My situation is as follow: an application I am working on works using multiple database servers (MySQL) connections, I work locally and these database servers do not allow connections from anywhere, so I have set up a local test server. How do I redirect all the outgoing traffic to these servers (port 3306) to this local server?
As far as I know - even though I never used it yet - you can use the ipfw tool on OSX for similar tasks as you would use iptables for (filtering, address translation etc.). Here you find some more hints: OSX pfctl manpage
Related
What I'm Trying to Achieve
To access localhost from my local machine during the development of a Symfony web app.
My Environment
WSL2 running on Windows 10
Linux, Apache2, MySQL, PHP-7.4 stack (with Xdebug3 intalled)
Debian 10
Symfony 5.4 (although not sure on if relevant to this problem)
Steps I've Taken
Set up WSL2 according to this Microsoft WSL2 tutorial
Set up LAMP stack according to this Digital Ocean tutorial
Set up Symfony according to this Symfony tutorial
Run the following bash script on startup to start my services and set the host to the virtual WSL IP in my xdebug.ini file
#!/bin/sh
REMOTEIP=`cat /etc/resolv.conf | grep nameserver | sed 's/nameserver\s//'`
sed -i -E "s/client_host=[0-9\.]+/client_host=$REMOTEIP/g" /etc/php/7.4/mods-available/xdebug.ini
service php7.4-fpm start
service apache2 start
service mysql start
Run my Symfony project on the development server using symfony serve -d (Symfony then tells me "The Web server is using PHP FPM 7.4.23 https://127.0.0.1:8000")
Go to https://localhost:8000/ in Chrome where the app is running
What I Expect to Happen
My Symfony web app to be running on https://localhost:8000/ when I visit the URL in my Chrome browser
What Actually Happens
I get "This site can't be reached localhost refused to connect." in the Chrome browser
What I've Tried
This used to happen less frequently and I would give my laptop a restart, repeat the process above, and I could connect via https://localhost:8000/. However, it refuses to connect more regularly now (like 8/10 times I start up for the day)
Connecting to https://127.0.0.1:8000 yields the same result.
Connecting to the site using the internal WSL IP address, found using hostname -I and replacing localhost with this IP (still on port 8000). This is an adequate workaround to use my app, however I am unable to interact with my database via MySQL Workbench without having to set up a new connection, therefore a fix where I can use localhost would be very helpful!
(Based off comments) Only ran symfony serve -d without starting apache and PHP services separately - still sometimes allows connections to localhost but sometimes doesn't work.
Conclusion
The behaviour is odd as it works sometimes but other times it doesn't when the exact same steps are carried out. I am unsure where else to look for answers and I can't seem to find anything online with this same problem. Please let me know if any config files, etc would be helpful. Thank you so much for your help! :)
When it's working normally, as you are clearly aware, the "localhost forwarding" feature of WSL2 means that you can access services running inside WSL2 using the "localhost" address of the Windows host.
Sometimes, however, that feature breaks down. This is known to happen when you either:
Hibernate
Have the Windows "Fast Startup" feature enabled (and it is the default). Fast Startup is a pseudo-hibernation which triggers the same problem.
Typically the best solution is to disable Hibernation and Fast Startup. However, if you do need these features, you can reset the WSL localhost feature by:
Exiting any WSL instances
Issuing wsl --shutdown
Restarting your instance
It's my experience that localhost forwarding will work after that. However, if it doesn't, thanks to #lwohlhart in the comments for mentioning that another thing to try is disabling IPv6 on WSL2, since (I believe) there's a possibility that the application is listening on IPv6 while the Windows->WSL2 connection localhost connection is being attempted on IPv6.
You can disable IPv6 on WSL2 per this Github comment by creating or editing .wslconfig in your Windows user profile directory with the following:
[wsl2]
kernelCommandLine=ipv6.disable=1
A wsl --shutdown and restart will be necessary to complete the changes.
If you find that this works, it may be possible to solve the issue by making sure to either use the IPv4 (127.0.0.1) or IPv6 (::1) address specifically in place of localhost on the Windows side, or by configuring the service to listen on both addresses.
Try to run command netstat -nltp. It shows active addresses and ports. Your nginx process should be run at 0.0.0.0:8000. 0.0.0.0 means the nginx process is available from anywhere.
