I've currently set-up a VM with an AD, CS & LDAP Server. I've done some configuration so that everything works internally, however, this doesn't seem to work when attempting to access the machine externally.
On the First Machine, locally, i can use ldp.exe and connect with SSL over the 636 port.
With the second machine, on the same network, i attempt to connect over the 636 port and the connection fails. However, the non-SSL 389 port still is able to connect.
Can anyone point out anything which may be causing this?
NOTE: I'm a developer, not a networking/sysadmin guy, so keep it simple please.
Thanks in advance, Jordan
EDIT:
This is the netstat for the 389 & 636 ports on TCP:
// Local?
0.0.0.0:389 / 0.0.0.0:0 / LISTENING
0.0.0.0:636 / 0.0.0.0:0 / LISTENING
// Not sure...
[::]:389 / [::]:0 / LISTENING
[::]:636 / [::]:0 / LISTENING
// Also not sure, IP6?
[fe90:11ee..............]:389 / [fe90:11ee..............]:60441 / ESTABLISHED
[fe90:11ee..............]:389 / [fe90:11ee..............]:60445 / ESTABLISHED
[fe90:11ee..............]:389 / [fe90:11ee..............]:60449 / ESTABLISHED
WINDOWS FIREWALL is turned off, so i think the rule's wouldn't be an issue.
ERROR
ld = ldap_sslinit("ldaptest.local", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error:
Error <0x51>: Fail to connect to ldaptest.local.
Related
I have a workstation with Win 10 on which I installed OpenSSH server. If I try to connect to it (from another machine with Win 10 using ssh in a command prompt) I see it gives the following error:
ssh: connect to host Test3 port 22: Connection timed out
On wireshark Syn packets are sent but no answer is received back.
If I dissable Windows firewall on destination then connection is established.
I want to leave the firewall enabled and disable only ssh port.
You can easily use netsh.exe.
netsh advfirewall firewall add rule name="Open SSH Port 22" dir=in action=allow protocol=TCP localport=22 remoteip=any
You can also change remoteip to a specific host:
remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>
I found on microsoft site a link which allow to do it using graphical interface.
I solved my problem performing the following steps as administrator:
Open the Group Policy Management Console / File/ Add snap-in / Windows Defender Firewall with Advanced Security(or Windows Settings/ Windows Defender Firewall / Advanced settings).
Inbound Rules / Actions / New rule
Rule Type / Port / Next
TCP / Specific port: 22 / Next
Allow the connection / Next / Next
Name / Open ssh port 22 / Finish
I have a very simple LAN setup and am trying to connect to an Apache server running on the LAN. The server IP is 192.168.1.178. I'm trying to connect from a box on same LAN with IP of 192.168.1.161. Attempting to connect from browser results in error saying site is unreachable. I can ping the server and SSH into the server. But, telnet and curl result in no route to host errors.
Both boxes are set up with static IPs. DNS for static connection is 192.168.1.1. Both boxes are running Manjaro and no firewalls are turned on. Apache access logs show no attempt to connect and there are no errors in the Apache error logs.
I also set up a test python server (sudo python -m http.server 80) to try that. Attempting to curl to that server results in 'connection refused' error as opposed to 'no route to host' error for the Apache server.
Traceroute results are:
traceroute 192.168.1.178
traceroute to 192.168.1.178 (192.168.1.178), 30 hops max, 60 byte packets
1 raptor (192.168.1.178) 0.434 ms !X 0.366 ms !X 0.400 ms !X
I discovered that a firewall daemon was running, which was causing the problem. Disabling the firewall solved the issue.
First, I wanted to see what was using port 80:
C:\Users\[my user]>netstat -aon | findstr :80
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 192.168.1.46:57822 72.21.91.29:80 TIME_WAIT 0
TCP [::]:80 [::]:0 LISTENING 4
C:\Users\[my user]>
See what I had in PID 0 and 4:
I did not have an application using port 80 from what I see. I would think that port 80 is free for an application such as Apache to use it. In the following screen, I click "Start Apache" and nothing happens. That was how I always used to start Apache.
I am trying to start Apache on port 80:
If I use a different port such as 81, 82, 83, etc., it works. But I want to use port 80 because I do not want to use http://localhost:81/ in the URL to test my site. I simply want to use http://localhost/.
Do you have an idea about why I am not being able to start the Apache service on port 80 even though apparently port 80 is free? Or maybe it is not free because this PID 4 is using it? The name of that process is System.
Please try the following;
Right click on My Computer.
Select Manage.
Double click Services and Applications.
Then double click Services.
Right click on "World Wide Web Publishing Service".
Select Stop.
I am using a different port instead of 80. Not a big deal, I would have preferred to use port 80 but I can cope with not using it. That is fine.
I am trying to configure haproxy 1.5 on Ubuntu 3.2.0-91-generic as a TLS proxy for plain TCP traffic to a non-TLS server running on the same machine. The local non-TLS server is running on port 9501, and I want haproxy to listen on port 9500, decrypting incoming TLS connections on that port and forwarding the unencrypted TCP traffic to the server on port 9501. I'm doing all this on 172.28.11.94, which is a local intranet address that's bound to my eth0 interface. My haproxy config looks like this:
listen rtt 172.28.11.94:9500
mode tcp
bind 172.28.11.94:9500 ssl crt /etc/haproxy/cert.pem
option tcplog
server rks 172.28.11.94:9501
haproxy reports that this is valid:
dlobron#bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V -c
Configuration file is valid
But when I run haproxy, I get an error:
dlobron#bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 2 (1 usable), will use poll.
Using poll() as the polling mechanism.
[ALERT] 011/114700 (6149) : Starting proxy rtt: cannot bind socket [172.28.11.94:9500]
I verified that my local non-TLS server on port 9501 is fine:
dlobron#bos-lpjbb:/etc/haproxy$ telnet 172.28.11.94 9501
Trying 172.28.11.94...
Connected to bos-lpjbb (172.28.11.94).
Escape character is '^]'.
203 WELCOME
The warning about select() not working is a little strange, but it seems like it's falling back to poll(), which should be fine. But I can't figure out why it can't bind to port 9500 when I run it as root, as I'm doing here. Any help would be much appreciated!
The very helpful guys on the HAProxy mailing list pointed out my problem: the first line of my server stanza is:
listen rtt 172.28.11.94:9500
This is telling HAProxy to bind to 172.28.11.94:9500, and then the "bind" line in my config file is telling it to bind a second time to that same point - hence the error. I changed the first line of the stanza to just:
listen rtt
and it's now fine.
I have Apache installed on Windows 7. It's running successfully - I can connect to it from the local host. The problem is that none of the other computers on the local wireless network don't connect.
I have configured the \apache\conf\httpd.conf to "Allow from all" and to "Listen 80"
I disabled the Firewall for Port 80
Also, the command netstat -abn shows:
TCP 0.0.0.0:80 0.0.0.0: LISTENING
Can anyone think of a reason that prevents me to connect from another machine?
Try using the repair option on the firewall - sometimes the wizard there will add additional rules which resolve the issue.