Connect to server assigned Private IP on Ubuntu Instance - amazon-ec2

I hope I'm asking this clearly. I connected to a fresh Ubuntu 64-bit Amazon EC2 server with SSH and have set up a Server that uses the IP 172.30.0.72:27015 and it is ONLINE, and my Amazon Security is set to allow all ports.
When I type netstat -atunp | grep srcds_linux it shows:
tcp 0 0 0 172.30.0.72:27015 0.0.0.0:* LISTEN 1277/sccds_linux
udp 0 0 0 172.30.0.72:27015 0.0.0.0:* 1277/sccds_linux
udp 0 0 0 172.30.0.72:26901 0.0.0.0:* 1277/sccds_linux
When I try to access this from outside, I can't. Do I need to be figuring out how to port forward? If so, I know my public IP is 55.174.94.92, how do I connect my client to the server that has the Private IP address? I also know how to make it static with elastic IP's, but haven't done that until I get this to work first.

use the public IP to connect. To access your service at 172.30.0.72:27015 use 55.174.94.92:27015.
If you are no able to do it, then check your security group settings.

Related

Accessing local dns from local devices using dnsmasq

I got a webserver running on my Mac on localhost:3000 and I am trying to set a local DNS with dnsmasq and to be able to access that DNS from local devices (iPhone / iPad) for test purpose.
I followed this previous post:
iPhone: add entry to /etc/hosts without jailbreaking
I am looking to redirect all *.localhost here
dnsmasq.conf:
/etc/resolver/localhost:
dig google.com:
The Mac Network DNS config:
On my phone, on the same network, adding the Mac Local IP as DNS:
Wi-Fi is connected to xxxxxx and has the IP address 192.168.1.11.
I am able to connect to myapp.localhost:3000 successfully on the Mac but getting Server cannot be found on the iPhone.
Must be missing something there.
EDIT #0: 2021/07/08
netstat -anvp tcp | grep '\b192.168.1.11.53\b' output:
open a terminal and use netstat to check if your dnsmasq is open on 192.168.1.11
if the result is similar to
root#dns-01:~# sudo netstat -tnlp
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA 13376/dnsmasq
it means that it will only accept queries from the local machine, not from your network.
to query from your network you must see something like
tcp 0 0 192.168.1.11:53 0.0.0.0:* OUÇA 13376/dnsmasq
or
tcp 0 0 0.0.0.0:53 0.0.0.0:* OUÇA 104287/dnsmasq

kubeadm join can't connect

I created a single-node cluster on a Ubuntu 18.04 node on EC2, using kubeadm init. However I am unable to join (unable to connect to the API) from another node.
Note: this is an EC2 instance.
Kubectl is working fine on the master itself.
I used the following command where MASTER_PRIVATE_IP is 172.31.25.111.
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=${MASTER_PRIVATE_IP} --apiserver-cert-extra-sans=${MASTER_PUBLIC_IP}
When I try to join a second node on the same private network to the cluster with kubeadm join it just times out. I can ssh to the master no problem and when performing a netstat on the master I see that it only seems to be listening to port 6443 on ipv6 addresses - why?
I provided the private IPv4 address as the advertise address.
(kubeconfig has htat private ipv4 address of course).
kube-apiserver --authorization-mode=Node,RBAC --advertise-address=172.31.25.111 --allow-privileged=true --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
netstat -tulpn | grep -E ":(22|6443)" | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::6443 :::* LISTEN -
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=${MASTER_PRIVATE_IP} --apiserver-cert-extra-sans=${MASTER_PUBLIC_IP}
Any ideas?
add security group to Master ec2, for instance this way
Port range:
0 - 6555 or just 6443
source ip
172.31.0.0/16
To add to #Markownikow's answers, in this instance, your issue appears to be limited to a missing security group. I was able to reproduce this on my end and adding the above rule allowed worker to reach master on port 6443. For the sake of completion, below are a few additional checks you could do:
Make sure both master and worker are in the same VPC and subnet.
If master and worker are in different subnets, make sure appropriate rules are in place to allow both instances talk to each other.

