I am in a situation where I am running my GridServer and Nodes on the cloud and
when I want to access the Grid I use:
http://someip:4444/grid/console
When I want to access the node I use:
http:someip:<nodeport>/wd/hub
I think its a kind of threat as the IPs are publicly accessible. How can I limit that it shouldn't be opened by external users.
Is there any solution for it?
Selenium is not supporting that.
For that purposes you should make a p2p connection between you and grid.
VPN or ssh tunnel will work. Just forward remote server port to a local port:
ssh user#SERVER -L 4444:127.0.0.1:4444
Now, connecting to a local 4444 port will forward you to the remote address "SERVER". All the connection is secured by ssh login/password now and the traffic is hidden in a secure tunnel.
I'm trying to use NETSH PORTPROXY command to forward packets sent to my XP PC (IP 192.168.0.10) on port 8001 to port 80 (I've a XAMPP Apache server listening to port 80).
I issued the following:
netsh interface portproxy add v4tov4 listenport=8001 listenaddress=192.168.0.10 connectport=80 connectaddress=192.168.0.10
Show all confirms that everything is configured correctly:
netsh interface portproxy show all
Listen on IPv4: Connect to IPv4:
Address Port Address Port
--------------- ---------- --------------- ----------
192.168.0.10 8001 192.168.0.10 80
However, I'm not able to access apache website from http://localhost:8001. I'm able to access through the direct port at http://localhost as shown below.
Additionally, I've also tried the following:
1. Access the Apache website from a remote PC using the link: http://192.168.0.10:8001. Firewall turned off.
2. Changing listenaddress and connectaddress to 127.0.0.1.
Without further information, I can't find a way to resolve the problem. Is there a way to debug NETSH PORTPROXY?
Note: By the way, if you're wondering why I am doing this, I actually want to map remote MySQL client connections from a custom port to the default MySQL Server port 3306.
I managed to get it to work by issuing:
netsh interface ipv6 install
Also, for my purpose, it is not required to set listenaddress and better to set connectaddress=127.0.0.1, e.g.
netsh interface portproxy add v4tov4 listenport=8001 connectport=80 connectaddress=127.0.0.1
If netsh's port proxying is not working as expected, then you should verify the followings, preferably in that order:
Make sure the port proxy is properly configured
Start or restart the related Windows service
Ensure support for IPv6 is installed
Make sure the port is not blocked by a firewall
Make sure the port proxy is properly configured
This might seems to be trivial, but just in case, take the time to review your configuration before you go any further.
From either a command prompt or PowerShell prompt, run the following command:
netsh interface portproxy show all
The result should look something like this:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
24.12.12.24 3306 192.168.0.100 3306
24.12.12.24 8080 192.168.0.100 80
Carefully review those settings. Make sure that you can indeed connect to the addresses on the right side of that list, from the local computer. For example, can you locally open a web browser and reach 192.168.0.100:80? If the protocol is not HTTP, then use telnet: telnet 192.168.0.100 3306 (see here for how to install the Telnet client on Windows).
Then, are the values on the left side correct? Is the IP address valid for your machine? Is that the port number you are trying to connect to, from the external machine?
Start or restart the related Windows service
On latest versions of Windows, netsh's port proxying is handled by a Windows service named "IP Helper" or "iphlpsvc". Proxying will obviously not work if that service is stopped. I have also faced situations that turned out to be resolved by restarting that service.
To do that in latest versions of Windows:
Open the Task manager, then go to the Services tab.
In the "Name" column, find the service named either "iphlpsvc" or "IP Helper".
Right click on that service, then select Restart. If restart is not available, then the service is probably stopped, and actually has to be started, so select Start.
On previous versions of Windows, look for Services in Administrative Tools, inside the Control Panel.
Ensure support for IPv6 is installed (older releases of Windows only)
On earlier versions of Windows (that is Windows XP, for sure, upto some early releases of Windows 10, apparently, though this is not clear), netsh's port proxying feature (including for IPv4-to-IPv4 proxys) was actually handled by a DLL (IPV6MON.DLL) that was only loaded if IPV6 protocol support was enabled. Therefore, on these versions, support for the IPv6 protocol is required in order to enable netsh's port proxying (see Microsoft's support article here).
