I'm trying to install Oracle 11g from scratch on an AWS Linux machine. In order to do so, I believe I'm required to enable X forwarding so I can use the graphical installation. I have never been good with X server/client situtations.
Setup:
cygwin64 (local)
NAT instance (Amazon)
Linux instance in private subnet accessible through said NAT (Amazon)
I'd like to forward the Oracle installation from the Linux instance through the NAT and to my local machine. Any help would be appreciated. I'm happy to provide more information, especially since I haven't provided much so far. I'd also love to hear that I'm going about this all wrong and that it's easy to install Oracle from the command line.
The client and server seem "backwards" in the world of X, because your workstation is the "server," providing the service of a display device and keyboard/mouse... while the program you are running, often remotely, is the "client," using those display and input devices services.
So the program you want to run needs to be able to connect "backwards" to your machine, but you can forget, for a moment, about the NAT aspect, because that's not directly relevant. The important thing is that you have a way to establish a chain of SSH connections from end to end, and that should be all you'd need, because SSH does the work. No firewalls were harmed in the answering of this question.
I don't know what kind of SSH utility cygwin has, but it will presumably be comparable. I tested the following first when end to end Linux, and then by replacing "ssh" with "\Program Files (x86)\PuTTY\putty.exe" on a Windows 7 desktop machine for the workstation. Both scenarios worked as expected, and the arguments are conveniently the same.
We'll call the NAT machine hostname "natbox" and the database "databox".
On your local machine, your X server is presumably listening on port 6000, so we need to get traffic back to it.
workstation $ ssh -R 127.0.0.1:5555:127.0.0.1:6000 natbox
I chose 5555 arbitrarily, but any unused value above 1024 should work. You could also use 6000 also but it makes the example even more counter-intuitive than it already is.
The first IP/port pair 127.0.0.1:5555 refers to the remote machine (natbox). Your SSH session will open a socket listening on port 5555 of the the loopback interface on the remote machine. The second IP/port pair 127.0.0.1:6000 refers to your workstation, which is the place the traffic is to return to. Connections to port 5555 on "natbox" will be tunneled back on your workstation, where an attempt will be made to connect to your local port 6000.
natbox $
So now we're logged in to natbox, and the tunnel is half-built.
natbox $ ssh -R 127.0.0.1:6000:127.0.0.1:5555 databox
This makes an SSH connection to "databox" where it opens up a listen socket on that server's port 6000 bound to the loopback address. Connections hitting that port will be sent back down the ssh connection to "natbox" where they will try to connect to natbox's port 5555... which, in the prior step, we already have linked back to your workstation's port 6000 -- your X server.
databox $ export DISPLAY=:0.0
databox $
Done.
Any X client program run on "databox" will try to connect to the local machine's display '0' on port 6000... which should end up back at your console.
databox $ xterm
This should open up a terminal window from "databox" on your local display. You don't need this, but it's probably going to be easier to verify and troubleshoot the X setup without dragging the Oracle componentry into the mix.
Note, the first reference to 127.0.0.1 (and the : between it and the first port number) on the ssh -R option are actually implicit, but I included them because it seems slightly less counter-intuitive to me. It is also possible to set this up in a cascade on a single command line, by providing the "command to execute" on the intermediate machine as the final argument to "ssh" on the local machine, as long as you add a -t to the first ssh so that it knows you want a tty end-to-end... but it was already complicated enough, so I didn't include that.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last year.
The community reviewed whether to reopen this question 9 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I am running a local AEM server in my Windows machine. The server is running on localhost:4502. I am using Ubuntu distro running in WSL2 for my development. I want to access the localhost:4502 running in the Windows machine in my WSL2 Ubuntu.
Is there any way to do that or is it not possible ?
Short answer for most recent Windows versions
mDNS has been a feature of WSL2 for a while now. Concatenating your WSL2 hostname (or the equivalent command/function in your programming/language environment) with ".local" should get you access.
For example, from Bash, try:
ping "$(hostname).local"
For instance, if your hostname is "MyComputer", then the mDNS should be MyComputer.local.
If ICMP is blocked (as it seems to be on new Windows 11 installs), or if you want to test the connection to the actual port, then use netcat. It's available by default in the WSL Ubuntu installation, but may need to be installed in other distributions like openSUSE:
nc -zv "$(hostname).local" <portnumber>
Why localhost doesn't work
WSL2 is running with a virtual network (vNIC) that is created by the Windows Virtual Machine Platform (a subset of Hyper-V). Inside WSL2, localhost is the address of the vNIC.
What you need
WSL2 also sets up a virtual router on the Windows host to allow connectivity to both the outside world as well as the Windows host. You can see this via:
ip route
This is the address you need to use for the Windows host.
