What ports does RabbitMQ Server use or need to have open on the firewall for a cluster of nodes?
My /usr/lib/rabbitmq/bin/rabbitmq-env is set below which I'm assuming are needed (35197).
SERVER_ERL_ARGS="+K true +A30 +P 1048576 \
-kernel inet_default_connect_options [{nodelay,true}] \
-kernel inet_dist_listen_min 35197 \
-kernel inet_dist_listen_max 35197"
I haven't touched the rabbitmq.config to set a custom tcp_listener so it should be listening on the default 5672.
Here are the relevant netstat lines:
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 728/epmd
tcp 0 0 0.0.0.0:35197 0.0.0.0:* LISTEN 5126/beam
tcp6 0 0 :::5672 :::* LISTEN 5126/beam
My questions are:
for other nodes to be able to connect to the cluster, do all 3 ports 4369, 5672 and 35197 need to be open?
Why isn't 5672 running on tcp and not just tcp6?
PORT 4369: Erlang makes use of a Port Mapper Daemon (epmd) for resolution of node names in a cluster. Nodes must be able to reach each other and the port mapper daemon for clustering to work.
PORT 35197
set by inet_dist_listen_min/max Firewalls must permit traffic in this range to pass between clustered nodes
RabbitMQ Management console:
PORT 15672 for RabbitMQ version 3.x
PORT 55672 for RabbitMQ pre 3.x
Make sure that the rabbitmq_management plugin is enabled, otherwise you won't be able to access management console on those ports.
PORT 5672 RabbitMQ main port (AMQP)
PORT 5671 TLS-encrypted AMQP (if enabled)
For a cluster of nodes, they must be open to each other on 35197, 4369 and 5672.
For any servers that want to use the message queue, only 5672 (or possibly 5671) is required.
What ports is RabbitMQ using?
Default: 5672, the manual has the answer. It's defined in the RABBITMQ_NODE_PORT variable.
https://www.rabbitmq.com/configure.html#define-environment-variables
The number might be differently if changed by someone in the rabbitmq configuration file:
vi /etc/rabbitmq/rabbitmq-env.conf
Ask the nmap if it can see it:
sudo nmap -p 1-65535 localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-19 13:50 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00041s latency).
PORT STATE SERVICE
443/tcp open https
5672/tcp open amqp
15672/tcp open unknown
35102/tcp open unknown
59440/tcp open unknown
Oh look, 5672, and 15672
Ask netstat if it can see it:
netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN
tcp 0 0 :::5672 :::* LISTEN
Oh look 5672.
lsof to see ports:
eric#dev ~$ sudo lsof -i | grep beam
beam.smp 21216 rabbitmq 17u IPv4 33148214 0t0 TCP *:55672 (LISTEN)
beam.smp 21216 rabbitmq 18u IPv4 33148219 0t0 TCP *:15672 (LISTEN)
use nmap from a different machine, find out if 5672 is open:
sudo nmap -p 5672 10.0.1.71
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-19 13:19 EDT
Nmap scan report for 10.0.1.71
Host is up (0.00011s latency).
PORT STATE SERVICE
5672/tcp open amqp
MAC Address: 0A:40:0E:8C:75:6C (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Try to connect to a port manually with telnet, 5671 is CLOSED:
telnet localhost 5671
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Try to connect to a port manually with telnet, 5672 is OPEN:
telnet localhost 5672
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Check your firewall:
sudo cat /etc/sysconfig/iptables
It should tell you what ports are made open:
-A INPUT -p tcp -m tcp --dport 5672 -j ACCEPT
Reapply your firewall:
sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
To find out what ports rabbitmq uses:
$ epmd -names
Outputs:
epmd: up and running on port 4369 with data:
name rabbit at port 25672
Run these as root:
lsof -i :4369
lsof -i :25672
More about epmd options.
Port Access
Firewalls and other security tools may prevent RabbitMQ from binding to a port. When that happens, RabbitMQ will fail to start. Make sure the following ports can be opened:
4369: epmd, a peer discovery service used by RabbitMQ nodes and CLI tools
5672, 5671: used by AMQP 0-9-1 and 1.0 clients without and with TLS
25672: used by Erlang distribution for inter-node and CLI tools communication and is allocated from a dynamic range (limited to a single port by default, computed as AMQP port + 20000). See networking guide for details.
15672: HTTP API clients and rabbitmqadmin (only if the management plugin is enabled)
61613, 61614: STOMP clients without and with TLS (only if the STOMP plugin is enabled)
1883, 8883: (MQTT clients without and with TLS, if the MQTT plugin is enabled
15674: STOMP-over-WebSockets clients (only if the Web STOMP plugin is enabled)
15675: MQTT-over-WebSockets clients (only if the Web MQTT plugin is enabled)
Reference doc:
https://www.rabbitmq.com/install-windows-manual.html
Check \AppData\Roaming\RabbitMQ\log. If you have a log file there search for started TCP listener on [::].
