[2015-10-11 13:08:26,587][WARN ][transport.netty ] [Joseph] exception caught on transport layer [[id: 0x7e9f652b]], closing connection
java.net.NoRouteToHostException: No route to host
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(Unknown Source)
at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:152)
at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79)
at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.elasticsearch.common.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:42)
at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
I get this exception when launching the elasticsearch in docker (Actually I only have this problem in CentOS7 docker host)
First, my dockefile exposes the UDP ports.
EXPOSE 9200 9300/udp 9301/udp 9302/udp 9303/udp 9304/udp 9305/udp
When I start the docker container, I opened these ports via -p 9200:9200 -p 9300:9300/udp -p 9301:9301/udp -p 9302:9302/udp -p 9303:9303/udp -p 9304:9304/udp -p 9305:9305/udp
Within docker ps, I do see these ports are opened as 0.0.0.0:9300-9305->9300-9305/udp
And here is some lines of my elasticsearch.yml
cluster.name: changsha
discovery.zen.ping.unicast.hosts: [ "10.0.5.241" ]
network.publish_host: 10.0.5.241
10.0.5.241 is my docker host's IP address. Please what is wrong here? it succeeded in CentOS6 host, but failes on this CentOS7 host.
UPDATE
Following this answer, I get the following result from tcpdump -p -nn icmp.
09:26:53.277117 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.277494 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.277822 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:53.278043 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:26:54.277753 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
09:27:04.280703 IP 10.0.5.241 > 172.17.0.8: ICMP host 10.0.5.241 unreachable - admin prohibited, length 68
First, find out the docker interface ip address
# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 56:84:7a:fe:97:99 txqueuelen 0 (Ethernet)
RX packets 115761 bytes 12605533 (12.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55687 bytes 22647938 (21.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Then add all of the docker IP addresses into whitelist
firewall-cmd --permanent --zone=trusted --add-source=172.17.0.0/16
firewall-cmd --reload
Problem solved
If someone come across the issue in centos 7.4, it`s because of the conflict between docker service and firewalld service.
you can solve by disable firewalld and then restart docker service.
please refer https://sanenthusiast.com/docker-and-firewalld-mess-in-centos-7/
Related
I've installed pptpd on CentOS 7 with AWS EC2 and I can connect to vpn with windows client but I have no internet access while the server has full internet access. In pptpd log I noticed the error "Cannot determine ethernet address for proxy ARP".
I've changed the dns in /etc/ppp/options.pptpd as below:
ms-dns 8.8.8.8
ms-dns 8.8.4.4
I've also created users in /etc/ppp/chap-secrets and clients can connect without problem (but with no internet access.)
I've also enabled IP forwarding in /etc/sysctl.conf
net.ipv4.ip_forward = 1
and execute this command:
sudo sysctl -p
I changed local and remote IPs in /etc/pptpd.conf as below:
localip 192.168.10.1
remoteip 192.168.20.10-100
I configured firewall for IP masquerading:
sudo iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
This is the ifconfig result:
ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.28.246 netmask 255.255.240.0 broadcast 172.31.31.255
inet6 fe80::4e6:11ff:fed8:bb4a prefixlen 64 scopeid 0x20<link>
ether 06:e6:11:d8:bb:4a txqueuelen 1000 (Ethernet)
RX packets 3668 bytes 347939 (339.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3111 bytes 385009 (375.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 6 bytes 416 (416.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 416 (416.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1396
inet 192.168.10.1 netmask 255.255.255.255 destination 192.168.20.10
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 40 bytes 3158 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 104 (104.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
And this is the pptpd status (I could connect to the VPN successful but could not access the internet):
[root#ip-172-31-28-246 ~]# systemctl status pptpd
● pptpd.service - PoPToP Point to Point Tunneling Server
Loaded: loaded (/usr/lib/systemd/system/pptpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2021-08-22 09:24:41 UTC; 2min 9s ago
Main PID: 1476 (pptpd)
CGroup: /system.slice/pptpd.service
├─1476 /usr/sbin/pptpd -f
├─1505 pptpd [171.213.14.133:ED5A - 0000]
└─1506 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 192.168.10.1:192.168.20.10 ipparam 171.213.14.133 plugin /usr/lib64/pptpd/pptpd-logwtmp.so pptpd-original-ip 171.213.14.133 remote...
