I just installed rabbitmq on a 14 ubuntu, adjusted the hostname in the /etc/hosts files, in the following format 127.0.0.1 hostname.
I can see the web console with curl localhost:15672, but when I try to access it with the browser, it just won't open?
I can see the port with netstat:
netstat -nptl | grep 15672
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 29997/beam
But I can't see it with nmap:
nmap -sT -O localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-16 19:52 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00022s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
I also enabled the web interface in rabbitmq, made the user and all that, but when I try to access it through the browser http:/my-ip-address:15672(5672), the web page just times out?
Tnx,
Tom
Even though tunnelling using ssh is a well discussed topic in internet, I couldn't make my setup proper. This is what the problem statement I have
-> I have two servers A and B.
-> I am trying to create a tunnel from A to B
-> In B I have echo server which is listening on port 34567
-> In A I have executed the command ssh -L 4444:10.106.251.90:34567 127.0.0.1
-> Netstat shows as follows
~ # netstat -na | grep 4444
tcp 0 0 127.0.0.1:4444 0.0.0.0:* LISTEN
tcp 0 0 ::1:4444 :::* LISTEN
-> In B I tried to check netstat -na | grep 4444 but there was no reference of it
-> In A I have echo client which writes into 127.0.0.1:4444
-> If I execute client in A, it doesn't forward. Instead it gives some 0 length string always
Is there any thing that I am missing here ?
Thanks
~S
Try using
ssh -L 4444:127.0.0.1:34567 user#10.106.251.90
This will open port 4444 on your local machine, forwarding packets to port 34567 of the remote machine.
# using on local
telnet 127.0.0.1 4444
# is the same as
# on remote
telnet 127.0.0.1 34567
I have a proxy pass which redirects all BE service calls to the API-Gateway. For debugging one particular scenario, I want to proxy all urls with base path /abc to a netcat proxy which would dumplt the complete request on console.
ATM I am using following proxy pass:
ProxyPass /abc/ http://localhost:8089/apigateway/api/
Whereas I am listening on port 8089 as follow:
nc -p 8089 localhost 8080
But the nc connection is closing up within few seconds after i run the above mentioned command. Any idea what am I do wrong?
When I curl the url http://localhost/abc/messaage, I see 503 as response.
Following worked for me:
sudo nc -l localhost 8089 < abc.txt | tee -a in | nc localhost 8080 | tee -a out.html > def.txt
Listening on port 8089 (httpd forwards everything on 8089). nc then forwards the request to port 8080 (actual apigateway). In the middle it dumps the request and response in different files.
I have an issue that I have been trying to resolve but cannot figure out what is going on. I have various web servers and they all have apache installed on them. They are all on the same network but one is giving me an issue.
I have servers (.44, .45 and .46)
I can ssh into .44 and ping .45 and .46 with no issues. However when I try to test and see if port 80 is open, .45 gives me this message.
someadminuser#somelocation:/var/www$ telnet 10.0.0.45 80
Trying 10.0.0.45...
telnet: Unable to connect to remote host: Connection refused
Here is the same test on .46
someadminuser#somelocation:/var/www$ telnet 10.0.0.46 80
Trying 10.0.0.46...
Connected to 10.0.0.46.
Escape character is '^]'.
So I ssh into .45 to see the port.
someadminuser#somelocation:~$ netstat -tulpn | grep :80
(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
someadminuser#somelocation:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:httpflags:
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Any help will be greatly appreciated.
****************UPDATE****************
I saved my ipv4 table and this is what i got:
# Generated by iptables-save v1.4.12 on Thu May 29 14:05:31 2014
*nat
:PREROUTING ACCEPT [3416:231940]
:INPUT ACCEPT [1175:75880]
:OUTPUT ACCEPT [337:25196]
:POSTROUTING ACCEPT [337:25196]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3000
Of course, there is more to it but this part look suspicious.
So the server is redirecting connections to local port 80 to local port 3000. Presumably there is nothing listening on port 3000 and that is why you are seeing the "connection refused".
If the working servers don't have this configuration, then you need to remove (or fix) the iptables. If the other servers do have that, then you need to figure out what they have running on port 3000 and why the failing server does not have the same.
I have written a small bash script which needs an ssh tunnel to draw data from a remote server, so it prompts the user:
echo "Please open an ssh tunnel using 'ssh -L 6000:localhost:5432 example.com'"
I would like to check whether the user had opened this tunnel, and exit with an error message if no tunnel exist. Is there any way to query the ssh tunnel, i.e. check if the local port 6000 is really tunneled to that server?