You could, of course, parse it from the route (or, as in an earlier answer, from /etc/resolv.conf), but WSL sets up a convenience mDNS (the .local domain) using the Windows "computer name", which is also used as the hostname of the WSL instance.
So concatenating $(hostname) (or it's equivalent in your programming/language environment) with ".local" should get you access.
Other considerations:
mDNS is reliant on the Windows host to resolve the name. If you have changed your /etc/resolv.conf under WSL, then this will likely not work.
Remember to open any necessary firewall ports. WSL2 is considered a separate network from that of the Windows host. Windows will consider network connections from WSL2 to be coming from an external source. (Credit to #RamilGilfanov for a comment pointing this out)
The first time a connection is made from WSL2 to a particular port, Windows Defender (if that is your firewall) will typically display a dialog asking if you want to grant access. However, in my experience, this dialog often gets buried under the main window due to timing of mouse-clicks, keyboard, etc., so it's easy to miss.
Remember to have your Windows service accept connections from remote hosts.
Many servers are configured by default to bind to localhost/127.0.0.1. Because WSL2 appears to Windows as a remote network, you'll typically need to update your configuration to bind to 0.0.0.0 or a specific address.
Note that, since the address for WSL2 changes after each reboot, it can be difficult to update your configuration each time. If at all possible, use 0.0.0.0 unless there are security concerns. Since WSL is designed for development rather than production, this shouldn't be an issue.
I was also looking for some solution to do this but currently, there is no such option available. Check out this GitHub issue:
https://github.com/microsoft/WSL/issues/4619
One solution can be this:
If you have the IP of windows(host) then it will do the job but the only problem is that IP will change every time. But, WSL2 stores your windows(host) IP in /etc/resolv.conf file. So we can modify our etc/hosts to map winhost to the IP dynamically.
Add the following lines at the end of ~/.bashrc file. This will grep the IP and modify the etc/hosts when you boot the WSL.
export winhost=$(cat /etc/resolv.conf | grep nameserver | awk '{ print $2 }')
if [ ! -n "$(grep -P "[[:space:]]winhost" /etc/hosts)" ]; then
printf "%s\t%s\n" "$winhost" "winhost" | sudo tee -a "/etc/hosts"
fi
then run the following command to reload the changes.
$ source ~/.bashrc
now you can use winhost instead of localhost in WSL2(client) to access the servers running windows(host). In your case, it will be winhost:4502 but this will work for any other use cases as well like accessing Postgres/MySQL server running on windows, etc.
NOTE: Always remember to configure your firewall on windows to allow those ports so that WSL2 can access otherwise your connection may get blocked by firewall.
You need add ipv6 rule in hosts file.
Like:
127.0.0.1 example.com
::1 example.com localhost
I had a similar problem and found the solution at this link:
https://github.com/microsoft/WSL/issues/5728
This is simple, you just need to do 2 things. set ip address to localhost in hosts file and allow windows firewall to allow incoming connections.
Here are steps by step instructions:
Get IP address, open cmd type ipconfig /all, note down ip address 172.22.16.1
Open notepad as administrator, File->open , browse to C:\Windows\System32\drivers\etc\hosts , add line 172.22.16.1 localhost, save and close.
Last option is to allow Firewall rules to accept public connections, for this open control panel > System and Security > Windows Defender Firewall > Advanced Settings > Inbound Rules > 'New Rule`
Rule Type : choose Port , click next
Protocol and Ports : type *Specific local port: 4502 , click next
Action : Allow the connection , click next
Profile : check Public , click next
Name : type AEM server , click finish
close other windows, again open cmd , type wsl --shutdown for shutdown ubuntu subsystem.
open ubuntu again.
testing connection type curl localhost:4502 in command prompt. if it returns something means you are good to go.
The easy way:
in ubuntu command line type: ip route
default via 172.23.96.1 dev eth0
172.23.96.0/20 dev eth0 proto kernel scope link src 172.23.97.122
In your app, config the host to: 172.23.97.122
Now you can access using Windows Browser
This really belongs on another forum, but I suspect you could do this.
Step 1. Run your AEM server on your actual IP address (or all addresses) instead of binding to just localhost.
Step 2. Your Ubuntu WSL client instance won't share localhost with the host machine, but it will share the local IP address your machine actually has (e.g. 10.0.0.2). Just have your client connect to that IP address instead of localhost.
I don't know anything about AEM, but you might need to secure it if you are exposing it to a larger network. Block port 4502 on the upstream firewall or use a Windows Firewall rule to only allow incoming on port 4502 from your own IP address. This certainly appears possible.
Windows 10 considers localhost as ::1
Ubuntu considers localhost as 127.0.0.1
So solution is to create a mapping
create a file called .wslconfig in C:\Users<your_username>.wslconfig
add the following to it.
