Real VNC not working on Compute Engine in GCP - vnc-server

Unable to connect with Real VNC to GCE (Ubuntu 18.4) on GCP.
Error: “Timed out waiting for a response from the host computer”
Created firewall, tags mapping on tcp:5901
Followed this post on stackoverflow: Google Cloud Mongo DB: External IP not connecting
However, I'm able to connect with putty on external IP with ssh-key.
netstat -an | grep -i listen | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::5901 :::* LISTEN
tcp6 0 0 :::5902 :::* LISTEN

Related

pkill doesn't kill process

I have a process running called productivity
[root#productivity ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1009514/sshd
tcp6 0 0 :::8443 :::* LISTEN 2803472/productivit
tcp6 0 0 :::443 :::* LISTEN 1017657/httpd
tcp6 0 0 :::80 :::* LISTEN 1017657/httpd
tcp6 0 0 :::22 :::* LISTEN 1009514/sshd
udp 0 0 127.0.0.1:323 0.0.0.0:* 1009281/chronyd
udp6 0 0 ::1:323 :::* 1009281/chronyd
I periodically restart the service to renew the let's encrypt certs
[root#productivity ~]# cat restart-productivity.sh
#!/bin/sh
pkill "productivity"
bash -c "exec -a productivity java -jar productivity.jar -Dkeystore.location=./ssl/productivity.to.keystore . & disown &"
This worked like a charm for months. Now, even when I manually run pkill productivity the service does not get killed. I can only kill the service by calling kill PID. This does work but is useless for automation.
I'm running on CentOS 8 and I'm clueless why it stopped working. Can anyone help me out here?
UPDATE
[root#productivity ecommerce]# ps aux | grep productivity
root 2803472 1.3 10.3 2648228 204168 pts/1 Sl 20:24 0:21 productivity -jar productivity.jar -Dkeystore.location=./ssl/productivity.to.keystore .
root 2803848 0.0 0.0 11800 1152 pts/1 S+ 20:49 0:00 grep --color=auto productivity

I use kill to send SIGTERM to most processes.
I don't use pkill any more, instead I prefer pgrep combined with kill ...
pgrep -io "PROCESSNAME" | xargs kill
The -i is to check for case insensitive
and -o is to output first process ID only.
You can use this as an alias in your ~/.bashrc_aliases or direct in your ~/.bashrc.
For example I use that to kill discord cause it will not halt on its own.
alias kill_discord='pgrep -io discord | xargs kill'
Just my 2cents.
Update
Rule of thumb for killing processes.
SIGTERM is trying to shutdown a process the normal way.
when SIGTERM doesn't work you can try SIGINT. This is an interrupt like CTRL-C.
if neither of those signal work you can try SIGHUP. This signal is send to processes when closing a terminal. Daemons will reload their config-files.
Last but not least there is SIGKILL. This will kill any process no matter what, and it should only be used when a process isn't responding any more.
kill {-2|-INT|-SIGINT|-s 2|-s INT|-s SIGINT|--signal 2|--signal INT|--signal SIGINT} [PID]
kill {-1|-HUP|-SIGHUP|-s 1|-s HUP|-s SIGHUP|--signal 1|--signal HUP|--signal SIGHUP} [PID]
kill {-9|-KILL|-SIGKILL|-s 9|-s KILL|-s SIGKILL|--signal 9|--signal KILL|--singal SIGKILL} [PID]

The solution that worked for me in the end was
#!/bin/sh
PID=`pidof productivity`
kill $PID
bash -c "exec -a productivity java -jar productivity.jar . & disown &"

