstat -anp tcp | grep 3306 OR netstat -ap tcp | grep -i "listen"
tcp4 0 0 127.0.0.1.3306 127.0.0.1.52469 ESTABLISHED
tcp4 0 0 127.0.0.1.52469 127.0.0.1.3306 ESTABLISHED
tcp4 0 0 127.0.0.1.3306 127.0.0.1.52468 ESTABLISHED
tcp4 0 0 127.0.0.1.52468 127.0.0.1.3306 ESTABLISHED
tcp4 0 0 127.0.0.1.3306 127.0.0.1.52464 ESTABLISHED
tcp4 0 0 127.0.0.1.52464 127.0.0.1.3306 ESTABLISHED
tcp4 0 0 *.3306 . LISTEN
tcp46 0 0 *.33060 . LISTEN
tcp4 0 0 192.168.18.190.3306 192.168.18.190.52566 TIME_WAIT
tcp4 0 0 192.168.18.190.3306 192.168.18.190.52567 TIME_WAIT
tcp4 0 0 192.168.18.190.3306 192.168.18.190.52568 TIME_WAIT
7: Once its confirmed that 3306 is listeing need to create a MySQL user which would be connected from other than localhost
8: In mysql shell i executed these queries, since I'm using MySQL 8.0.27 the creating user and granting previliges must be in seperate queries.
CREATE USER 'root'#'%' IDENTIFIED BY 'root'; // remember this root password we will use it in Laravel .env
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
9: To make sure the root#% user is created type
SELECT User, Host FROM mysql.user; there are two root users one with host set to localhost and second one is %
10: Now its time to Edit Laravel .env MySQL section
DB_CONNECTION=mysql
DB_HOST=192.168.18.190 // my host machine internal ip (host.docker.internal not working)
DB_PORT=3306
DB_DATABASE=hanger
DB_USERNAME=root
DB_PASSWORD=root
Note: my DB_HOST did not work with 127.0.0.1 OR host.docker.internal so i thought it may work with my local IP, which it did.
11: To find out my local IP on MAC go to system preferences > network > My wifi connection > advanced > TCP/IP > under IPv4 192.168.43.182
The thing I'm concerned about is that my local IP keep changing, and as per the documentation The following sections will give you the IP address and/or the CNAME where the host os can be reached from within a container. https://devilbox.readthedocs.io/en/latest/advanced/connect-to-host-os.html#docker-18-03-0-ce-and-docker-compose-1-20-1 The docker should be able to connect through host.docker.internal to my Host machine, which it does not and i don't know why. Can you please anyone please point me in the direction what should i do to figure out this issue ?
Don't know the exact reasoning why does it work on some mac machines and doesn't on some, but you can force docker to map host.docker.internal by adding "host.docker.internal:host-gateway" under extra_hosts in your docker-compose. You should be able to use it post this.
Same problem here, the "host.docker.internal" is for development purpose and does not work in a production environment outside of Docker Desktop.
https://docs.docker.com/desktop/networking/#use-cases-and-workarounds-for-all-platforms
Suggested solution:
The database port (typically 3306 for mysql, mariadb, etc.) must be available on the host, you must check the firewall and open the port.
If you use ufw, the command is the following:
sudo ufw allow 3306
Bind_address should be change in the database configuration.
Access to the file can be found in general: /etc/my.cnf
bind_address = 0.0.0.0
In your case you have already do this.
After that, you have to look at the IP address of the gateway of the docker bridge network and enter this value as the host access value of the database. This is usually the IP address: 172.17.0.1
To check the bridge network details run following command:
docker network inspect bridge
Result will be a JSON where you will find the IP of bridge gateway:
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
}
If everything is set up correctly, you can access the database on the host machine from the docker container.
les
I created the instance from boot image.
but always can not open port 7000 via firewall rules...and egress is (allow all), anybody knows where the problem is?