Yet another telnet to 25 on AWS EC2 not working

I went through all these error questions that I could find on SO and I've done everything that it appears I should do. Still, I get connection refused when I telnet to port 25
This is what is asked for in other questions:
netstat-an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53045 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::52266 :::* LISTEN
So, port 25 is listening. Next, can I telnet to 25 on localhost? Yes. No problem. I can do localhost and I can do it with 127.0.0.1 and I can do it with the proper IP address. As long as I am on the machine itself, I can telnet to port 25.
Next, the EC2 firewall. There are two levels, iptables and the EC2 security zone. I made sure iptables and ip6tables were shut down. Service shows that both are "Firewall is not running". I checked the EC2 security zone. It shows:
25 tcp 0.0.0.0/0
So, it is allowing all traffic to port 25.
Still, I get connection refused when I telnet to port 25.
I continued. I checked /etc/hosts.allow and /etc/hosts.deny. Both are empty.
I continued. I looked in the mail folder. The domain is in local-host-names (which doesn't matter since I never get to the point of entering a recipient email address). I don't see anything about blocking or allowing hosts. Perhaps there is something buried in the cryptic sendmail.cf file. So, I wanted to ensure that sendmail was definitely listening with
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail 11457 root 4u IPv4 830292 0t0 TCP *:smtp (LISTEN)
Same as netstat. Listening on all devices on port smtp (25).
So, I am at a loss. Why would I get connection refused on port 25? It isn't unable to reach server. It isn't that it is not listening. It is clearly that it is listening and refusing connections.
The problem here is that there are two issues:
1) Many ISPs block outbound port 25 requests. So, it is rather common that telnet somedomain.com 25 will fail and report something like "denied" or "unreachable."
2) Proper programs that go out on port 25 are mail programs. A mail program is designed to send email to your email service, which then uses the MX record for the domain name to deliver the email. What I found is that when you register a domain name with Network Solutions and set "All" IP addresses to be a certain address, they do NOT set the MX record address. That remains set to Network Solutions' mail server. So, if someone uses a proper email program to hit your domain name, it will go to mx.yourdomain.com, which may not be your server.
In my case, I had to manually set the IP address for the mx record with Network Solutions. Then, I magically started getting emails.
For those that don't know how to check MX records, in Linux, you can run dig domain.name MX. However, it isn't your MX record setting that matters. It is your mail server's setting. For example, if my computer says the mx record is 12.34.56.78 and I use GMail and Google says the mx record is p.ctmail.com, then sending email through GMail will fail.

Tightvncserver on rapsberry pi not working - connection to mac

today i installed a vncserver on my raspberry pi running rasbian.
I used this tutorial: http://blog.wenzlaff.de/?p=2207 (its german but i think you will understand what they do there anyway ;) )
Everythin worked great but the tightvnc viever jar applet on my mac will not go further than "handshaking with remote host". After typing in my password of my pi, nothing is happening anymore.
I tried to look in the logs of tightvncserver on the pi , but i got a "permission denied" every time.
Can you help me please. I dont know what do to now.
Thanks
Most likely you have some problems with SSH-tunneling ( provided you were following the tutorial).
To diagnose what's happening, first it would be nice to figure out whether your vncserver is running on Raspberry. You can do it by issuing command:
netstat -lnt
The output can look something like below:
pi#raspberrypi ~ $ netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
We are interested to see if there's line:
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
which basically tells us that our vncserver instance is listening on port 5901.
If that's true, then you should be able to use any VNC Viewer to connect to your RPI. Maybe you want to avoid SSH-tunnelling option and connect directly.

Binding memcached and beanstalk to external IP on an EC2 instance

I had a running EC2 server with an elastic IP address that was happily running memcached and beanstalkd listening on the external IP at port 11211 and 11300 respectively. I took a AMI of the server to upgrade the size and when the server restarted, neither memcached nor beanstalkd were running. Troubling for memcached as this was init.d to restart but beanstalkd was run as daemon from command line.
However, after several hours, I can't seem to figure out how to get them up and running again.
For memcached the config file reads:
# Default connection port is 11211
-p 11211
# Specify which IP address to listen on. The default is to listen on all IP addresses
-l <EXTERNAL IP ADDRESS>
When I try and run memcached as root from the command line:
memcached -d -m 1024 -u root -l <EXTERNAL IP ADDRESS> -v -p 11211
I get:
bind(): Cannot assign requested address
failed to listen on TCP port 11211: Cannot assign requested address
Yet when I look at netstat, nothing is bound to that port already:
netstat -ant | grep LIST
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
And if I grep the processlist, there is no other memcached running.
Iptables reports the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:11300 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:11211 state ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The EC2 instance is using the same security group as the original server, so the required ports are open.
Finally, maybe a hint is that the ifconfig IP address is different to the elastic IP address. If I try listening on either the inet adds: Bcast: the memcached service runs and binds however I can't seem to access memcached via the elastic IP.
I MUST be doing something stupid and obvious to you. Thanks for your help.
bind to 0.0.0.0 that should be public.

Resources