I had a running EC2 server with an elastic IP address that was happily running memcached and beanstalkd listening on the external IP at port 11211 and 11300 respectively. I took a AMI of the server to upgrade the size and when the server restarted, neither memcached nor beanstalkd were running. Troubling for memcached as this was init.d to restart but beanstalkd was run as daemon from command line.
However, after several hours, I can't seem to figure out how to get them up and running again.
For memcached the config file reads:
# Default connection port is 11211
-p 11211
# Specify which IP address to listen on. The default is to listen on all IP addresses
-l <EXTERNAL IP ADDRESS>
When I try and run memcached as root from the command line:
memcached -d -m 1024 -u root -l <EXTERNAL IP ADDRESS> -v -p 11211
I get:
bind(): Cannot assign requested address
failed to listen on TCP port 11211: Cannot assign requested address
Yet when I look at netstat, nothing is bound to that port already:
netstat -ant | grep LIST
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
And if I grep the processlist, there is no other memcached running.
Iptables reports the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:11300 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:11211 state ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The EC2 instance is using the same security group as the original server, so the required ports are open.
Finally, maybe a hint is that the ifconfig IP address is different to the elastic IP address. If I try listening on either the inet adds: Bcast: the memcached service runs and binds however I can't seem to access memcached via the elastic IP.
I MUST be doing something stupid and obvious to you. Thanks for your help.
bind to 0.0.0.0 that should be public.
Related
I have setup my ec2 instance with Amazon Linux recently, after installing docker engine on top of it. I am trying to install oracle database 19C. I am using this image from docker hub - https://hub.docker.com/r/heartu41/oracle19c
After pulling the image to my ec2 instance, I am running this command,
docker run -d -p 1522:1522 -e ORACLE_PDB=orcl -e ORACLE_PWD=myPassword_1 --name oracle heartu41/oracle19c
After database creation, when I am trying to access my db via SQL Developer, I am getting this error: Status :
Failure -Test failed: IO Error: The Network Adapter could not establish the connection (CONNECTION_ID=CU+VDPsBSvq5qHjARSnh/w==)
I went into my ec2 instance and run netstat -an
[oracle#4efe2d8e171a ~]$ netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5500 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:43205 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1521 0.0.0.0:* LISTEN
tcp 0 0 172.17.0.2:1521 172.17.0.2:51876 ESTABLISHED
tcp 0 0 172.17.0.2:51876 172.17.0.2:1521 ESTABLISHED
udp 0 0 127.0.0.1:46954 0.0.0.0:*
udp 0 0 127.0.0.1:59300 0.0.0.0:*
udp 0 0 127.0.0.1:59926 0.0.0.0:*
udp 0 0 127.0.0.1:45999 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 112206 /var/tmp/.oracle/sEXTPROC1
unix 2 [ ACC ] STREAM LISTENING 112207 /var/tmp/.oracle/s#27.1
unix 2 [ ACC ] STREAM LISTENING 112209 /var/tmp/.oracle/s#27.2
Here, I can see port 1522 is not being used.
Is there some extra setting, if I want to use a different port than 1521
I’m trying to configure debugger for my web application, but I run into trouble with specifying correct ports for it.
Vagrantfile:
config.vm.network :private_network, ip: "192.168.68.8"
config.vm.network :forwarded_port, guest: 80, host: 8080
/etc/hosts (on my host machine)
192.168.68.8 mysite.com
I installed these two gems for debugging
gem 'ruby-debug-ide', group: [:development,:test]
gem 'debase', group: [:development,:test]
I read that in order to use ruby-debug-ide on vagrant, I should run
rdebug-ide --host 0.0.0.0 --port 80 --dispatcher-port 8080 -- bin/rails s
where --port should be guest port from Vagrantfile and host port for `--dispatcher-port``
But it says
Permission denied - bind(2) for "0.0.0.0" port 80
On the other side, if I try to change those ports in Vagrantfile, I lose the opportunity to reach my application from 127.0.0.1:specified_port, but still can do it from mysite.com, which is confusing
you already have something listening on port 80 (apache or nginx) so you cant bind on this port. You can do one of the following
start rails on another port like 3000
in your vagrant start rdebug-ide --host 0.0.0.0 --port 3000 --dispatcher-port 3000 -- bin/rails s
If you use a private network IP in your vagrantfile you dont need to forward port as you'll access your VM server using its own IP
check what is listening on port 80
run sudo netstat -nltp in your VM, check the process which binds the port 80 and kill it
For example
vagrant#precise32:/etc/init.d$ sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 512/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1827/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 652/sshd
tcp 0 0 0.0.0.0:58397 0.0.0.0:* LISTEN 539/rpc.statd
tcp6 0 0 :::111 :::* LISTEN 512/rpcbind
tcp6 0 0 :::22 :::* LISTEN 652/sshd
...
so you'll kill the apache2 process (PID 1827)
I went through all these error questions that I could find on SO and I've done everything that it appears I should do. Still, I get connection refused when I telnet to port 25
This is what is asked for in other questions:
netstat-an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53045 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::52266 :::* LISTEN
So, port 25 is listening. Next, can I telnet to 25 on localhost? Yes. No problem. I can do localhost and I can do it with 127.0.0.1 and I can do it with the proper IP address. As long as I am on the machine itself, I can telnet to port 25.