System: Debian 10
ssh in terminal and
sudo natstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 458/sshd
tcp6 0 0 :::22 :::* LISTEN 458/sshd
Is there any way to turn the port 7000 on ?
Encoutered the same issue when tring to open other ports like 5678...etc.
First of all you need to set the GCP firewall rule as "ingress".
Ingress is needed to allow incoming connections to the instance.
Regarding the ports, it does not open or activate by itself or in automatic, you need to have a service listening on that port.
However there are some tools used which allows you to activate the port by some time for testing purposes.
You can use tools like iperf3 to activate the port.
Install iperf3 for your vm with the command below.
sudo apt-get install iperf3
Once you have installed iperf3 you need to run the command below. ("-s" indicates your instance is in "server" mode, the "-p" is to set the port you prefer)
iperf -s -p 7000
On your remote machine (Client) you also need to install iperf3, if it is also a linux machine you can try the same command I mentioned earlier.
Once you have installed iperf3 use the below comamnd to reach the VM pointing the port 7000. ("-c" indicates client mode,the "-p" is to set the port the server is listening).
iperf -c [server ip address] -p 7000
Please refer to iperf
Another useful tool is netcat
I know there are a lot of posts on the internet about this subject, but I have been debugging this over two days now and I don't seem to get any further.
The setup
I have a (pretty old) Vagrant box on my work laptop that's been setup mostly by a former collegae. Everything seems to be still working for me and my collegaes so we don't have had any reason to setup a completely new one.
The Vagrant box contains a Centos installation on which we develop websites.
The host machine is Windows 10.
The problem
When in the office, connected to the physical network (by cable), I can use XDebug without any problems. I enable XDebug from my Firefox browser plugin and XDebug on Centos then connects to PHPStorm on Windows, so I can step through code.
However, when at home, on WIFI (I don't have a cable) XDebug just won't work.
The XDebug log on the Vagrant machine currently states the following:
I: Checking remote connect back address.
I: Checking header 'HTTP_X_FORWARDED_FOR'.
I: Checking header 'REMOTE_ADDR'.
I: Remote address found, connecting to 10.10.10.1:9000.
E: Time-out connecting to client. :-(
Research
In many posts I read that the Vagrant host address should be something like 10.0.2.2. As far as my information goes in our case it has always been 10.10.10.1.
I also read that from the Vagrant box you should check the host IP by using netstat. The host IP would be the default Gateway.
At home (while on WIFI) I tested this and the output was:
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.220.2 0.0.0.0 UG 0 0 0 ens32
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens34
192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 ens34
192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 ens32
Here the default Gateway is "192.168.220.2". So I tried to set that IP for xdebug, by manually setting XDebug's remote_host to 192.168.220.2 and disabling remote_connect_back
Now the log says:
I: Connecting to configured address/port: 192.168.220.2:9000.
W: Creating socket for '192.168.220.2:9000', poll success, but error: Operation now in progress (29).
E: Could not connect to client. :-(
Log closed at 2020-01-26 08:19:34
From other posts I understood that this is in fact worse and the IP-address is just wrong, because it should be an internal IP-adress like 10.10.10.1
Edit 1: I tested this today while in the office, connected to the physical network. XDebug works as expected, but the output of netstat is the same for the Gateway, so this probably has nothing to do with it:
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.220.2 0.0.0.0 UG 0 0 0 ens32
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens34
172.24.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens34
192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 ens32
Edit 2: While in the office, I now also tested XDebug while on WIFI (by disconnecting the physical network cable) and then XDebug no longer works. So the problem does not seem to be specific to my home network, but rather to being on physical network VS WIFI.
PHPStorm says I'm fine
PHPStorm has this xdebug validate screen in the settings. Trying that passes everything with green checks. Appearently that validation doesn't validate enough?
Interesting to note
Simultaneously I was also trying to mount a Samba share from Windows into my Vagrant box. I wanted to experiment with that setup, but just like XDebug the mount command is unable to reach the host machine.