Can't install packages using pip in a Conda environment

Can't install packages using pip in a Conda environment.
I am getting timeout when trying to pip install.
when trying to extend the timeout I'm getting a protocol error.
when trying to telnet directly from cli to pypi.org there is no problem.
there are no fw rule on my laptop or a proxy in use.
couldn't find any special pip configuration file on my filesystem.
what am i missing?
(base) [liran#localhost ~]$ pip3 install django
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ReadTimeoutError("HTTPSConnectionPool(host='pypi.org', port=443): Read timed out. (read timeout=15)")': /simple/django/
(base) [liran#localhost ~]$ pip3 --default-timeout=1000 install django
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', OSError(0, 'Error'))': /simple/django/
(base) [liran#localhost ~]$ telnet pypi.org 443
Trying 2a04:4e42::223...
Connected to pypi.org.
Escape character is '^]'.
(base) [liran#localhost ~]$ sudo iptables --list
[sudo] password for liran:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere localhost
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere 172.16.0.0/12
Chain DOCKER (3 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
(base) [liran#localhost ~]$ sudo iptables --list-rules
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-e6c6ca45026f -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-e6c6ca45026f -j DOCKER
-A FORWARD -i br-e6c6ca45026f ! -o br-e6c6ca45026f -j ACCEPT
-A FORWARD -i br-e6c6ca45026f -o br-e6c6ca45026f -j ACCEPT
-A FORWARD -o br-db5f0b288d0b -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-db5f0b288d0b -j DOCKER
-A FORWARD -i br-db5f0b288d0b ! -o br-db5f0b288d0b -j ACCEPT
-A FORWARD -i br-db5f0b288d0b -o br-db5f0b288d0b -j ACCEPT
-A OUTPUT -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -d 192.168.0.0/16 -j ACCEPT
-A OUTPUT -d 10.0.0.0/8 -j ACCEPT
-A OUTPUT -d 172.16.0.0/12 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-e6c6ca45026f ! -o br-e6c6ca45026f -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-db5f0b288d0b ! -o br-db5f0b288d0b -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-e6c6ca45026f -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-db5f0b288d0b -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
(base) [liran#localhost ~]$ ifconfig
br-db5f0b288d0b: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:b1:a2:5c:1e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-e6c6ca45026f: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.20.0.1 netmask 255.255.0.0 broadcast 172.20.255.255
ether 02:42:30:14:c7:09 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:de:2b:44:03 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp7s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether f8:75:a4:31:51:b1 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 390 (390.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 390 (390.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vmnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.172.1 netmask 255.255.255.0 broadcast 172.16.172.255
inet6 fe80::250:56ff:fec0:1 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:c0:00:01 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 69 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vmnet8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.102.1 netmask 255.255.255.0 broadcast 172.16.102.255
inet6 fe80::250:56ff:fec0:8 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:c0:00:08 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 70 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.17 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2a00:a040:199:d001::1000 prefixlen 128 scopeid 0x0<global>
inet6 fe80::245:9de5:cdb8:4e8b prefixlen 64 scopeid 0x20<link>
inet6 2a00:a040:199:d001:110d:97b0:26a6:ef1e prefixlen 64 scopeid 0x0<global>
ether 4c:1d:96:05:98:1c txqueuelen 1000 (Ethernet)
RX packets 15060 bytes 15676416 (14.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5081 bytes 1244776 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(base) [liran#localhost ~]$ which pip
~/anaconda3_2020_11/bin/pip

Well, I didn't figure out yet why is pip install doesn't connect with the server, but I managed to install the specific packages I wanted (django, djangorestframework) using conda install django and conda install -c conda-forge djangorestframework

kill a process on a specific port by name

I have a process running on port 3200, which communicates with other processes on other ports.
I know I can kill a process on a given port by doing kill -9 $(lsof -t -i:3200).
My problem is that the output of lsof also contains the other processes that are communicating with the one I want to kill:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 16379 tirafesi 102u IPv6 156964 0t0 TCP localhost:41162->localhost:3200 (ESTABLISHED)
python3 16793 tirafesi 3u IPv4 158199 0t0 TCP localhost:51101->localhost:3200 (ESTABLISHED)
processtokill 16802 tirafesi 8u IPv4 156963 0t0 TCP *:3200 (LISTEN)
processtokill 16802 tirafesi 10u IPv4 158788 0t0 TCP localhost:3200->localhost:51101 (ESTABLISHED)
processtokill 16802 tirafesi 11u IPv4 156965 0t0 TCP localhost:3200->localhost:41162 (ESTABLISHED)
How can I kill the process that is on port 3200 and is named processtokill?

