I have hostname in /etc/hosts,
10.0.0.124 hostname.domain hostname
I can ping and ssh to hostname. When I enter
ftp 10.0.0.124
or
ftp hostname
I get "No route to host" in response. When I comment out that line, and try
ftp hostname
ftp responds "Name or service not known". So ftp is looking in the hosts file but apparently does not believe it. Why not?? I am on CentOS 6.5 and ftp was installed using yum install ftp. The ftp daemon running on hostname is vsftpd.
And fixed! The problem was that hostname's firewall was configured to drop ftp packets. Obvious! Inserted
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
in /etc/sysconfig/iptables, and restarted iptables service. Done!
Related
SSH connection established successfully.
Entered host details in inventory file as below:
host ansible_ssh_user=username ansible_ssh_pass=password
tried to check ping with below command:
ansible all -m ping
Terminal shows neither error nor a success message.
I have a complex SSH tunnel problem I'm trying to solve and can't seem to get it quite right.
Simply put:
ME -> Bastion:22 -> Instance:8500
Bastion uses a different username and key than instance. I would like to be able to access port 1234 on instance from localhost:1234
Right now I have the following:
Host bastion
HostName bastion.example.com
ForwardAgent yes
IdentityFile ~/.ssh/id_ecdsa
User spanky
Host internal
ForwardAgent yes
HostName consul.internal
IdentityFile ~/.ssh/aws.pem
ProxyJump bastion
User ec2-user
Port 8500
But I don't think I've got it.
The following two commands work, but I'm trying to distill them into a working config:
ssh -L 2222:10.0.0.42:22 bastion.example.com -N -i ~/.ssh/id_ecdsa
ssh -L 8500:localhost:8500 ec2-user#localhost -N -i ~/.ssh/aws.pem -p 2222
With a current version of ssh, you should be able to use:
ssh -L1234:localhost:1234 -J spanky#bastion.example.com ec2-user#consul.internal
From man ssh:
-J destination
Connect to the target host by first making a ssh
connection to the jump host described by destination and then
establishing a TCP forwarding to the ultimate destination from there.
Multiple jump hops may be specified separated by comma characters.
This is a shortcut to specify a ProxyJump configuration directive.
I'm using an ssh tunnel to forward a port to a db server.
Let's say I'm using mysql, so my ssh command would be something along the lines of
ssh -fqTN -L 12345:127.0.0.1:3306 user#server.com
based on the method of transfer (sync from or sync to) I want to use either the -L or -R flags.
I do need the -L flag at first though, so I open the tunnel above anyway.
My question is though -
If after now run
ssh -fqTN -R 12345:127.0.0.1:3306 user#server.com
Will it replace the above command and make a reverse tunnel on the same port?
The second command will not "replace" the first command, but it will work just fine.
You started with:
ssh -fqTN -L 12345:127.0.0.1:3306 user#server.com
This opens port 12345 on your local system and forwards it to 127.0.0.1:3306 from the perspective of the remote system, so that you can access the mysql server on the remote system using local port 12345.
The second command...
ssh -fqTN -R 12345:127.0.0.1:3306 user#server.com
...opens port 12345 on the remote system and forwards it to 127.0.0.1:3306 from the perspective of your local system, allowing the remote system to access a mysql server on your local host via port 12345.
This doesn't conflict with the original command, so these can both be run at the same time.
Update
Responding to your comment here, because I want to quote some command output:
If I run:
ssh -R 12345:127.0.0.1:3306 remote_system
Then on remote_system I run lsof -i -n, I see:
sshd 23280 lars 10u IPv6 37263762 0t0 TCP [::1]:italk (LISTEN)
sshd 23280 lars 11u IPv4 37263763 0t0 TCP 127.0.0.1:italk (LISTEN)
And from /etc/services, we see that italk is port 12345. If you add -P to your lsof command line it will not try to translate port numbers to service names:
# lsof -i -n -P | grep 12345
sshd 23280 lars 10u IPv6 37263762 0t0 TCP [::1]:12345 (LISTEN)
sshd 23280 lars 11u IPv4 37263763 0t0 TCP 127.0.0.1:12345 (LISTEN)
I'm trying to use the Docker API to connect to docker daemon from another machine. I am able to do this command successfully:
docker -H=tcp://127.0.0.1:4243 images
But NOT when I use the real IP address:
docker -H=tcp://192.168.2.123:4243 images
2013/08/04 01:35:53 dial tcp 192.168.2.123:4243: connection refused
Why can't I connect when using a non-local IP?
I'm using a Vagrant VM with the following in Vagrantfile: config.vm.network :private_network, ip: "192.168.2.123"
The following is iptables:
# Generated by iptables-save v1.4.12 on Sun Aug 4 01:24:46 2013
*filter
:INPUT ACCEPT [1974:252013]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1511:932565]
-A INPUT -p tcp -m tcp --dport 4243 -j ACCEPT
COMMIT
# Completed on Sun Aug 4 01:24:46 2013
# Generated by iptables-save v1.4.12 on Sun Aug 4 01:24:46 2013
*nat
:PREROUTING ACCEPT [118:8562]
:INPUT ACCEPT [91:6204]
:OUTPUT ACCEPT [102:7211]
:POSTROUTING ACCEPT [102:7211]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.16.42.0/24 ! -d 172.16.42.0/24 -j MASQUERADE
Came across a similar issue, one thing I don't see mentioned here is you need to start docker to listen to both the network and a unix socket. All regular docker (command-line) commands on the host assume the socket.
sudo docker -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock -d &
will start docker listening to any ip address on your host, as well as the typical unix socket.
You need to listen to 0.0.0.0. When you listen on 127.0.0.1, it means that no one outside your host will be able to connect.
Please note that in doing this, you have given anyone, and any URL sent to you by email access to your Docker API, and thus root permission.
you should, at minimum, secure your socket using https: http://docs.docker.com/articles/https/
There are 2 ways in configuring the docker daemon port
1) Configuring at /etc/default/docker file:
DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"
2) Configuring at /etc/docker/daemon.json:
{
"hosts": ["tcp://<IP-ADDRESS>:<PORT>", "unix:///var/run/docker.sock"]
}
IP-ADDRESS - any address which is accessible can be used.
Restart the docker service after configuring the port.
The reason for adding both the user port[ tcp://127.0.0.1:5000] and default docker socket[unix:///var/run/docker.sock] is that the user port enables the access to the docker APIs whereas the default socket enables the CLI.
I have computer (ubuntu server). Server have internet and share internet for local network. There is one computer in local network have FTP. How to get access to local FTP from internet?
A good Site to take a look: Linux Firewalls using iptables
iptables -A PREROUTING -p tcp -i ppp0 --dport 21 -j DNAT --to 192.168.1.1:21
ppp0 = Interface WWW
192.168.1.1 = The Server which provides FTP in your Lan