Edit: I tested this today while in the office on the physical network and this then doesn't work either. So we can probably forget about this for now as this seems to be a completely different issue.
Edit 27-01: I thought I fixed the problem, but this only worked when on WIFI at the office. At home, it still doesn't work.
The fix in the office was fiddling with IP routes in the Centos server.
Edit 29-01:
I still don't have this working, but after several tests I think I can state that the VM can reach the host:
- ping 10.10.10.1 works
- nmap -p 9000 10.10.10.1 seems to tell me that it can reach the port
Besides that today I found out that when PHPStorm is not listening on port 9000, the XDebug log file says:
"Creating socket for '192.168.220.2:9000', poll success, but error: Operation now in progress (29)."
But when PHPStorm is listening for a connection the XDebug log says:
"Remote address found, connecting to 10.10.10.1:9000"
The fact that the errormessage on the VM's side changes when the state of the host changes, makes me believe that the connection is coming through.
That would mean that - for some reason - PHPStorm simply is unable to handle the incoming connection. The only reason for that I could think of is that PHPStorm may not be able to talk back to the VM?? Does that sound plausible? And if so, how to further investigate this?
The following phrase seems to indicate that a connection is made.
W: Creating socket for '192.168.220.2:9000', poll success, but error: Operation now in progress (29).
Are you sure that it is PhpStorm that is listening on port 9000 locally? And that your Vagrant box can talk to it?
Let's find out the first one: In a shell on your host (which runs Windows in both cases, I presume), run:
C:\> netstat -a -b
And make sure that it is the PhpStorm process that is listening on port 9000.
If it is something else, change the port in the PhpStorm config to something else (say 9003), and make that same port the value for the xdebug.remote_port setting in php.ini. The turn off "listening for debugging connections" in PhpStorm, and turn it back on again.
Secondly, test whether the Vagrant box can talk to that port
I had a similar issue and for me it was an issue with the host machine network profile. It was not discoverable in the private network on allowing it for discover in the private network it did worked.
Below is the configuration in my Windows host machine after which it did worked.
Network Profile Configuration
I'm running jboss5 in centos6.7 docker contrainer.
JBoss running using run.sh -b 0.0.0.0 command
Container running using docker run -i -t -p 8080:8080 my/jboss /bin/bash
This is what I see in container
[root#e44f2bbab31a bin]# netstat -alnt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
This is what I see on host
15:04:17:(~)$ sudo docker ps
[sudo] password for c0rp:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e44f2bbab31a my/jboss "/bin/bash" 4 hours ago Up 4 hours 0.0.0.0:8080->8080/tcp thirsty_franklin
When I'm trying to access jboss application from host by localhost:8080 I see ERROR 404: Not Found.
When I'm checking localhost:8080 from inside container using wget I see same error ERROR 404: Not Found.
Everything is ok if I'm using ip address of container. Question is how can I bind host localhost:8080 to container ip_address:8080 ?
localhost is a alias for 127.0.0.1. This address used for loopback. It means what your request will returned to the same machine on Network OSI model layer(through lo0 interface in ifconfig command). But you can get access to your container using request to localhost:
!!!Very-very dirty hack!!! Don't use it. Just for understanding of localhost issue. You can edit hosts file (example for Mac):
sudo nano /private/etc/hosts
You will see something like this:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Just replace 127.0.0.1 by ip of your container. I'm repeating: it's just for understanding of localhost
You can run NGINX instance on your localhost machine. You can configure it for sending all requests from localhost:8080 to containerIp:8080 (best variant without any configuration with routing)
I found that running
FROM registry.access.redhat.com/jboss-eap-7/eap71-openshift
that I also needed to open the management port, so you (or rather, someone in the future coming across this thread) should try this:
docker run -dit -p 8080:8080 -p 9990:9990 [image name]
I installed tor and privoxy on my linux 64-bit box. And uncommented the following line in /etc/privoxy/config file.
forward-socks5 / 127.0.0.1:9050 .