You want to kill the process that is LISTENing on port 3200, so:
kill -9 $(lsof -t -i:3200 -sTCP:LISTEN)

I would try:
kill -9 $(lsof -i:3200 | grep ^processtokill | awk '{print $2}' | uniq)

Magento, Plesk and Varnish

I am running the following setup:
Magento 1.9.3.1
Varnish 3.0.5-2 - package installed from here https://www.magentocommerce.com/magento-connect/turpentine-varnish-cache.html
Ubuntu 14.04
Plesk 17.0.17
I have installed both varnish on the server and the plugin within magento, saved the configuration properly (from magento admin), however I am missing a configuration setting somewhere since the Varnish headers do not show up.
/etc/default/varnish has the following content:
DAEMON_OPTS="-a :443 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,8192m\
-p esi_syntax=0x2\
-p cli_buffer=16384"
I did set it up to listen on 443 because the website has a ssl certificate.
When I try to see who is listening 443 with netstat -ntlp | grep -w 443 I get the following response:
tcp 0 0 91.250.103.173:443 0.0.0.0:* LISTEN 9171/nginx: worker
tcp6 0 0 :::443 :::* LISTEN 6109/varnishd
So in addition to this I tried to modify the port where nginx listens by setting the listening port to 444 like this listen 444 ssl;. It did not work.
When I try to see the headers with curl there is no X-Varnish header.
What am I missing?

DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,8192m\
-p esi_syntax=0x2\
-p cli_buffer=16384"
you should change port listen to nginx or apache to 8080
and config default.vcl change port backend 8080

What ports does freeswitch need open?

I have installed FreeSWITCH 1.0.6 on CentOS 5.5. I believe CentOS is blocking the ports FreeSWITCH needs in order to contact with my remote phones, but I have no idea how to use ipTables in Linux or what ports need to be open. Can anyone help?
With Asterisk the ports were 5060 - 5090 for sip and a few others but I don't remember them.
Thank you!

The accepted answer is a bad answer... FreeSWITCH does not use all these ports, and not all port are defined there. For those needing a guideline (using default configs):
3478 - STUN Discovery (UDP)
3479 - STUN Discovery (UDP)
5060 - Sofia Internal Profile (TCP & UDP)
5080 - Sofia External Profile (TCP & UDP)
8021 - Event Socket (TCP)
16384-32768 - RTP Ports (UDP)
Port usage is subject to change with module usage. You can find the entry on http://confluence.freeswitch.org, and more (up to date) information about port usage can be found at https://freeswitch.org/confluence/display/FREESWITCH/Firewall

Best reference seems to be :
http://wiki.freeswitch.org/wiki/Firewall
All of the ports are dependent on your module usage (ie. 8080 if you are using the web api). Keep in mind that all of the ports mentioned are defaults and are configurable.

I could not match FreeSWITCH wiki to ports to my setup, in the end I went with what actual open ports were reported by my machine, run the following to find out what FreeSWITCH is using on your rig:
root#tardis:~# netstat -lntp | grep freeswitch
tcp 0 0 192.0.1.2:2856 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:5066 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:8081 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:8082 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:7443 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:5080 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:5060 0.0.0.0:* LISTEN 7220/freeswitch
tcp 0 0 192.0.1.2:2855 0.0.0.0:* LISTEN 7220/freeswitch
tcp6 0 0 ::1:8081 :::* LISTEN 7220/freeswitch
tcp6 0 0 ::1:8082 :::* LISTEN 7220/freeswitch
tcp6 0 0 :::8021 :::* LISTEN 7220/freeswitch
tcp6 0 0 ::1:5080 :::* LISTEN 7220/freeswitch
tcp6 0 0 ::1:5060 :::* LISTEN 7220/freeswitch

Nevermind chumps, I figured it out myself:
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 37 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 37 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8021 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 8021 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5532 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5564 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Resources