i am working in a openstack cloud as reseller an try to find out a solution to denied outgoing SMTP Connections for new instances.
I find out, I can add new security groups using the nova client. but how to create a rule for denied anything?
someone know this?
thank you
Try to delete the default egress security group rules in your default security group.
And another way is simply disconnect your local SMTP server connection so it won't send anything outgoing.
Related
I've tried this a couple of times without any luck. I've got a new EC2 instance (Amazon Linux 2 AMI (HVM), SSD Volume Type - ami-0a0ad6b70e61be944). This instance is in the default VPC and region = US EAST 2 (Ohio). The EC2 is in a web-server security group that has inbound ports 80 & 22 open. The RDS is a MySQL instance "Dev/Test" and is in a security group that has has inbound port 3306 open for "my ip" and my web-server security group is added to this DB security group. I can SSH into my web-server without issues. I can launch my test page on my web-server without issues. Yes, I'm using the correct connection string details including credentials.
However, the WordPress client on my EC2 fails to connect to my RDS with the following error:
Error establishing a database connection
This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at uday.cgakf6jnokhj.us-east-2.rds.amazonaws.com. This could mean your host’s database server is down.
Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?
Any help would be appreciated
I've tried suggestions like directly adding the public and/or private IP of the EC2 into the Security Group of the RDS - no luck :-(
The tutorial in udemy had wrong instructions. This particular paper in AWS helped me overcome underlying issues - everything now works beautifully!! https://aws.amazon.com/getting-started/hands-on/deploy-wordpress-with-amazon-rds/5/
Thanks!
I started a new Hasura-Cloud project and a new CloudSQL project.
I have added the Hasura-Cloud ip-address to the allowed connection addresses on cloudSQL
I have tried the following address but I'm always getting "database not found": postgres://<db--user>:<db-password>#<db-ip-address>:5432/cloudsql/<connection-name>/<db-name>
After contacting the Hasura team we found the solution to the correct URL
The correct URL is: postgres://postgres:<db-password>#<db-id-address>:5432/postgres
Make sure you add the Hasura Cloud IP to the allowed IP addresses on cloudSQL, otherwise the Hasua server get's blocked
I have a database instance running on Amazon AWS. I use the RPostgreSQL package to connect my R session to my AWS database.
My issue is that every time I attempt to connect to my database instance after not having done so for a while, I get a "Connection timed out" error.
I can then use a browser to go to my AWS Console, edit the Inbound and Outbound rules for my security group to allow my IP Inbound & Outbound access. Then I can connect again just fine.
But then if I don't work on my database for a day or two, when I try to connect to my DB, it doesn't work, and the permissions for Inbound/Outbound access no longer match my IP address (which I'm sure is the cause of the problem).
So... is my IP address changing? Or are the edits I'm making to my security group's inbound/outbound permissions not being saved correctly?
To be clear, here's the order of events of how things have been going:
Haven't worked on DB for a few days, attempt to connect from my R sessions. I get an error.
Use browser to go to AWS Console and edit my security group's Inbound/Outbound rules by selecting "My IP"
Try again to connect to my DB from my R session. Hooray! It works.
A few days later - pick up the project again, attempt to reconnect to my AWS DB from R, and it no longer works...
Repeat this cycle of madness
Make post on SO hoping for an angel to help me
This isn't a debilitating problem, it's just extremely annoying to have to re-do my security settings every time I want to connect to my AWS DB.
Thanks in advance for any help you can provide!
It depends, but most possibly it seems to be that your IP is changing. Most of the ISP have Dynamic IP allocation, which means the IP can change if the router is restarted.
It is hence recommended to use DNS name instead of IP address in the security group setting.
It is easier to note down your IP address and check back after two days.
Can you see your IP address which you added two days ago in the Security Group page? If yes, you can just goto google "what is my IP" and see if both the values are same. Security Group (SG) setting does not get refreshed or changed on it's own(unless you are allocating a new Security Group).
One more thing you can try. Allow all connection (0.0.0.0) just to test. After two days or so, try again. If it works, it means there is issue with the IP address changing.
I've been trying to set up a server using Google Compute Engine but find myself being stuck.
I've installed everything that needs to be installed, I can start the server, no problem. Only thing is, i'm unable to connect to the server.
I've opened the required ports in a firewall rule (udp:16261; tcp:16262-16270) for all source IP as normal, but when I try to connect, i get this message on the server's console :
User jet is trying to connect.
Connected new client jet ID # 0 and assigned DL port 16262
testing TCP download port 16262
And it waits and waits, nothin happens. I'm pretty sure it's because no connection has been requested from the outsite of the network on that specific port (16262) that the outgoing traffic can't be sent, but I was wondering if anyone else has tried to make it work.
Thanks for your help guys !
According to the documentation; in the "Forwarding Required Ports" Section:
Project Zomboid dedicated servers require the following open ports to successfully connect to clients:
8766 UDP
16261 UDP
If the client's public ip address is known, you can perform a basic troubleshooting whitin Google Compute Engine using Cloud Logging. A basic query returning all the logs containing that ip address as source or destination would be:
jsonPayload.connection.src_ip="public-ip-address" OR jsonPayload.connection.dest_ip="public-ip-address"
Firewall Rules Logging has to be "on" for every rule involved in the connection. Follow these steps for Enabling firewall rules logging.
For troubleshooting purposes an "allow all" Firewall rule can be created and logging enabled on it, that would allow you to see exactly what ports are involved.
Note: If the traffic hitting the firewall rule(s) is too much, it can lead to unanticipated storage costs. Please enable the firewall rules logging just for troubleshooting purposes, don't forget to disable it after you're done.
I am an email server noob. I own a domain 'mydomain.org' and I'd like to forward emails sent to that domain to other email address, perhaps at 'gmail.com' or 'university.edu'. I thought I set this up right, but my email log is giving me errors like this:
connect to mx1.university.edu[171.67.219.71]:25: Connection timed out
and
Dec 22 05:17:24 mail-server postfix/smtp[6370]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c00::1a]:25: Network is unreachable
I don't know too much about this, but I imagine there must be some kind of authentication that I need to set up, but I'm shy of the laundry list blog posts. Does this look like "authentication stuff"? If so, what do I need to set up next? If not, any idea why the receiving mail servers drop my server?
Yes, network issue. For future folks, Google does not allow outgoing connections for SMTP servers, maybe to prevent spam? Here's info about how to set that up: https://cloud.google.com/compute/docs/sending-mail