Then I started services for both. Now, if I run either of the following commands, I get the same IP address, which is not the real ip of PC. So I conclude both tor and privoxy are running.
curl -x 127.0.0.1:8118 curlmyip.com
curl --socks5 127.0.0.1:9050 curlmyip.com
If I use chrome with --proxy-server localhost:8118 switch, I again get the same anonymized IP address.
The problem is, I cannot use the http proxy, localhost 8118, with firefox/iceweasel. I go to Edit -> Preferences -> Advanced -> Network -> Settings and set HTTP and SSL proxies to localhost 8118. Iceweasel says "The proxy server is refusing connections"
Any solutions?
The use of browsers other than Tor Browser is recommended against. The use of privoxy / polipo has been deprecated by The Tor Project long time ago as well. The current advice is to only use Tor Browser, because only Tor Browser gives you an unified web fingerprint and you won't stand out.
I encountered a similar error where I was trying to use a combination of tor and privoxy on home PC.
The OS used was Kali Linux 2.0.
Steps to replicate issue
Installed tor
sudo apt-get install tor
Started Tor relay
tor
Validated if tor was working
netstat -atnp tor | egrep tor
In the output, observed tor output -- great.
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 2401/tor
tcp 0 0 192.168.x.x:44278 xx.xxx.xx.xx:443 ESTABLISHED 2401/tor
Installed privoxy
sudo apt-get install privoxy
Modified default privoxy config file in /etc/privoxy/config as per the instructions here under "How do I use privoxy together with tor" and included the following lines:
forward-socks4a 127.0.0.1:9050 .
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .
Then started privoxy
privoxy /etc/privoxy/config
Ran the command to check if privoxy was working:
netstat -atnp | egrep privoxy
Output showed that privoxy was running (Notice tcp6 which is IPv6 - I didn't pay attention to that initially, but this was the problem):
tcp6 0 0 ::1:8118 :::* LISTEN 3881/privoxy
Then set the SSL and HTTP proxy to 127.0.0.1:8118 and I got the error when surfing internet sites, "The proxy chosen is refusing connections"
Fix:
On reading the privoxy config file carefully, the listen-address stanza displays the following information.
Some operating systems will prefer IPv6 to IPv4 addresses even
if the system has no IPv6 connectivity which is usually not
expected by the user. Some even rely on DNS to resolve
localhost which mean the "localhost" address used may not
actually be local.
**It is therefore recommended to explicitly configure the
intended IP address instead of relying on the operating
system, unless there's a strong reason not to.**
Appears that KALI was preferring to bind to the IPv6 localhost [::1] than IPv4 local host 127.0.0.1 even though I had no IPv6 connectivity.
So I changed listen-address line from
listen-address localhost:8118
to
listen-address 127.0.0.1:8118
and restarted privoxy...
pkill privoxy # kills all processes with privoxy in their name
privoxy /etc/privoxy/config
I then set the SSL, HTTP proxies to 127.0.0.1:8118 and the SOCKS proxy to 127.0.0.1:9050 (Socks 4) in ICEWEASEL. And voila! I was able to connect to internet sites.
For verification, I ran netstat and nmap which showed that privoxy was binding to IPv4 localhost IP..
> netstat -atnp | grep privoxy
tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 3934/privoxy
> nmap 127.0.0.1 -p 8118
PORT STATE SERVICE
8118/tcp open privoxy
> nmap -6 localhost -p 8118
PORT STATE SERVICE
8118/tcp closed privoxy
Note:
My /etc/hosts file also has the entry for the localhost:
127.0.0.1 localhost
It works for me. Please try downloading a binary version of Firefox:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/17.0.8esr/linux-i686/en-US/
Following your exact instructions above with this binary on Gentoo worked for me. I'd surmise that you have an off version of Firefox.