I've been trying to get sqlplus to connect to Oracle from my OS X machine. I asked another question about it here.
One person suggested that I try telnet. Consulting the man page, I tried:
[ ethan#gir ~ ]$ telnet DBHOST:1521
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: Operation timed out
telnet: Unable to connect to remote host
Also...
[ ethan#gir ~ ]$ telnet DBHOST 1521
...with same result.
I'm not sure how to interpret these results. Seems like what you'd expect in any case. You wouldn't do this...
$ ssh some_mysql_host:3306
How is telnet to Oracle different?
Or maybe I didn't understand what they meant.
If anyone could help me understand how one uses telnet to test a connection to Oracle I would be grateful.
They're proposing use of telnet simply because it's one of the simplest TCP/IP clients and because it's installed almost everywhere. It's just an easy way to check from the command line whether you're actually able to make a TCP/IP connection to any particular service.
Also, on many of the ASCII based IP protocols it's straight forward to actually interact with the server to check its working by typing in commands and looking at the responses - I've done this numerous times myself with SMTP servers.
In your case, as you're getting a timeout, either the whole host is down, or the access to that particular host or service is being blocked by a firewall. If you can reach the server with a ping then the latter is more likely.
There's also an outside chance that your name resolution is actually taking you to the wrong host, but you should be able to confirm that by looking at the IP address that telnet said it was trying to connect to.
Another common response is "connection refused". That means that the host is up, but that there's no service running on the specified port.
Basically when you specify a port number e.g
Telnet myserver 1521
It will try to connect to the machine on that port. If you see any data returned or even a blank console then it has connected. If you receive an unable to connect message then the machine is not listening on that port or a firewall is blocking the connection.
Your attempt to telnet to dbhost 1521 getting 'unable to connect' with a timeout suggests that either your hostname resolution for 'dbhost' is giving you the wrong answer, or that host is offline, down or you have network problems.
If oracle was working, you'd get a connection. You wouldn't really be able to do anything with it, but it would confirm that oracle was up and listening.
Oracle instance is not connected from other systems, while it is connected from localhost, I think port is not opened and it is showing problem to telnet 1521 port from other system.
Why not do it the 'right' way? Telnetting to some arbitrary network port will not give you correct information, if the database and it's listener is working correctly.
Just install the oracle instantclient software and use the configuration wizard.
Related
On a Windows Server 2016 Standard, 64-bit, x64-based server, I try to connect to a specific port (1807) to access a third party application using Eclipse. However, an as yet unidentified process is closing it.
How do I find out what?
There seems to be lots of info about how to close ports on SO, but can't find anything about how to monitor what is closing it.
According to a co-worker who looks after the firewall the port is open. Although I also tried running Eclipse on the server and connection to the port inside the firewall. Tried connecting via a testing tool and get "The underlying connection was closed. The connection was closed unexpectedly."
The message connecting via Eclipse is "Cannot join host http://myHost:1807 - Possible reasons could be the host is temporarily unavailable, DNS cannot resolve this name. The port is not open to the outside. The host name is mispelt. The host response has timed out. The host has multiple network cards but one of them is not responding. The newtwork infrastructure does not allow the access to this host".
Eclipse connects via another port OK.
Please let me know if you have any ideas about how to solve this.
You can get the PID of port closing program by netstat -a -n -o. Then by using
tasklist /fi "pid eq 6368" you can find the name of program. 6368 is the pid of program that's blocking the port
Im trying to download a file from a FTP server using active mode.However,it looks like my connection just"expire" or something each time.First,I open a port on my computer using netcat,ex:
nc -vv -l -p 62077
this will listen on port 62077 on my computer.Then,I open another netcat windows,log in to the FTP link using port 21,and once im in the directory where the file I want is in,I do
PORT (my IP separated by , ),(242,125(wich equals to port 62077)\r\n
However,after I enter this command,nothing happen for about 10-15 seconds,and the netcat just quit without saying anything.Nothing happen either on the netcat window that is listening on port 62077.It does that everytime,I dont know what I am doing wrong.I did the same thing with Filezilla(in active mode) and examinated the commands with wireshark,I do the exact same command as Filezilla,however filezilla will be able to retrieve the file while netcat wont.I want to retrieve it with netcat and I dont know what im doing wrong.I am using Windows 10.
thank you!
After you have established your listening nc socket, and after you have sent the USER, PASS, and PORT commands, you then need to trigger the file transfer to that listening socket using e.g.:
RETR /path/to/file/to/download
on the control connection. (Unless you actually are already doing this, but didn't mention it in the post?)