From either a command prompt or PowerShell prompt, run the following command:
netsh interface ipv6 install
If you get an error indicating that command interface ipv6 install was not found, then it means that you are using a recent release of Windows, in which netsh's IPv6 support is implicit and cannot be disabled.
Make sure the port is not blocked by a firewall
A local firewall may potentially block the port even before they reach the IP Helper service. To make validate this hypothesis, temporarily disable any local firewall (including Windows' native firewall), then retest. If that works, then simply add a port exclusion to your firewall configuration.
I have the problem with you. I have solve it just now. There is a Windows Service named "IP Helper" that supplies the funcions tunnel connections. You should ensure it has been started.
You must Run Command.exe as Administrator first, by right-clicking the Command Prompt icon and choosing Run as Administrator. You will asked to confirm.
Paste your netsh Command in the command.exe window and press Enter.
If no error message is shown, the command worked.
In your web browser go to http://your-up:8001 to see it works.
The Windows Event Log might have information to help find the cause of a failure.
When some network connection isn't working right, one thing in my bag of tricks is to try opening a telnet connection to it. I don't expect to be able to do anything useful with this connection, but knowing if I can or can't connect is helpful in diagnosing the problem.
So today we had a problem where our app server couldn't open the JDBC connection to our database. However, it works fine when the app server is on the same physical box as the database. Aha, I thought, there must be a firewall blocking that port. So I tried to telnet to that port, and couldn't connect. As a control though, I also telnetted to a database on a box we could connect to and that failed as well. So, the situation is, somehow whatever is listening on that port accepts a JDBC connection from JBoss, but rejects a connect from telnet. How does it distinguish these two connections? Different protocol? Password embedded in the connection request?
Sounds like the database is only accepting connections on the local interface. Is your app server configured to connect to the database via its IP or via either localhost or 127.0.0.1?
I'm trying to connect from my ms windows 7 via the odbc administrator to a remote
sybase sqlanywhere 11 database server.
But I get not connection, I'm not sure which configure option I have to specify.
server-name = ip address of remote database server?
startline ?
portnummer ?
Thank you, best regards, Alex
By default the SQL Anywhere server process dbsrv#.exe listens for incoming connections on port 2638.
Make sure your firewall allows outbound connections to that port.
Assuming you have a database running on your server as follows:
-x tcpip
-n my_server_name
"[DIR]\database_main_file.db" -n my_database_name
The server will broadcast on the tcp/ip layer on the default port (2638) under the name "my_server_name" and the database will be accessible under the name "my_database_name" via ODBC
Creating an ODBC entry for your new database to connect from a client (adjust for Windows 7)
[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\myodbcentry]
"Driver"="C:\\PROGRA~1\\SQLANY~1\\Bin32\\dbodbc11.dll"
"DatabaseName"="my_database_name"
"ServerName"="my_server_name"
"LINKS"="TCPIP(IP=SERVER_IP_ADDRESS;PORT=2638)"
There are other parameters available for LINKS (HOST, etc). Take a look at http://dcx.sybase.com/index.html#1101en/dbadmin_en11/da-using-tcpip.html
I've seen some rare issues with UDP broadcast packets. See the docs at
http://dcx.sybase.com/1101en/dbadmin_en11/broadcastlistener-connection-conparm.html and check with your network administrator.
You can also use the dbping.exe utility to troubleshoot networking issues.
BTW, you may want to cross-post your question at http://sqla.stackexchange.com. It's full of SQL Anywhere buffs
I got access via SSH (root access) to a Machine that's inside a network at my client's office.
I'm programming in my computer a PHP application that needs to integrate to LDAP. The LDAP server is in another server at my client's network and not accesible from outside, however I can perfectly access it via the server I can connect to via SSH.
My question is: IS there anyway I can make a tunnel and setup a port in my computer to get the traffic forwarded to the LDAP server using my SSH connection to one of the computers on the network?
Thanks!!!!
Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.
ssh -L 9999:ldapserver:389 user#otherhost
Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.
Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.