If your nginx process is ran by any specific ip address, you should access it by that ip address, e.g http://192.168.4.2:8000.
After installing Tigase on an AWS EC2 instance I keep getting the error message 'connection refused' when I try to connect to it using an xmpp client.
The instance is attached to a security group with rules to allow traffic to the necessary ports (tigase needs 5223 primarily and some others for more exotic features). I've also tried it with rules allowing all traffic to all ports from all sources but I still get the same message.
I've also checked iptables because I noticed some people needed to configure those as well in specific cases, I made sure it allows all connections but still I can't connect to Tigase.
Yes Tigase is running, there are no relevant errors in the Tigase logs
SSH (port 22) and HTTP (port 80) work fine
Enabling ICMP (ping) on all ports works fine
I've tried several xmpp clients, same problem
I've deleted and recreated instances several times
Re-installed Tigase on fresh instances several times with various configuration options
Tried using domain name associated with Elastic IP, normal IP and tried public DNS directly.
Configured the DNS in the way necessary for Tigase as described here
I've looked everywhere and have not been able to find anything to fix this. Networking isn't my main area of expertise and I'd really appreciate any advice.
Wow, in case anyone runs into the same problem in the future, turns out that this was related to the AMI. I was using an Amazon Linux AMI and switched to Ubuntu Server 14.04 LTS. I wish I tried this sooner but I didn't really consider this a possible solution earlier. Apparently Amazon Linux doesn't play well with Tigase.
I'm running Redis locally and have multiple machines communicating with redis on the same port -- any suggestions for good ways to lock down access to Redis? The database is run on Mac OS X. Thank you.
Edit: This is assuming I do not want to use the built-in (non backwards compatible) Redis requirepass directive in the config.
On EC2 we lock down the machines that can make requests to the redis port on our redis box to only be our app box (we also only use it to store non-sensitive data).
Another option could be to not open up the redis port externally, but require doing port forwarding through an ssh tunnel. Then you could only allow requests coming through the tunnel and only allow ssh with a known key.
You'd pay the ssh penalty, but maybe that's ok for your scenario.
There is a simple requirepass directive in the configuration file which allow access only to clients who authenticate through AUTH command. I recommend to read docs on this command, namely the "note" section.
I need to check if remote host is Windows or Unix/Linux.
I can't assume that it has web server configured.
All I can do is to try to connect to several TCP or UDP services.
Which TCP services (TCP port numbers) usually will be opened on Windows and not on Unix/Linux and vise versa?
The other way is to try to ssh to it, and if it fails assume that it Windows host. The problem is, that I need this in order to choose the remote access method ssh or something Windows friendly like psexec.
You can read the output of nmap to detect which OS a remote host is running. It has a whole module dedicated to this. Here is a guide to using it.
Why not just try to connect one way, and if that fails, connect the other way, and if neither work, tell the user?
If that's all you're trying to do, there's no need to actually check the OS.
This is not an easy thing to answer with any degree of certainty as there are very few ports that will always be open on one OS but not on another.
You could try some/all of the following
80 http obviously
22,23 Telnet and SSH (Not usually open on windows, one at least usually open on *nix)
135 Used by WMI so often open on windows
1443 (Possibly SQL Server)
691 Used by MS Exchange routing
3389 MS Remote Desktop
I would suggest that scanning ranges of ports may lead you into trouble particularly if these are not your machines. You may find your IP address logged as a possible source of "Port Scanners"
There are some fairly extensive lists of ports available on the web. e.g. http://keir.net/portlist.html
I will be building a server/client software on Windows, where many machines need to communicate with a Postresql database running on the server. This is C++ software so I will use libpq to connect to the database.
If I do this, will there be issues with the firewall? I'd like to make configuration as easy as possible and not have users open up firewall ports or disable their firewall.
If I do need to open up firewall ports, can I use WCF to get around the issue? Basically send a command to the server using WCF, run the postgresql command locally, and get the result back (I have never used WCF but understand that it can communication using HTTP port 80).
PostgreSQL typically listens on port 5432, which is not open by default in the Windows firewall. But the only machine where the firewall would need to be re-configured is the one where PostgreSQL is running. If you have many client machines, none of them should require firewall changes (unless they have restrictions on outbound traffic, which is rare).
Hope this helps.
You can also configure SSL connections to ensure better security.