Also, just to note: you mention using something like this:
PORT 1,2,3,4,(242,125)\r\n
Right? Those parentheses might also be an issue. Instead, you might try:
PORT 1,2,3,4,242,125\r\n
without any parentheses.
Now, depending on the IP address you sent (hopefully not a private network address), the data transfer may still not happen, due to firewalls/routers/NAT on the client side of things. Given that your Filezilla download of the same file works, I suspect that those firewall/router/NAT issues may not apply.
Hope this helps!
I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?
The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)
This is part programming, part sysadmin, so please excuse me if you feel that this should be over on serverfault.
I have an application that is not SOCKS aware and that we need to use through a firewall. We cannot modify the application to have SOCKS support either.
At the moment, we do this by aliasing the IPs the application talks to the loopback adapter on the host, then creating SSH tunnels out to another host. The IP's the application uses are hardcoded. Our SSH connections look like:
ssh -L 1.2.3.4:9999:1.2.3.4:9999 user#somehost
Where 1.2.3.x are aliases on the loopback.
So the application connects to the open port on the loopback, which gets sent out to the SSH host and onto the real 1.2.3.4.
It works, but the problem is that this application connects to quite a few IPs ( 50+ ), so we end up with 50 ssh connections out from the box.
We've tried to use several 'proxifying' apps, like tsocks and others but have had alot of issues with them ( the app is running on OS X and tsocks doesn't work so well, even with the patches )
Our idea was to write a daemon that listened on all interfaces on the specified port - it would then take the incoming packets from the application, scrape the packet info ( dst IP, port, payload ), recreate the packet and proxify it through a single SSH SOCKS connection ( ssh -D 1080 user#somehost ). That way, we only have 1 SSH connection that all the ports are being proxied through.
My question is - is this feasible? Is there something that I'm missing here? I've been combing through pfctl, ipfw, iptables docs, but I don't see any option to do it through those and this doesn't seem like it'd be the most difficult thing to code. It would recreate the packet based on the original destination IP and port, connect to the local SOCKs proxy and resend the packet as if it were the original application, but now with SOCKS support.
If I'm missing something that someone knows about that already does this, please let me know. I don't know socket programming or SOCKs too well, but this doesn't seem like it'd be too big of a project to tackle, but I'd like some opinions if I'm biting off way more that I should.
Thanks
If your application could add SOCKS client support, you can simply ssh -D lock_socks_port remote_machine, which will open up the local *lock_socks_port* as a SOCKS server at localhost, which can then connect to any host accesible by the remote machine.
Example: imagine you are using an untrusted wifi network without encryption. You can simply launch ssh -D 1082 home, and then configure your web browser to use localhost:1080 as SOCKS server. Of course, you need a SOCKS-enabled client. All the traffic would appear as coming from your gateway, and the connection would be opaque to those snooping the wifi.
You can also open a single ssh client with an indefinite number of LocalForward requests, which would be tunneled on top of a single ssh session.
Moreover, you can add ssh connections to an already-established ssh connection by using the ControlMaster and ControlPath options of ssh.
I'm trying this with Oracle SQL Developer and am on an Intel MacBook Pro. But I believe this same error happens with other clients. I can ping the server hosting the database fine so it appears not to be an actual network problem.
Also, I believe I'm filling in the connection info correctly. It's something like this:
host = foo1.com
port = 1530
server = DEDICATED
service_name = FOO
type = session
method = basic
That's the message you get when you don't have the right connection parameters. The SID, in particular, tends to trip up newcomers.
If you want to connect to database on other host then you need to know
hostname
port number (by default 1521)
SID name
if you get the connection error that you mentioned in your question then you have not specified correctly either hostname or port number. Try
telnet hostname portnumber
from Terminal to verify if you can connect to portnumber (by default 1521) - if not then probably port number is incorrect.
My problem turned out to be some kind of ACL problem. I needed to SSH tunnel in through a "blessed host". I put the following in my .ssh/config
Host=blessedhost
HostName=blessedhost.whatever.com
User=alice
Compression=yes
Protocol=2
LocalForward=2202 oraclemachine.whatever.com:1521
Host=foo
HostName=localhost
Port=2202
User=alice
Compression=yes
Protocol=2
(I don't think the second block is really necessary.) Then I change the host and port in the oracle connection info to localhost:2202.