I went through all these error questions that I could find on SO and I've done everything that it appears I should do. Still, I get connection refused when I telnet to port 25
This is what is asked for in other questions:
netstat-an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53045 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::52266 :::* LISTEN
So, port 25 is listening. Next, can I telnet to 25 on localhost? Yes. No problem. I can do localhost and I can do it with 127.0.0.1 and I can do it with the proper IP address. As long as I am on the machine itself, I can telnet to port 25.
Next, the EC2 firewall. There are two levels, iptables and the EC2 security zone. I made sure iptables and ip6tables were shut down. Service shows that both are "Firewall is not running". I checked the EC2 security zone. It shows:
25 tcp 0.0.0.0/0
So, it is allowing all traffic to port 25.
Still, I get connection refused when I telnet to port 25.
I continued. I checked /etc/hosts.allow and /etc/hosts.deny. Both are empty.
I continued. I looked in the mail folder. The domain is in local-host-names (which doesn't matter since I never get to the point of entering a recipient email address). I don't see anything about blocking or allowing hosts. Perhaps there is something buried in the cryptic sendmail.cf file. So, I wanted to ensure that sendmail was definitely listening with
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail 11457 root 4u IPv4 830292 0t0 TCP *:smtp (LISTEN)
Same as netstat. Listening on all devices on port smtp (25).
So, I am at a loss. Why would I get connection refused on port 25? It isn't unable to reach server. It isn't that it is not listening. It is clearly that it is listening and refusing connections.
The problem here is that there are two issues:
1) Many ISPs block outbound port 25 requests. So, it is rather common that telnet somedomain.com 25 will fail and report something like "denied" or "unreachable."
2) Proper programs that go out on port 25 are mail programs. A mail program is designed to send email to your email service, which then uses the MX record for the domain name to deliver the email. What I found is that when you register a domain name with Network Solutions and set "All" IP addresses to be a certain address, they do NOT set the MX record address. That remains set to Network Solutions' mail server. So, if someone uses a proper email program to hit your domain name, it will go to mx.yourdomain.com, which may not be your server.
In my case, I had to manually set the IP address for the mx record with Network Solutions. Then, I magically started getting emails.
For those that don't know how to check MX records, in Linux, you can run dig domain.name MX. However, it isn't your MX record setting that matters. It is your mail server's setting. For example, if my computer says the mx record is 12.34.56.78 and I use GMail and Google says the mx record is p.ctmail.com, then sending email through GMail will fail.
Related
I got a webserver running on my Mac on localhost:3000 and I am trying to set a local DNS with dnsmasq and to be able to access that DNS from local devices (iPhone / iPad) for test purpose.
I followed this previous post:
iPhone: add entry to /etc/hosts without jailbreaking
I am looking to redirect all *.localhost here
dnsmasq.conf:
/etc/resolver/localhost:
dig google.com:
The Mac Network DNS config:
On my phone, on the same network, adding the Mac Local IP as DNS:
Wi-Fi is connected to xxxxxx and has the IP address 192.168.1.11.
I am able to connect to myapp.localhost:3000 successfully on the Mac but getting Server cannot be found on the iPhone.
Must be missing something there.
EDIT #0: 2021/07/08
netstat -anvp tcp | grep '\b192.168.1.11.53\b' output:
open a terminal and use netstat to check if your dnsmasq is open on 192.168.1.11
if the result is similar to
root#dns-01:~# sudo netstat -tnlp
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA 13376/dnsmasq
it means that it will only accept queries from the local machine, not from your network.
to query from your network you must see something like
tcp 0 0 192.168.1.11:53 0.0.0.0:* OUÇA 13376/dnsmasq
or
tcp 0 0 0.0.0.0:53 0.0.0.0:* OUÇA 104287/dnsmasq
I hope I'm asking this clearly. I connected to a fresh Ubuntu 64-bit Amazon EC2 server with SSH and have set up a Server that uses the IP 172.30.0.72:27015 and it is ONLINE, and my Amazon Security is set to allow all ports.
When I type netstat -atunp | grep srcds_linux it shows:
tcp 0 0 0 172.30.0.72:27015 0.0.0.0:* LISTEN 1277/sccds_linux
udp 0 0 0 172.30.0.72:27015 0.0.0.0:* 1277/sccds_linux
udp 0 0 0 172.30.0.72:26901 0.0.0.0:* 1277/sccds_linux
When I try to access this from outside, I can't. Do I need to be figuring out how to port forward? If so, I know my public IP is 55.174.94.92, how do I connect my client to the server that has the Private IP address? I also know how to make it static with elastic IP's, but haven't done that until I get this to work first.
use the public IP to connect. To access your service at 172.30.0.72:27015 use 55.174.94.92:27015.
