I am trying to connect to tensorboard on my google compute engine instance but it is not working.
I have an anacondo distribution and use:
tensorboard --logdir=/logs
to create my tensorboard at default port 6006.
I also allowed HTTP/HTTPS traffic at my instance and also edited my firewall rules to allow traffic at:
IP ranges: 0.0.0.0/0
tcp:6006
udp:6006
But, when I try to acess my tensorboard at
http://EXTERNAL_IP:6006
I get a timeout loading.
Can anybody help me?
Normally this type of configuration is related to port communication issues. Go ahead and get all the available ports with nmap, and you should see something as following:
$ nmap -Pn [YOUR IP ADDRESS]
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
3389/tcp closed ms-wbt-server
Once, you confirm if the port "6006" is open, check if it can connect to your server with a telnet:
$ telnet [YOUR IP ADDRESS] [YOUR PORT]
telnet: Unable to connect to remote host: Connection refused
If you get "connection refused" make sure not only that this port is "open" but that it's "listening" as well (remember this needs to be configured on your application in your web server). You can check that with a netstat as following:
$ netstat -an | egrep -w “6006”
And you should see something like this (example for port 22):
$ netstat -an | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
If it says 127.0.0.1 on the Local Address column, it means that port is ONLY listening for connections from your PC itself, not from the Internet or network. If it says 0.0.0.0, it means that port is listening on all 'network interfaces' (i.e. your computer, your modem(s) and your network card(s)).
Thus, the IP you need is the one as the example (0.0.0.0), since this means all IPs can reach that specific port. Plus, you must see the “Listen” status.
In addition, make sure to set up properly the Firewall rules in GCP and your software running on the instance itself to allow traffic to/from this port “6006” in specific, either to any instance or to a specific one using network tags.
Related
I'm trying to ssh into my cisco ISR router. DHCP is working and I can ping the default gateway (the ISR), and can ssh with other devices on the LAN. so I know the LAN connection isn't the problem. I set up a local user that works with console logins so that's not the problem either.
I set up my ssh connection on the router with the following commands:
(config)#line vty 0 21
(config-line)#login local
(config-line)#exec-timeout 3
(config-line)#rotary 1
(config-line)#transport input ssh
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config)#ip ssh port 2222 rotary 1
(config)#ip ssh authentication-retries 3
Then when I nmap the router it has the following ports open:
PORT STATE SERVICE
22/tcp open ssh
However, every time I try to log in to the router I get a Network is unreachable error. This is using the 2222 and 22 port and testing the normal IP and the hostname#ip formats for ssh and absolutely nothing works. I managed to get into telnet with the default settings earlier, but I'm not sure how to get in with SSH.
Thank you all for the help, I know it was very open ended so just let me know anything that could be helpful and I'll provide it.
One logical test step to do, would be switch back to port 22.
Network unreachable usually indicates there's no packet response coming from the host.
It could be because of multiple reasons, but since you've mentioned that ping and telnet went fine. I'd suggest you revert the port config, restart the unit once. See how it goes.
Other possible reasons could be ACL block and/or firewall block on your machine but I think it's unlikely.
I have a GCE Instance a Debian 1v CPU & 1.7GB. Then I followed the below tutorial and installed webmin on it.
https://www.howtoforge.com/tutorial/how-to-install-webmin-on-ubuntu-15-04/
The installation went successfully. Then I Created a Firewall exception on using the UFW and allowed port 10000.
sudo ufw allow 10000/tcp
But I was not able to access Webmin through the browser.
https://my-gce-instance-ip-address:10000.
Then i created firewall exception using the Google Cloud Console. Again tried the url it didnt work.
Then i thought this might be because of webmin is https mode. So i open the /etc/webmin/miniserv.conf and changed ssl=0. After that i restarted the webmin.
/etc/init.d/webmin restart
Then I tried the the url with Http, still I can't access.
I tried below command and checked the output. Accordingly Webmin is correctly running and listening on port 10000.
netstat -tulpn | grep :10000.
I can't seem to think what I am doing wrong. I have now spent several days on this without and solution in sight. Hope someone can kindly help me?
try this ... it's working for me
iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT
service iptables save
/etc/init.d/iptables restart
open both link in Browser
https://your-IP:10000
and
http://your-IP:10000
you need to allow port 10000 from iptables
sudo iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
this work for me
i'm using ubuntu 16.04
You don't need to do any firewall configuration in the instance itself. All firewall configuration is done in the Google Cloud console.
The steps I typically follow, as you show to have figured out in your comment, are:
Create the firewall rule, in it opening the particular port you need (10000 in the case of Webmin) for ingress TCP traffic, accepting connections from some IP range (e.g. 0.0.0.0/0), and specifying target tags to be later assigned to instances to which that rule shall apply.
