EC2:Connection reset by peer - amazon-ec2

Hi i am configuring ftp on amazon ec2 mincro linux instance i have suceessfully install and configure vsftpd on my instance, and also i create user for my ftp. but when i ftp my instance it will give following error
Error:
"Connection reset by by peer"
can any one help me regarding this what was im going wrong, or what im missing,
Note i have configure instance firewall as following
Custom tcp rule:
Port range : 20 - 21
source : 0.0.00/0
any hep is greatly appreciated. thanks in advance.

I'm using an instance for VPN and FTP(vsftpd) servers. Add this in the /etc/vsftpd/vsftpd.conf
pasv_addr_resolve=NO|YES
pasv_address=You Elastic IP Address|Hostname
pasv_min_port=2020
pasv_max_port=2020
Where pasv_address is your Elastic IP Address (set pasv_addr_resolve=NO) or you can use dyndns service and set pasv_addr_resolve=YES correspondingly. Then open 2020 and 21 ports in firewall. In this configuration you can use FTP server even in passive mode (Incoming connections are prohibited in you local PC).
All vsftpd config options are described here

Related

Access public PostgreSQL server (Amazon RDS) from personal computer through proxy

I'm new to Amazon Web Service (AWS).
I already created a PostgreSQL from AWS RDS:
Endpoint: database-1.XXX.rds.amazonaws.com
Port: 5432
Public accessibility: Yes
Availablity zone: ap-northeast-1c
After that, I will push my application that using the database to AWS (maybe deploy to EKS).
However, I want to try testing the database server from my local computer first.
I haven't tried testing from my laptop PC at home yet, but I think it will connect OK because my laptop PC is not using the HTTP proxy to connect to the network.
The problem is that I want to try testing from my company PC, which needs setup the HTTP proxy to connect to the internet. The PC spec:
Windows 10
Installed PostgreSQL 10
Firstly, I tried using psql command-line:
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://user:password#my_company_proxy:3128
set https_proxy=http://user:password#my_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://my_second_company_proxy:3128
set https_proxy=http://my_second_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
Then, I tried using the pgAdmin tool.
As from the internet post, it said that we can use "SSH Tunnel" for inputing proxy:
However, the error message will be shown:
So, anyone can help suggest if we can connect to the public PostgreSQL server through HTTP proxy?
I think problem is Postgres uses plain TCP/IP protocol and you are trying to use HTTP proxy. Also you're trying to create SSH tunnel against your HTTP proxy server which won't work.
So I'd suggest following solutions:
Use TCP proxy instead of HTTP proxy
Create an EC2 or any instance that has SSH access from your company network and has access to public internet. So that you can create SSH tunnel through that instance to achieve your goal.
NOTE: Make sure you PostgreSQL is accessible from public internet (although this is usually bad idea, but it's out of scope this question) sometimes security group configs prevent it to connect from public internet.
Just add all ports(5432,3128...) in the Security Group from your RDS and specify your IP. Don't forget "/32"
Let me add that "unknown host" is usually an indication that you're not resolving the DNS hostname. Also, your HTTP proxy should not interfere with connections to databases since they aren't on port 80 or 443. A couple of things you can try (assuming you're on windows) sub in your actual url:
nslookup database-1.XXXX.rds.amazonaws.com
telnet database-1.XXXX.rds.amazonaws.com 5432
You should also check the security group that is attached to your RDS and make sure you've opened up the ip address that you're originating from on port TCP/5432.
Lastly check that your VPC has DNS and Hostnames enabled. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating

Unable to connect to host on different system from mongo shell in windows

I am trying to connect to mongodb from my system to different system but i am getting following error-
MongoDB shell version v3.4.5
connecting to: mongodb://192.168.0.152:27017/
2017-06-23T18:06:50.643+0530 W NETWORK [thread1] Failed to connect to 192.168.0.108:27017 after 5000ms milliseconds, giving up.
2017-06-23T18:06:50.644+0530 E QUERY [thread1]
Error: couldn't connect to server 192.168.0.152:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:237:13
#(connect):1:6
exception: connect failed
I tried various solutions listed on stackoverflow but didn't find any solution yet.
Can somebody please help me out?
getaddrinfo() resolves domain names through the DNS protocol (which is not related the Netbios Naming System - reason why writing a Windows PC Name is usually a bad idea). Depending of the underlying implementation of the function it might or might not be able to resolve Netbios Names.
Usually using a Netbios computer name is a bad idea, you should rely on a proper DNS architecture.
If you have the exact same error with a mongodb:// URL using solely an IP address, it's weird... Please provide more details on the IP address try case.
Also ensure that the server is not firewalled. Try a netcat connection using netcat for windows:
nc IP 27017 -vv
should say 'Connected'
Netcat for Windows: https://eternallybored.org/misc/netcat/
To be able to connect to mongodb server hosted in another machine, you should be sure that your mongodb server allows connections from addresses other than 127.0.0.1
In the mongod.conf there should be some network interfaces configuration:
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
To allow any machine to connect to your server the bindIp should be set to: 0.0.0.0