[wsl2]
localhostForwarding=true
PS: I dont know if it mess up anything else but it helped me run django servers which were broken after upgrading to wsl2
I am trying to connect into an EC2 instance (i am using a mac) which has a Security Group allowing all inbound traffic over ssh (port 22) but i'm unable to access. I'm having a little delay before getting an Operation timed out.
I already tried it over other devices such a raspberry pi and another macbook and the connection was successful.
I got access to the raspberry pi over ssh and tried the connection to my EC2 from the terminal; thought my ssh client or the port status could be the issue but after doing this i'm not really sure if this is the case.
This is the message i get when trying to connect:
ssh: connect to host x.x.x.x port 22: Operation timed out
One thing I noticed is that I used a different .pem file which is supposed to not work for that instance and the error was the same, it looks like my Mac cannot reach it.
Things already verified:
Security Group allowing traffic over port 22.
Instance rebooted/recreated.
DNS and Public IP address changed after instance reboot.
SSH connection successful over other devices.
SSH connection to other devices from this mac successful.
Firewall turned off.
DNS flushed.
Ping performed with success.
Any help is really appreciated it.
-- UPDATE --
This issue rose in my work machine. Got a different laptop due to other issues and problem fixed, looks like it might have been something related to ports or some sort of configuration. Thought it was a problem with AWS but now it's working fine. Sadly I couldn't debug enough to know what the exact issue was. Thanks to everyone who helped out!
It seems that you can remote by other devices and this issue is only still happening on your MAC. Try this on your MAC and try to remote again:
Flush your DNS
I don't know which Mac OS you are using so I put the link here: (https://help.dreamhost.com/hc/en-us/articles/214981288-Flushing-your-DNS-cache-in-Mac-OS-X-and-Linux)
If still cannot, you can try to open some protocol ports on that instances like:
ICMP, Echo Reply, ...
then try to reach by that protocol commands:
Ping, telnet, ...
If the result is cannot too, so it must be that your MAC cannot even reach to that instance network, then try to ensure that your MAC can reach the instance's network first.
I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.
The website says:
Tunnlr uses SSH remote tunneling. It securely connects a port on your
local machine to an open port on our public server. Once you start
your Tunnlr client, the web server on your local machine will be
available to the rest of the world through your special Tunnlr URL.
Could someone please go into a bit more detail over how this entire process works? Or maybe point to something open source that allows the same thing?
The SSH protocol allows tunneling of connections in either direction. So based on the description above here's what is happening:
You download a client program (an SSH client) to your computer and run it.
The client establishes an SSH connection out from your computer to the tunnlr remote server
On the tunnlr server an access port is opened for incoming connections. Let's say port 1234.
Now when anyone connects to tunnlr:1234 the tunnlr server will instruct your client program through the connection established in step 2 to open a connection inside your computer - let's say to port 80 (e.g. you're running a webserver there).
The tunnel connection will now shuffle data between tunnlr:1234 and your_computer:80.
So effectively this is what is running:
[some_remote_computer]<->[tunnlr:1234]<->[SSH tunnel]<->[your_computer:80]
Assume some_remote_computer is your friend or anyone else you want to be able to connect to your local web server.
SSH is available for many platforms (Linux, Windows, OSX and more). You can build such tunnels quite easily with it, but you will of course need access to both computers you want to build the tunnel between. Let's say one computer is your own computer and another is a VPS you've rented (or any other remote server with SSH access). Now you can run exactly the same setup.
The advantage with tunnlr is they manage the remote server for you, and they have a registered hostname you can use for your tunnels.
I need to check if remote host is Windows or Unix/Linux.
I can't assume that it has web server configured.
All I can do is to try to connect to several TCP or UDP services.
Which TCP services (TCP port numbers) usually will be opened on Windows and not on Unix/Linux and vise versa?
The other way is to try to ssh to it, and if it fails assume that it Windows host. The problem is, that I need this in order to choose the remote access method ssh or something Windows friendly like psexec.
You can read the output of nmap to detect which OS a remote host is running. It has a whole module dedicated to this. Here is a guide to using it.
Why not just try to connect one way, and if that fails, connect the other way, and if neither work, tell the user?
If that's all you're trying to do, there's no need to actually check the OS.
This is not an easy thing to answer with any degree of certainty as there are very few ports that will always be open on one OS but not on another.
You could try some/all of the following
80 http obviously
22,23 Telnet and SSH (Not usually open on windows, one at least usually open on *nix)
135 Used by WMI so often open on windows
1443 (Possibly SQL Server)
691 Used by MS Exchange routing
3389 MS Remote Desktop
I would suggest that scanning ranges of ports may lead you into trouble particularly if these are not your machines. You may find your IP address logged as a possible source of "Port Scanners"
There are some fairly extensive lists of ports available on the web. e.g. http://keir.net/portlist.html