Add one of those tags to the "network tags" section of some particular instance.
This alone should work, opening the port for your instance in the firewall.
I was almost creating another question here on SO when yours was suggested as a possible duplicate. I had followed the steps above on my Webmin machine, and yet the machine refused to connect on port 10000. As I kept writing the question, I figured out my particular problem: in the firewall rule, in the source IP range filter, I set the single meta-address 0.0.0.0 instead of the range 0.0.0.0/0. So, to anyone who has followed the steps above and still can't connect to their webmin installation, do check if your source range filter is correctly set.
I am running a java application on a remote server that opens port 7462 for a telnet connection to issue simple commands. I have established a VPN connection (using openvpn) between my local machine and the remote server, but cannot telnet from my local machine to port 7462. The IP address of my vpn server is 10.8.0.1. I am also running postfix on my remote server and am able to telnet to port 25 without any issues. The following commands yield the below results:
On my local machine:
$ telnet 10.8.0.1 25
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
220 xxxxx.com ESMTP Postfix (Debian/GNU)
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ telnet 10.8.0.1 7462
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
Connection closed by foreign host.
$
On the remote server:
$ netstat -plnt | grep -P "7462|25"
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 10.8.0.1:7462 0.0.0.0:* LISTEN 6463/java
tcp6 0 0 :::25 :::* LISTEN -
$ telnet 10.8.0.1 7462
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.
exit
OK Goodbye
Connection closed by foreign host.
An iptables -L command on both the local and remote machine show that I have no firewall rules established and I have not specifically configured any routes.
I can't figure out why I can connect to the remote server's port 25 from my local machine, but not port 7462. From the remote server though I can connect to port 7462 using the 10.8.0.1 IP address. I'd be happy to provide any additional information and thanks in advance for you help
-Nathan
I figured out my problem. The application was limiting the IP addresses that could connect on the 7462 port and it was a configuration item that needed to be set (default was just localhost). I feel a little silly for such a simple answer, but thanks for the suggestions!
I figured out my problem. The application was limiting the IP addresses that could connect on the 7462 port and it was an (obscure) configuration item that needed to be set (default was just localhost). I feel a little silly for such a simple answer, but thanks for the suggestions!
I am doing a local forwarding to the remote port at 80 which the apache2 is listening on like this ssh -L 80:localhost:80 user#host.com , so it connects me to the remote server, however I find I can still do mkdir rm and such commands. Isn't it so that I am only forwarded to application listening on port 80? so what's the difference to this command ssh -p 22 host.com ? Is there a way to test if this port forwarding is working?
Yes, you can Test as follows:
You should use a Client program on one Side and A Server Program on the other remote side.
Try to connect your client to your server according to ports and IP's used in your port forwarding by Netsh Cmd.
If connection succeed , that is it, if connection fails, that means port forwarding command was failed, or your ip and port configuration of your client and server is wrong.
More over if you send a text file to the server, you should receive it.
I hope that this will help.
Thanks.
You can listen on port 80 with netcat like this on the host ...
nc -l -p 80
... and then either send something back with netcat ...
nc host.com 80 <<< hello
... and see if you get a "hello" on the server, or use nmap :
nmap host.com -p 80
You can also use nmap the same way if you already have a server listening on port 80, like apache.
Just note that nmap will say it's closed unless there is something listening on that port.
I have an Apache webserver running on a local machine through reverse ssh tunnel, i.e.:
ssh -R *:80:local_machine:8080 username#gateway_machine
In other words, all traffic from port 80 on gateway_machine
is sent to port 8080 on local_machine.
For monitoring purposes, I wish to know IP addresses of the remote clients
connected to gateway_machine. However my local Apache server sees
all traffic coming from the IP address of gateway_machine.
My question: Is there any way to setup ssh server running on gateway_machine such that
it sends all traffic to local_machine with actual remote IP addresses ?
The SSH protocol uses a channel type called "direct-tcpip" for forwarding a TCP connection. The protocol message for opening one of these channels includes the address and port of the client whose connection is being forwarded. So the information that you want is available to the ssh client (which in your case is opening the connection to the target of the forward).
The OpenSSH ssh client logs the originator address and port in a debug level message, so you can see it if you run ssh with the -v option:
$ ssh -v -R 2000:localhost:1000 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2000, originator ::1 port 51101
Here the originator address was ::1 (IPv6 localhost) and port 51101. The ssh utility doesn't do anything else with the information.
So, depending on your needs, you have three approaches to collect this information:
Invoke the ssh process which creates these forwards with the -v option, and arrange to collect and parse the relevant debug information.
Make source code changes to ssh to make it do what you want it to do with the information.
Write your own ssh client which does what you want. SSH client libraries are available for most modern programming languages.