Netcat is your friend:
nc -z localhost 6000 || echo "no tunnel open"
This is my test. Hope it is useful.
# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND="ssh -p $SSH_PORT -q -N -R $REMOTE_HOST:$REMOTE_HTTP_PORT:localhost:80 $USER_NAME#$REMOTE_HOST"
# Is the tunnel up? Perform two tests:
# 1. Check for relevant process ($COMMAND)
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND
# 2. Test tunnel by looking at "netstat" output on $REMOTE_HOST
ssh -p $SSH_PORT $USER_NAME#$REMOTE_HOST netstat -an | egrep "tcp.*:$REMOTE_HTTP_PORT.*LISTEN" \
> /dev/null 2>&1
if [ $? -ne 0 ] ; then
pkill -f -x "$COMMAND"
$COMMAND
fi
Autossh is best option - checking process is not working in all cases (e.g. zombie process, network related problems)
example:
autossh -M 2323 -c arcfour -f -N -L 8088:localhost:80 host2
This is really more of a serverfault-type question, but you can use netstat.
something like:
# netstat -lpnt | grep 6000 | grep ssh
This will tell you if there's an ssh process listening on the specified port. it will also tell you the PID of the process.
If you really want to double-check that the ssh process was started with the right options, you can then look up the process by PID in something like
# ps aux | grep PID
Use autossh. It's the tool that's meant for monitoring the ssh connection.
We can check using ps command
# ps -aux | grep ssh
Will show all shh service running and we can find the tunnel service listed
These are more detailed steps to test or troubleshoot an SSH tunnel. You can use some of them in a script. I'm adding this answer because I had to troubleshoot the link between two applications after they stopped working. Just grepping for the ssh process wasn't enough, as it was still there. And I couldn't use nc -z because that option wasn't available on my incantation of netcat.
Let's start from the beginning. Assume there is a machine, which will be called local with IP address 10.0.0.1 and another, called remote, at 10.0.3.12. I will prepend these hostnames, to the commands below, so it's obvious where they're being executed.
The goal is to create a tunnel that will forward TCP traffic from the loopback address on the remote machine on port 123 to the local machine on port 456. This can be done with the following command, on the local machine:
local:~# ssh -N -R 123:127.0.0.1:456 10.0.3.12
To check that the process is running, we can do:
local:~# ps aux | grep ssh
If you see the command in the output, we can proceed. Otherwise, check that the SSH key is installed in the remote. Note that excluding the username before the remote IP, makes ssh use the current username.
Next, we want to check that the tunnel is open on the remote:
remote:~# netstat | grep 10.0.0.1
We should get an output similar to this:
tcp 0 0 10.0.3.12:ssh 10.0.0.1:45988 ESTABLISHED
Would be nice to actually see some data going through from the remote to the host. This is where netcat comes in. On CentOS it can be installed with yum install nc.
First, open a listening port on the local machine:
local:~# nc -l 127.0.0.1:456
Then make a connection on the remote:
remote:~# nc 127.0.0.1 123
If you open a second terminal to the local machine, you can see the connection. Something like this:
local:~# netstat | grep 456
tcp 0 0 localhost.localdom:456 localhost.localdo:33826 ESTABLISHED
tcp 0 0 localhost.localdo:33826 localhost.localdom:456 ESTABLISHED
Better still, go ahead and type something on the remote:
remote:~# nc 127.0.0.1 8888
Hallo?
anyone there?
You should see this being mirrored on the local terminal:
local:~# nc -l 127.0.0.1:456
Hallo?
anyone there?
The tunnel is working! But what if you have an application, called appname, which is supposed to be listening on port 456 on the local machine? Terminate nc on both sides then run your application. You can check that it's listening on the correct port with this:
local:~# netstat -tulpn | grep LISTEN | grep appname
tcp 0 0 127.0.0.1:456 0.0.0.0:* LISTEN 2964/appname
By the way, running the same command on the remote should show sshd listening on port 127.0.0.1:123.
#!/bin/bash
# Check do we have tunnel to example.com server
lsof -i tcp#localhost:6000 > /dev/null
# If exit code wasn't 0 then tunnel doesn't exist.
if [ $? -eq 1 ]
then
echo ' > You missing ssh tunnel. Creating one..'
ssh -L 6000:localhost:5432 example.com
fi
echo ' > DO YOUR STUFF < '
stunnel is a good tool to make semi-permanent connections between hosts.
http://www.stunnel.org/
If you are using ssh in background, use this:
sudo lsof -i -n | egrep '\<ssh\>'