If you are no able to do it, then check your security group settings.
today i installed a vncserver on my raspberry pi running rasbian.
I used this tutorial: http://blog.wenzlaff.de/?p=2207 (its german but i think you will understand what they do there anyway ;) )
Everythin worked great but the tightvnc viever jar applet on my mac will not go further than "handshaking with remote host". After typing in my password of my pi, nothing is happening anymore.
I tried to look in the logs of tightvncserver on the pi , but i got a "permission denied" every time.
Can you help me please. I dont know what do to now.
Thanks
Most likely you have some problems with SSH-tunneling ( provided you were following the tutorial).
To diagnose what's happening, first it would be nice to figure out whether your vncserver is running on Raspberry. You can do it by issuing command:
netstat -lnt
The output can look something like below:
pi#raspberrypi ~ $ netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
We are interested to see if there's line:
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
which basically tells us that our vncserver instance is listening on port 5901.
If that's true, then you should be able to use any VNC Viewer to connect to your RPI. Maybe you want to avoid SSH-tunnelling option and connect directly.
My security group has the following:
>22 (SSH) 0.0.0.0/0
>80 (HTTP) 0.0.0.0/0
>143 (IMAP) 0.0.0.0/0
>443 (HTTPS) 0.0.0.0/0
>995 (POP3S) 0.0.0.0/0
>465 (SMTPS) 0.0.0.0/0
>25 (SMTP) 0.0.0.0/0
Running a netstat on the server shows the following:
>Active Internet connections (servers and established)
>Proto Recv-Q Send-Q Local Address Foreign Address State
>tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
>tcp 0 0 10.211.30.202:44025 194.14.0.125:6667 ESTABLISHED
>tcp6 0 0 :::995 :::* LISTEN
>tcp6 0 0 :::110 :::* LISTEN
>tcp6 0 0 :::143 :::* LISTEN
>tcp6 0 0 :::22 :::* LISTEN
>tcp6 0 0 :::25 :::* LISTEN
>tcp6 0 0 :::993 :::* LISTEN
And when I try and access the box from the outside world, I get nothing.
>thedude:~ root$ telnet mail.sd0a.com 25<br />
>Trying 107.20.235.215...<br />
>telnet: connect to address 107.20.235.215: Operation timed out<br />
>telnet: Unable to connect to remote host<br />
Anyone have any positive experiences with Amazon EC2 instances and getting mail to a state where it will work? Its worth noting that via command line, mail seems to go through. System is Ubuntu 12.04.1 LTS if that matters.
Might be your ISP filtering outbound connections to port 25/tcp in order to prevent botnet spam.
To eliminate the obvious: Have you tried
connect to another port other than 25?
connect to another new ec2 instance, port 25? (straightforward task to duplicate it on EC2)
connect from another machine (or your friend's PC) to sd0a.com:25?
traceroute to identify where the packets are dropped?
setup postfix on port 2525 (remember to add that into Security Groups)
ufw* on Ubuntu. (Default is off... but good to check)
As far as I can tell, all IP addresses on Amazon EC2 are blacklisted in spamhaus.com (and a lot of other anti-spam list). Hence most likely your ISP is blocking these packets, if so it is IP block or port block?
I had a running EC2 server with an elastic IP address that was happily running memcached and beanstalkd listening on the external IP at port 11211 and 11300 respectively. I took a AMI of the server to upgrade the size and when the server restarted, neither memcached nor beanstalkd were running. Troubling for memcached as this was init.d to restart but beanstalkd was run as daemon from command line.
However, after several hours, I can't seem to figure out how to get them up and running again.
For memcached the config file reads:
# Default connection port is 11211
-p 11211
# Specify which IP address to listen on. The default is to listen on all IP addresses
-l <EXTERNAL IP ADDRESS>
When I try and run memcached as root from the command line:
memcached -d -m 1024 -u root -l <EXTERNAL IP ADDRESS> -v -p 11211
I get:
bind(): Cannot assign requested address
failed to listen on TCP port 11211: Cannot assign requested address
Yet when I look at netstat, nothing is bound to that port already:
netstat -ant | grep LIST
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
And if I grep the processlist, there is no other memcached running.
Iptables reports the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:11300 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:11211 state ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The EC2 instance is using the same security group as the original server, so the required ports are open.
Finally, maybe a hint is that the ifconfig IP address is different to the elastic IP address. If I try listening on either the inet adds: Bcast: the memcached service runs and binds however I can't seem to access memcached via the elastic IP.
I MUST be doing something stupid and obvious to you. Thanks for your help.
bind to 0.0.0.0 that should be public.