Access ftp server from Google Cloud Engine VM

I have created a LAMP Bitnami VM on Google Cloud Platform Compute Engine.
vsftpd is installed already and I have edited the options to include:
listen=YES
listen_address=0.0.0.0
write_enable=YES
local_enable=YES
anonymous_enable=NO
local_umask=022
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.allowed_users
I have the PHP server up and running on http://my-ip-address but when I try to navigate to ftp://my-ip-address the browser just hangs.
I haven't used ftp for about 100 years so I'm not sure if I'm going about this the right way.
Do I need to do something with the firewall? I tried to do that but GCP wouldn't accept ftp as a protocol.
I've also tried with Filezilla but I get 'connection timed out'.
What am I missing please?
Make sure you have GCP firewall rule (ingress) in place to allow tcp:21 for FTP traffic to reach to the instance.
You can install tcpdump package on the server to monitor the traffic for verification.
To monitor the traffic on port 21 (ftp) can use the following syntax:
sudo tcpdump -i interface port 21
Example: sudo tcpdump -i eth0 port 21
I verified this on the GCE LAMP Bitnami VM with vsftpd package installed and was able to ftp from browser.
Moreover, FTP is an insecure protocol. You can set-up SFTP for more security and encrypted traffic.
Yes you missing Google Cloud Firewall, You have open some ports to make a successful connection with your ftp server. Go and visit this Set up an FTP Server on Google Cloud Platform -siteyaar.com blog post, This will help you.
First add this line in vsftpd.conf file.
pasv_min_port=40000
pasv_max_port=50000
After that open this ports 20,21,990,40000-50000 from Google cloud Firewall.

Accessing remote server service via HTTPS

I have a server(AWS) to which I have ssh access.
There is a service(supervisor) running on this service on port 9001 whose web view can be accessed through 127.0.0.1:9001 had it been a local machine.
But since it is not a local machine, how do I access it?
I got the ip address of the machine using ifconfig | grep inet and then tried accessing it through https://172.11.11.1:9001/
Bit dint work.
When I tried wget https://172.11.11.1:9001/ it shows
Connecting to 172.31.19.8:9001... and hangs there.
I have added the following line in my supervisor conf file.
[inet_http_server]
port = *:9001
Can someone please help me with this?
This is more of a server config question. You'll most likely find your AWS access properties allow connections on post 22, 80 and 443 only. In AWS console you'll need to add a new security access group to allow port 9001 to be accessed.

Wakanda Server 10 on Amazon EC2, cannot listen for connections on port 8080 or secure port 4433 on all IP addresses

I have installed wakanda server on an Amazon EC2 server running ubuntu by following this utube video: https://www.youtube.com/watch?v=uSQODnB7wRU .
Now the video is for an older version but I have followed along successfully until I actually launch wakanda on the server. This is what I get in the console:
Welcome to Wakanda Server 10 build 10.187175
Publishing "DefaultSolution" solution
The solution's log file will be stored in the "/home/ubuntu/.Wakanda Server/UserCache/Wakanda Server/DefaultSolution-1882/Logs/" folder
The Administration Web Server cannot listen for connections on port 8080 or secure port 4433 on all IP addresses
You can customize the Administration Web Server's ports with the "--admin-port" and "--admin-ssl-port" options
, then when I try to log into it via the browser it says the connection dropped! Any help would be much appreciated, it seams I need to restrict the IP addresses which can access, but how?
Your wakanda server tried and failed to listen on 8080 and/or 4433
Check the following things:
Are the ports 8080 and/or 4433 used by other processes? (sudo netstat -tapen | grep :8080, if a result is found, then yes another process uses 8080. Check 4433 also)
You may found that wakanda server is already running as a service:
yes you should use this service (create and edit /etc/default/wakanda, add WAKANDA_SOLUTION_AT_STARTUP=your_path and restart with sudo /etc/init.d/wakanda restart)
or to continue starting it manually, stop the service first (sudo /etc/init.d/wakanda stop)
Has the current user the right to listen on those ports? (try running the server with sudo just to check, then use authbind or equivalent)
Can you use alternative ports? (use --admin-port and --admin-ssl-port wakanda server options)
wakanda-server --help will give you the list of options available, especially --solution=VALUE to provide the path to your solution.

Resources