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pptpd[1505]: CTRL: Starting call (launching pppd, opening GRE)
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: pppd 2.4.5 started by root, uid 0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Using interface ppp0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Connect: ppp0 <--> /dev/pts/1
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: peer from calling number 171.213.14.133 authorized
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: MPPE 128-bit stateless compression enabled
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Cannot determine ethernet address for proxy ARP
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: local IP address 192.168.10.1
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: remote IP address 192.168.20.10
I have a springboot app running on docker container. In my app there is a log4j.xml file with socket appender.
<Socket name="Socket" host="172.17.0.1" port="5100">
<JsonLayout compact="true" eventEol="true" />
</Socket>
In my host server (Ubuntu server) its listing port 5100 by logstash. Out put of "netstat -tulpn" command in host is as below.
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8280 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5100 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5001 0.0.0.0:* LISTEN -
But when the springboot server up its getting connection refused error.
2021-07-30 05:20:47,646 main ERROR TcpSocketManager (TCP:172.17.0.1:5100) caught exception and will continue: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
I tried with "host.docker.internal" also and its not working. Can anyone let me know what is the problem with this please?
As you can see from your netstat output, Logstash is listening on 127.0.0.1:5100 only. That means it cannot be accessed from within Docker. You have to make it listen on 172.17.0.1:5100 or 0.0.0.0:5100.
I am using a Laravel package to connect to a payment system and this particular package sends and receives data via port 80 (and as I use port 8000 to make payments, I will encounter failures).
As seen here:
How to run laravel 5 on port 80 of localhost?
I decided to give it a try but this error is returned:
Failed to listen on 127.0.0.1:80 (reason: Permission denied)
To discover which program is using port 80, I entered sudo lsof -i :80 and received the following output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 3102 root 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3103 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3104 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3105 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3106 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3107 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3108 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3115 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3116 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
apache2 3117 www-data 4u IPv6 46970 0t0 TCP *:http (LISTEN)
I also tried the command: sudo netstat -nltp | grep -iw "80" and the following is its output:
tcp6 0 0 :::80 :::* LISTEN 3102/apache2
To free port 80 I tried: sudo kill -9 3102, afterwards I ran: sudo netstat -nltp | grep -iw "80" and the output was: tcp6 0 0 :::80 :::* LISTEN 3330/apache2
(the port is re-occupied).
I very much like to know how I can use port 80 to develop my Laravel app on it (I am using Debian 9 Stretch).
Let me guess. I think you are running artisan server in the server. It's not recommended to run it on your production server. artisan server should only used for development environment.
Based on your explanation, port 80 has been used by apache2 server. That's normal. What you need to do is to put your Laravel application to apache DocumentRoot directory. Because apache2 is the real web server. For Debian like distribution, DocumentRoot for apache2 located at /var/www. You may follow this guide for more information.
Hope it helps.
I've a Vagrant VM for dev with xdebug installed and I want to connect it to PhpStorm.
In my xdebug.ini I have this:
zend_extension=xdebug.so
xdebug.remote_connect_back = 0
xdebug.idekey = "vagrant"
xdebug.remote_enable=on
xdebug.remote_host=192.168.56.1
xdebug.remote_port=9001
xdebug.remote_log=/tmp/xdebug.log
But it doesn't work. I did some debug and I check that in my host machine the 9001 port was open, and it is:
phpstorm 311 jose 41u IPv4 0x2b62c0b107d1be65 0t0 TCP *:9001 (LISTEN)
phpstorm 311 jose 42u IPv4 0x2b62c0b1056e5245 0t0 TCP *:10137 (LISTEN)
phpstorm 311 jose 143u IPv4 0x2b62c0b10ae27e65 0t0 TCP 127.0.0.1:6942 (LISTEN)
phpstorm 311 jose 168u IPv4 0x2b62c0b107cd875d 0t0 TCP *:20080 (LISTEN)
phpstorm 311 jose 342u IPv4 0x2b62c0b110c70245 0t0 TCP 127.0.0.1:63342 (LISTEN)
JuniperSe 497 jose 10u IPv4 0x2b62c0b10696675d 0t0 TCP 127.0.0.1:3333 (LISTEN)
VBoxHeadl 726 jose 24u IPv4 0x2b62c0b1086e6b3d 0t0 TCP 127.0.0.1:2222 (LISTEN)
VBoxHeadl 726 jose 25u IPv4 0x2b62c0b10fe1d435 0t0 TCP *:33060 (LISTEN)
VBoxHeadl 726 jose 26u IPv4 0x2b62c0b108709435 0t0 TCP *:8088 (LISTEN)
But from Vagrant the 9001 port is not accessible:
nc -z -v -w5 192.168.56.1 9001
nc: connect to 192.168.56.1 port 9001 (tcp) timed out: Operation now in progress
And that's the same for all PhpStorm ports. But I can access 8088 or 33060
nc -z -v -w5 192.168.56.1 8088
Connection to 192.168.56.1 8088 port [tcp/omniorb] succeeded!
