I have a simple RabbitMQ test program that sends and then receives a message to a RabbitMQ server. I have two computers and I've found that whether or not my code works depends on which computer hosts the RabbitMQ server. Here is my situation (excuse my MS Paint):
If computer A hosts the server and runs the code, sending a message from A to A, it works.
If computer A hosts the server and my code runs on computer B, sending a message from B to A, it works.
If computer B hosts the server and my code runs on computer A, sending a message from A to B, I get an exception that says "None of the specified endpoints were reachable".
If computer B hosts the server and runs the code, sending a message from B to B, it works.
I can't figure out why scenario #3 doesn't work for me.
I don't think it's the code because three of my scenarios work exactly as I expect them to.
I don't think it's a firewall issue because I ran these tests with my firewalls turned off on both computers.
I don't think it's a problem with the RabbitMQ server on computer B because it is able to communicate with itself just fine (scenario #4).
I checked the RabbitMQ log files on computer B after trying scenario #3, but I don't see anything that says something about an attempted connection. I think computer A is simply unable to see computer B when sending requests.
My question, very generally is, what are some things that I should be looking for that might point to my problem? There must be some setting that is checked on computer A but is not checked on computer B. Computer B has the default installation of Erlang and RabbitMQ. I'm pretty sure computer A is also set to the defaults (I didn't install it as recently).
Please help.
The issue is only evident when A tries to connect to B, so:
Check that A can resolve the host name for B to an IP address. Use nslookup b for this.
Check that A can reach B. Running ping b will be helpful for this.
Use telnet to connect from A to B's RabbitMQ port (probably 5672): telnet b 5672. If you get a blank screen that means the connection was accepted. I'm betting you'll get some sort of error though. Try this trick first using b's IP address and then if that works try it with the hostname of b to make sure it resolves.
In summary, just strip it down to pure network checks (no RabbitMQ involved) and work from there.
Related
So I am playing around in Visual Basic and I'm making a chat client and server. I already did both and tested it on local machine and works. Server listens to connection and records all activities. This is reflected in chat client.
Here's the line of code that I use in order to connect to the "chat server" on same computer.
Dim clientSocket As New System.Net.Sockets.TcpClient()
clientSocket.Connect("127.0.0.1", 8888)
Anyone know what kind of settings I would need in order to connect remotely to another computer that has the chat server running?
The short answer is that you need to change the IP. But the real question is how do you get the IP?
Now if this is just for fun or something, you could just PING the computer if you know the name or walk over to that computer and run something like IPCONFIG on it.
But, in the real world, with a real chat, when a client launches, you would then grab the IP programmatically and post it along with some other info, like the User Name, to a database or web service (which you also created) so other clients would know it is online. You would also need to remove that record or update it with an offline flag or something as well as handle cases where the client looses network connectivity or ends unexpectedly. You can see where I am going with this...
The point is, this needs to be the IP of the client you want to talk to. 127.0.0.1 always refers to the local computer or device.
On an isolated LAN, is there any way that a WebRTC connection can be made simply with the IP addresses assigned by the DHCP server?
I understand that I can accomplish this with Node.js and Socket.io - but I was really hoping to avoid setting up that kind of server with my limited skill set. I'm a science teacher who dabbles in programming, so feel free to keep it simple. Thank you!
UPDATE
Alex, you are correct that I can avoid using a STUN server if all of the computers are on the same local network. Although I had to bite the bullet and install Node.js on my laptop, it was really wasn't complicated. I then tried a whole bunch of 'working examples' that didn't work for me, until I found this one and his GitHub files.
After running the server script in Node, I had a DataChannel connection between two browser windows on the same machine, but not between different computers. I edited the .html files to point to my local server IP address instead of localhost and I could then connect with multiple computers. Then came the real test - could I use this without an internet connection? I found the line that specified using Google's STUN servers and changed it from
var config = {"iceServers":[{"url":"stun:stun.l.google.com:19302"}]};
to just
var config = {"iceServers":[]};
It worked. :-)
Omit the iceServers list:
const pc = new RTCPeerConnection();
Either omit the iceServers list from the RTCPeerConnection constructor, or make it the empty list [].