It should tell you on which port rabbitMq is running. Look for the last entry.
Disclaimer: not the best way to find port, as there might be a chance the port has been changed in the mean time.
Related
After following the installation instructions referenced at https://superset.apache.org/docs/installation/installing-superset-from-scratch, I'm not able to see the app at the ip number/server port in my win 10 web browser. How do I make it work at the right ip address?
I've installed it under venv running on a CentOS 8 VM on my win 10 laptop. I'm using the NAT network adapter and I can can use putty and the CentOS 8 cockpit app is available on port 9090.
Currently it says it's running at 127.0.0.1:8089:
(venv) /root>superset run -p 8089 --with-threads --reload --debugger
logging was configured successfully
2021-08-04 15:35:48,492:INFO:superset.utils.logging_configurator:logging was configured successfully
2021-08-04 15:35:48,505:INFO:root:Configured event logger of type <class 'superset.utils.log.DBEventLogger'>
/root/venv/lib64/python3.8/site-packages/flask_caching/__init__.py:201: UserWarning: Flask-Caching: CACHE_TYPE is set to null, caching is effectively disabled.
warnings.warn(
No PIL installation found
2021-08-04 15:35:48,722:INFO:superset.utils.screenshots:No PIL installation found
* Serving Flask app "superset" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
2021-08-04 15:35:50,007:INFO:werkzeug: * Running on http://127.0.0.1:8089/ (Press CTRL+C to quit)
netstat shows port 8089 open for 127.0.0.1, but not the VM's ip number. nmap shows the port closed.
/root>netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 944/sshd
tcp 0 0 127.0.0.1:8089 0.0.0.0:* LISTEN 4247/python3
tcp6 0 0 :::9090 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 944/sshd
/root>nmap 192.168.42.130
Starting Nmap 7.70 ( https://nmap.org ) at 2021-08-04 15:45 PDT
Nmap scan report for kevinsAppServer (192.168.42.130)
Host is up (0.000015s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds
/root>nmap -p 8089 192.168.42.130
Starting Nmap 7.70 ( https://nmap.org ) at 2021-08-04 15:45 PDT
Nmap scan report for kevinsAppServer (192.168.42.130)
Host is up (0.000067s latency).
PORT STATE SERVICE
8089/tcp closed unknown
I think it should work if i can get the port opened on my server's IP number, unless there's something I did wrong..
I got it to work by adding the -h option for the superset run command, which I found when running the superset run --help at the server command line. So now this command works:
superset run -h my.i.p.adddress -p 8089 --with-threads --reload --debugger
In my case I also had to open port 8089 on the CentOS firewall.
I am trying to create a SSH tunnel between a database running server port and another server as the following.
MySQL:3306 <=====> Server-A:3306
And I want to use the Server-A:3306 as the database URI to connect to the database.
I am running the following on ServerA
ssh -f -N -i ~/keys/test.pem foo#foo.storesandbox.com -L5001:127.0.0.1:2001
I can see that the tunnel is up and running. But when I use the public IP of Server-A and try to connect to the database, It does not work.
If I create another tunnel between between Server-A and where I run the MySQL client. then it works. But I don't want to do that.
What can be the reason for this issue. I am fairly new to scripting
by default local side (ssh client) creates listening port at loopback interface with address 127.0.0.1 when you use command like this
ssh me#server -L3306:localhost:3306
if you check netstat on your host you will see something like this
sudo netstat -ntlp | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 12354/ssh
So applications at your local node can connect to such mapped service because loopback interface is visible to host itself but external nodes have no access to this virtual interface so can't make any connections to any service(port) which is listening on this single interface.
To instruct local ssh client to share such mapped port to the world you need to instruct it to bind to either all interfaces (including loopback) or to specific interface only
# here you explicitly tell ssh client to accept connection to your tunnel
# from any client(i.e. bind listenning port to all interfaces)
ssh me#server -L0.0.0.0:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#here you do the same thing by using -g option
ssh me#server -g -L3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#and here is an example of how to bind to specific interfaces only
# 10.0.0.12 is an IP of one of interfaces on your node
# 10.1.0.156 is also IP address of one interfaces of your node
ssh me#server -L10.0.0.12:3306:localhost:3306 -L10.1.0.156:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 10.0.0.12:3306 0.0.0.0:* LISTEN 12354/ssh
tcp 0 0 10.1.0.156:3306 0.0.0.0:* LISTEN 12354/ssh
I changed the port number from 6379 to 6380 but redis still tries to connect through the default port.
It says connection refused and couldn't connect through 127.0.0.1 6379. What can I do?
The command redis-cli -p 6380 will not start a Redis server that will listening to port 6380.