I've checked the option to accept external connections in PhpStorm for xdebug. I'm using Mac OS.
Ok, very silly problem. I had the external connections blocked for phpstorm, I changed that in System Preferences > Security > Firewall, on the list of apps I searched phpstorm and allow external connections
How can I see which process is listening on port 8001 on Mac OS X?
I have tried several commands:
lsof -i | grep LISTEN
Output:
qbittorre 321 user 26u IPv4 0xc8e6037f28270c31 0t0 TCP *:6881 (LISTEN)
qbittorre 321 user 27u IPv6 0xc8e6037f216348e1 0t0 TCP *:6881 (LISTEN)
mysqld 14131 user 10u IPv4 0xc8e6037f3218da91 0t0 TCP *:mysql (LISTEN)
httpd 14133 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14135 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14136 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14137 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14138 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14139 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14148 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14149 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
httpd 14150 user 16u IPv6 0xc8e6037f216352e1 0t0 TCP *:http (LISTEN)
Skype 14543 user 57u IPv4 0xc8e6037f324f9a91 0t0 TCP *:18666 (LISTEN)
java 24640 user 68u IPv6 0xc8e6037f3295a3e1 0t0 TCP *:http-alt (LISTEN)
java 24640 user 73u IPv6 0xc8e6037f32958fe1 0t0 TCP *:8009 (LISTEN)
java 24640 user 101u IPv6 0xc8e6037f32959ee1 0t0 TCP localhost:8005 (LISTEN)
lsof:
sudo lsof -nPi -sTCP:LISTEN | grep 8001
Nothing found
netstat:
netstat -a | grep 8001
Nothing found
I know that the port is in use by someone, because I am trying to change the Emacs simple-httpd default httpd-port from 8080 (default) to 8001, and it fails:
Warning (initialization): An error occurred while loading `/Users/user/.emacs':
File error: Cannot bind server socket, address already in use
To ensure normal operation, you should investigate and remove the
cause of the error in your initialization file. Start Emacs with
the `--debug-init' option to view a complete error backtrace.
How can I resolve it? I tried also to set the port to 8002, with the same problem and didn't find which process is listening on port 8002.
What can be the source of the problem?
Using nmap I discovered that port 8001 is used by vcom-tunnel service and it’s a closed port and that port 8002 is used by teradataordbms and is also closed.
What are these services used for? Can I disable them and use their occupied ports?
You can use lsof to detect who is using the connection as long as there is active traffic on the connection.
Here is a demonstration:
setting a server on a given port fails with the error Address already in use
lsof doesn't report any listener for that port
Here is the shell log demonstrating this:
python -m SimpleHTTPServer 3333 2>&1 | fgrep error
Output:
socket.error: [Errno 48] Address already in use
sudo lsof -i TCP:3333
echo $?
Output:
1
[1] : starting a web server on port 3333 fails with the error Address already in use
[2] : lsof doesn't report port 3333 being used by anyone
Let's generate traffic in order to force lsof to detect the usage of the port: in another terminal open a telnet connection:
telnet localhost 3333
Now back on your previous terminal, you will see that lsof finds your port:
sudo lsof -n -P -i :3333
Output:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
telnet 78142 loic 5u IPv4 0x3fa2e8474ece6129 0t0 TCP 127.0.0.1:51855->127.0.0.1:3333 (ESTABLISHED)
There is traffic going on, but according to the OS, only one end of the connection is there, the initiator, there still isn’t any `LISTENER`!
Note: in my case, OS is macOS v10.13.3 (High Sierra), but I had that with previous versions of macOS/OSX too