From RTCPeerConnection docs:
iceServers | optional
An array of RTCIceServer objects, each describing one server which may be used by the ICE agent; these are typically STUN and/or TURN servers. If this isn't specified, the connection attempt will be made with no STUN or TURN server available, which limits the connection to local peers.
webrtc/samples demo
The WebRTC project has a Trickle ICE sample that you can use to see how changes in iceServers effect the candidate address that are gathered. The specific sample you want to look at is.
Run it with defaults set by pressing the Gather candidates button at the bottom of the page. This will return a list of addresses which include the address of the public side of your NAT.
Now remove all the ICE servers from the list and press Gather candidates again, this time you should only see local network addresses.
Notice that, on my network, the 2 public IPv4 addresses (beginning with 98.) only appear when I'm using the default ICE servers. When I use an empty ICE server list, my public IPv4 addresses are no longer discovered. My IPv6 addresses, on the other hand, are the same in both tests because they aren't subject to NAT.
Here is a link to the source code that sets up iceServers and PeerConnection.
Alex, you are correct that I can avoid using a STUN server if all of the computers are on the same local network. Although I had to bite the bullet and install Node.js on my laptop, it was really wasn't complicated. I then tried a whole bunch of 'working examples' that didn't work for me, until I found this one and his GitHub files.
After running the server script in Node, I had a DataChannel connection between two browser windows on the same machine, but not between different computers. I edited the .html files to point to my local server IP address instead of localhost and I could then connect with multiple computers. Then came the real test - could I use this without an internet connection? I found the line that specified using Google's STUN servers and changed it from
var config = {"iceServers":[{"url":"stun:stun.l.google.com:19302"}]};
to just
var config = {"iceServers":[]};
We have a Win Server 2008 box being hosted (dedicated) for us.
I need to connect to one of it's DB's from a server in our LAN.
What started out as a "sure, I'll just throw that together for you real quick" project has turned into a week-long hair-pulling pile of WTF :)
I am able to RDP into that server without fail or issue.
When I tried to connect to the DB, I got a generic "could not connect" error, so I went hunting.
Telnet attemtps and pings time out.
Since then, we have tried endless variations of firewall settings (including wide open), and still ... no go.
In addition to our firewall, the hosting provider also has a firewall layer.
We turned on all logging, and we don't even see any connection attempts at our FW.
We then had the hosting provider turn on all logging, and they don't see any connection attempts either!
Hrmmmph
I'm at a complete loss.
Any suggestions?
BTW, while I'm comfortable enough with all this to explore and make changes, my experience with firewalls and stuff is fairly limited, so don't hesitate to dumb it down ;)
It is hard to give just one answer to this question, because the interim results of the problem analysis lead to different steps that you need to do next. It will more likely be a step by step help with tracing down the problem.
Do not trust any firewall setting (esp. not any that someone else did, and again esp. not if you don't know him), unless you tested it. Firewall settings are tricky and even experienced professionals get them wrong now and then.
In the guide below, I will write <win2008server> in commands where you have to put the name or IP of the windows 2008 server to which you want to connect. On the other side, I will use the expression "office PC" when I mean your workstation PC in the office from where you are trying to connect to the win2008server.
STEP 1: Checking the Endpoints
1.) Can you telnet to the RDP port?
On your office PC, try this on a command prompt:
telnet <win2008server> 3389
This is to make sure that DNS name resulution works for telnet, as well as network hardware and routing. It should, because you can use RDP to establish this connection. However, anything can get in between, like the telnet command being in any way configured nonstandard or being replaced for whatever reason on a company pc (sysadmins have strange ideas at times...).
2.) Can you telnet locally on the win2008server to the database?
When logged in using RDP on the win2008server, open a command prompt on the server and issue the command
telnet <win2008server> <database port>
That means you are trying to connect from the server to itself. This is to make sure the database port is open on the server.
STEP 2: Checking the Firewalls of the Endpoints
If for 1.) and 2.), your answer is yes it works, you have to test if either the remote side can not be reached or your location can not connect to the internet on the port you are testing (database port). You do this by replacing the respective other side with any other host on the internet for which you know it's reachable or can reach other servers. Typically, you google for a port checker ;)
3.) Check if the win2008server can be reached from another location than yours:
3.1.) Check if the RDP port of the win2008server can be reached from a third party location:
Google for port checker and take the first result (e.g. http://www.yougetsignal.com/tools/open-ports/ ). Type in the name or IP address of the win2008server and the RDP port, usually 3389 . Click on "check" and wait for the success or the timeout.