If you want to change the port you must firts kill the redis instance running on default port and then locate the redis.conf file.
Edit the lines:
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
cluster-config-file nodes-6379.conf
with your new port.
Finally, start Redis with the edited config file:
./redis-server /path/to/redis/redis.conf
Check if there is a process already using 6379. On MacOS, run:
lsof -i :6380
Then kill whatever is using that port. Make sure you kill the redis instance running on 6379 and restart it on 6380 once you're sure that port is free.
I am trying to run AMQP with bunny and event machine. Whenever I try to use a worker, bunny complains about the following: Could not establish TCP connection to any of the configured hosts
I don't see port 5672 anywhere when I run netstat. Further, the output of nmap -p 5672 0.0.0.0 gives the following:
Nmap scan report for 0.0.0.0
Host is up (0.000092s latency).
PORT STATE SERVICE
5672/tcp closed amqp
My configuration file ($HOME/etc/rabbitmq/rabbitmq.config is as follows:
[{mnesia, [{dump_log_write_threshold, 1000}]},
{rabbit, [{tcp_listeners, [5672]},
{cluster_nodes, {['rabbit#jordan-dev'], disc}}
]}].
Could anybody explain to me why rabbitmq can not connect to the tcp port specified in the configuration file?
Is your firewall configured properly?
Try telnet ip port from some machine is see if it's reachable. If it's not reachable then add the firewall rule.
iptables -A INPUT -p tcp --dport 5672 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 5672 -j ACCEPT
I've used docker to start my rabbitmqserver. How can I use rabbitmqctl to connect to the rabbitmqserver in the docker container?
Port 5672 has been exposed and map to the 5672 port of my host. But I still get the following error:
Status of node rabbit#m2 ...
Error: unable to connect to node rabbit#m2: nodedown
Assuming your container is called rabbitmq and is running:
docker exec rabbitmq rabbitmqctl start_app
rabbitmqctl uses Erlang Distributed Protocol (EDP) to communicate with RabbitMQ. Port 5672 provides AMQP protocol. You can investigate EDP port that your RabbitMQ instance uses:
$ netstat -uptan | grep beam
tcp 0 0 0.0.0.0:55950 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN 31446/beam.smp
tcp 0 0 127.0.0.1:55096 127.0.0.1:4369 ESTABLISHED 31446/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 31446/beam.smp
It means that RabbitMQ:
connected to EPMD (Erlang Port Mapper Daemon) on 127.0.0.1:4369 to make nodes able to see each other
waits for incoming EDP connection on port 55950
waits for AMQP connection on port 5672 and 55672
waits for incoming HTTP management connection on port 15672
To make rabbitmqctl able to connect to RabbitMQ you also have to forward port 55950 and allow RabbitMQ instance connect to 127.0.0.1:4369.
It is possible that RabbitMQ EDP port is dinamic, so to make it static you can try to use ERL_EPMD_PORT variable of Erlang environment variables or use inet_dist_listen_min and inet_dist_listen_max of Erlang Kernel configuration options and apply it with RabbitMQ environment variable - export RABBITMQ_CONFIG_FILE="/path/to/my_rabbitmq.conf
my_rabbitmq.conf
[{kernel,[{inet_dist_listen_min, 55950},{inet_dist_listen_min, 55950}]}].
Or you can use RabbitMQ Management Plugin. It is more functional and simple to setup.
I got this error trying to setup RabbitMQ on a cluster on an ubuntu and fedora machine:
el#apollo:/etc/rabbitmq$ sudo rabbitmqctl join_cluster rabbit#192.168.1.8
Clustering node rabbit#apollo with 'rabbit#192.168.1.8' ...
Error: unable to connect to nodes ['rabbit#192.168.1.8']: nodedown
DIAGNOSTICS
===========
attempted to contact: ['rabbit#192.168.1.8']
rabbit#192.168.1.8:
* unable to connect to epmd (port 4369) on 192.168.1.8: address
(cannot connect to host/port)
current node details:
- node name: rabbitmqctl7233#apollo
- home dir: /var/lib/rabbitmq
- cookie hash: g0tS9zEdo7OEDSZaDTGirA==
I was able to eliminate this error by opening the 4369 and 59984 port on the 192.168.1.8 machine that is one of the slave nodes of the cluster:
el#defiant ~ $ su -
Password:
[root#defiant ~]# iptables -I INPUT -p tcp --dport 4369 --syn -j ACCEPT
[root#defiant ~]# iptables -I INPUT -p tcp --dport 59984 --syn -j ACCEPT
Port 4369 was not enabled on firewall. When I switched firewall 'off'. Everything started working.
Just type docker exec -t rabbitmq sh
Then you will get access to the terminal of your docker environment.
Once you are in, type rabbitmqctl to see if it works
Hopefully it can help you.