Next, the EC2 firewall. There are two levels, iptables and the EC2 security zone. I made sure iptables and ip6tables were shut down. Service shows that both are "Firewall is not running". I checked the EC2 security zone. It shows:
25 tcp 0.0.0.0/0
So, it is allowing all traffic to port 25.
Still, I get connection refused when I telnet to port 25.
I continued. I checked /etc/hosts.allow and /etc/hosts.deny. Both are empty.
I continued. I looked in the mail folder. The domain is in local-host-names (which doesn't matter since I never get to the point of entering a recipient email address). I don't see anything about blocking or allowing hosts. Perhaps there is something buried in the cryptic sendmail.cf file. So, I wanted to ensure that sendmail was definitely listening with
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail 11457 root 4u IPv4 830292 0t0 TCP *:smtp (LISTEN)
Same as netstat. Listening on all devices on port smtp (25).
So, I am at a loss. Why would I get connection refused on port 25? It isn't unable to reach server. It isn't that it is not listening. It is clearly that it is listening and refusing connections.
The problem here is that there are two issues:
1) Many ISPs block outbound port 25 requests. So, it is rather common that telnet somedomain.com 25 will fail and report something like "denied" or "unreachable."
2) Proper programs that go out on port 25 are mail programs. A mail program is designed to send email to your email service, which then uses the MX record for the domain name to deliver the email. What I found is that when you register a domain name with Network Solutions and set "All" IP addresses to be a certain address, they do NOT set the MX record address. That remains set to Network Solutions' mail server. So, if someone uses a proper email program to hit your domain name, it will go to mx.yourdomain.com, which may not be your server.
In my case, I had to manually set the IP address for the mx record with Network Solutions. Then, I magically started getting emails.
For those that don't know how to check MX records, in Linux, you can run dig domain.name MX. However, it isn't your MX record setting that matters. It is your mail server's setting. For example, if my computer says the mx record is 12.34.56.78 and I use GMail and Google says the mx record is p.ctmail.com, then sending email through GMail will fail.
today i installed a vncserver on my raspberry pi running rasbian.
I used this tutorial: http://blog.wenzlaff.de/?p=2207 (its german but i think you will understand what they do there anyway ;) )
Everythin worked great but the tightvnc viever jar applet on my mac will not go further than "handshaking with remote host". After typing in my password of my pi, nothing is happening anymore.
I tried to look in the logs of tightvncserver on the pi , but i got a "permission denied" every time.
Can you help me please. I dont know what do to now.
Thanks
Most likely you have some problems with SSH-tunneling ( provided you were following the tutorial).
To diagnose what's happening, first it would be nice to figure out whether your vncserver is running on Raspberry. You can do it by issuing command:
netstat -lnt
The output can look something like below:
pi#raspberrypi ~ $ netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
We are interested to see if there's line:
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
which basically tells us that our vncserver instance is listening on port 5901.
If that's true, then you should be able to use any VNC Viewer to connect to your RPI. Maybe you want to avoid SSH-tunnelling option and connect directly.
My security group has the following:
>22 (SSH) 0.0.0.0/0
>80 (HTTP) 0.0.0.0/0
>143 (IMAP) 0.0.0.0/0
>443 (HTTPS) 0.0.0.0/0
>995 (POP3S) 0.0.0.0/0
>465 (SMTPS) 0.0.0.0/0
>25 (SMTP) 0.0.0.0/0
Running a netstat on the server shows the following:
>Active Internet connections (servers and established)
>Proto Recv-Q Send-Q Local Address Foreign Address State
>tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
>tcp 0 0 10.211.30.202:44025 194.14.0.125:6667 ESTABLISHED
>tcp6 0 0 :::995 :::* LISTEN
>tcp6 0 0 :::110 :::* LISTEN
>tcp6 0 0 :::143 :::* LISTEN
>tcp6 0 0 :::22 :::* LISTEN
>tcp6 0 0 :::25 :::* LISTEN
>tcp6 0 0 :::993 :::* LISTEN
And when I try and access the box from the outside world, I get nothing.
>thedude:~ root$ telnet mail.sd0a.com 25<br />
>Trying 107.20.235.215...<br />
>telnet: connect to address 107.20.235.215: Operation timed out<br />
>telnet: Unable to connect to remote host<br />
Anyone have any positive experiences with Amazon EC2 instances and getting mail to a state where it will work? Its worth noting that via command line, mail seems to go through. System is Ubuntu 12.04.1 LTS if that matters.
Might be your ISP filtering outbound connections to port 25/tcp in order to prevent botnet spam.
To eliminate the obvious: Have you tried
connect to another port other than 25?
connect to another new ec2 instance, port 25? (straightforward task to duplicate it on EC2)
connect from another machine (or your friend's PC) to sd0a.com:25?
traceroute to identify where the packets are dropped?
setup postfix on port 2525 (remember to add that into Security Groups)
ufw* on Ubuntu. (Default is off... but good to check)
As far as I can tell, all IP addresses on Amazon EC2 are blacklisted in spamhaus.com (and a lot of other anti-spam list). Hence most likely your ISP is blocking these packets, if so it is IP block or port block?