3.2.) Check if the database port of the win2008server can be reached from a third party location:
Do the same as in 3.1.), just with the database port instead of the RDP port.
4.) Check if you can connect to an outside server on the database port:
For this to work, you need to know a server or create one, which is somewhere outside on the internet, and which listens on the database port. You typically do this by keeping your private PC at home run and accessible through RDP or SSH, and there you open a server and configure your private internet router to forward the connection correctly.
Another way to do this test is webspace with SSH access. Many webspace providers nowadays allow for an SSH login (usually any webspace at $4/month and above).
Let's assume you have SSH access to any such third party place. You can use nc (netcat) there to open a server socket on the database port with this command:
nc -l <database port>
If it's your private PC at home, you usually have to also configure your private router and set up a dynamic DNS name for your internet access for the whole story to work out. You do not have this extra work with a webspace based SSH login. However, there you can not test ports below 1024 because you do not have the privileges. Good luck with this ;)
After you got this, try connecting to the port that you opened:
4.1.) From your office PC with
telnet <third party location> <database port>
4.2.) If 4.1.) does not work, also try with the port checker, because you might have gotten something wrong with setting up the server. Look at 3.) for this, and use the <third party location> and <database port> with the port checker (fourth party check).
STEP 3: Blaming ;)
At least one of the things should have failed by now and you can start calling people and letting them know about your tests and the results. You should be able to combine the results logically, but never start with that. Think about how to convey the information. Start out with your findings and then let them have a moment for their own conclusion. It can be difficult to tell someone in another company or department that their firewall isn't configured correctly. They might deny this even in the presence of proof. Be patient. Explain your findings again. Hint at the conclusion. This can be the trickiest part of the whole problem solution.
I have to say that today I had the same problem.
My solution was just to edit secpol.msc and disable all the FW profiles; then, run services.msc and also disable Windows Firewall service.
After this server was pingable for me.
Alright, so I figure I will ask the awesome stackoverflow community to see if I can get an answer.
My question is, I want to run a script, php specifically but I could do any type technically whenever a connection comes into haproxy. I can chnage my load balancing software if needed or use a non load balancing software too.
Order of events
Connection attempt via haproxy
haproxy sees that it is a certain port/port range
haproxy triggers script
haproxy forwards connection like it is supposed to.
How could this be possible? Also the script needs to trigger before it forwards the traffic
I figure someone will ask, so I will explain in advance. I have an online game, but I don't want it running all the time. If someone tries to connect it starts the game via an api/script.
Update *
I was thinking about the logic. What you could do is set a service to listen for these ports on the game server and then when it sees a connection run the script that shutsdown the listener and starts the game but you would want to automatically restart the listener if the game shuts down.
I really don't understand your logic...why you are wanted to do so....
Following are URL show how you can configure HAproxy to trigger a xinetd script. I understand this is really something you want , but least it will gives you clues for exact solution.
http://sysbible.org/2008/12/04/having-haproxy-check-mysql-status-through-a-xinetd-script/
To keep things simple, please allow the "assumption" that some code requires the use of a full URL, even though the domain is on the same server, i.e. a simple file path cannot be used.
TCP/IP?? Question:
If a form action target = "http://this-full-URL.com/postdata" (for example) and that URL is also on the same server, then which happens first?
A) Data is sent "out onto the web", and then returns to the same server,
or
B) Before sending any (possibly sensitive) data, the server (Linux, Apache, PHP), first "discovers" the target address is local, so (clearly) no data is sent over the net?
Thank you.
The correct answer is always A. :-)
It just happens that the case where the browser and the server are running on the same machine, "the web" will be short-circuited by the local TCP/IP stack. However, Apache and PHP are not involved in that decision; it's pure functionality of the OS networking stack.
However, if your server is behind a NAT gateway or firewall and the DNS name is resolving to the NAT gateway/firewall, the request will be routed to the NAT gateway/firewall and back to your machine. Thus, in order for the routing to stay on the same machine, the DNS name of the host of the target URL has to resolve to the actual IP address of the server machine, not be tunneled to it.
The network software will resolve the hostname to you machine, then the local TCP stack will route the request locally. Traffic won't ever leave the machine, it'll all be in memory on the server.