I've been trying to set up a server using Google Compute Engine but find myself being stuck.
I've installed everything that needs to be installed, I can start the server, no problem. Only thing is, i'm unable to connect to the server.
I've opened the required ports in a firewall rule (udp:16261; tcp:16262-16270) for all source IP as normal, but when I try to connect, i get this message on the server's console :
User jet is trying to connect.
Connected new client jet ID # 0 and assigned DL port 16262
testing TCP download port 16262
And it waits and waits, nothin happens. I'm pretty sure it's because no connection has been requested from the outsite of the network on that specific port (16262) that the outgoing traffic can't be sent, but I was wondering if anyone else has tried to make it work.
Thanks for your help guys !
According to the documentation; in the "Forwarding Required Ports" Section:
Project Zomboid dedicated servers require the following open ports to successfully connect to clients:
8766 UDP
16261 UDP
If the client's public ip address is known, you can perform a basic troubleshooting whitin Google Compute Engine using Cloud Logging. A basic query returning all the logs containing that ip address as source or destination would be:
jsonPayload.connection.src_ip="public-ip-address" OR jsonPayload.connection.dest_ip="public-ip-address"
Firewall Rules Logging has to be "on" for every rule involved in the connection. Follow these steps for Enabling firewall rules logging.
For troubleshooting purposes an "allow all" Firewall rule can be created and logging enabled on it, that would allow you to see exactly what ports are involved.
Note: If the traffic hitting the firewall rule(s) is too much, it can lead to unanticipated storage costs. Please enable the firewall rules logging just for troubleshooting purposes, don't forget to disable it after you're done.
Related
I built a simple Webserver with just the serve function from the std http module. It just redirects a request to a new URL:
import { serve } from "https://deno.land/std#0.120.0/http/server.ts";
serve(req => Response.redirect("https://google.com"))
It works, when I access the server through a browser on my laptop, where the server is running, but when I try to access it on another machine in the same network using the ip-address of my laptop, there simply is no response at all. Is this one of the security features Deno has and if so, how can you deactivate it?
Update:
So I tried looking up the requests I make on my local machine in Wireshark, but when I run the server and send a request, it doesn't show up there. I disabled my Wifi Connection to see if that changes anything and to my surprise, I still got an answer from the server when I sent a request through the browser. I came to the conclusion that the Deno server somehow doesn't serve over the local network which really confuses me. Is there a way to change that behaviour?
This is not related to Deno, but rather the firewall features of your device/router/network or an error in the method that you are using to connect from the other device (typo, network configuration, etc.).
Without additional configuration (by default), serve binds to 0.0.0.0:8000, so — as an example — if your laptop is assigned the local address 192.168.0.100 by your router, you could reach the server at the address http://192.168.0.100:8000.
You might want to do research on SE/NetworkEngineering and elsewhere to determine the cause of the blocked connection.
The title says it all.
There is an odd request from the security team to make all necessary connections through port 443. This is not that difficult as most of the apps do this by default. NO OTHER PORTS MAY BE OPENED.
We have a new requirement to give devs access to a small database in our cloud. The database normally listens to port 50000 which they will not open to give the reporting team access.
The short-term solution is to onboard the team to a VPN so that they can get access on their desktops, long-term.... could I force fit DB2 to connect through port 443? I haven't been able to try it. I know its an odd requirement but at this point, I am curious if anyone has and the result.
That should be doable. The port (or its name) is set in the SVCENAME configuration option. If SSL is used, the option is SSL_SVCENAME.
A quick test would be to change the configuration, restart Db2 and open up a connection to that port (telnet or Db2 client).
Note 1: HTTPS is usually on port 443, but if there is no web server it is ok.
Note 2: Root privileges are needed to set up and use such privileged ports.
When I create the Hello World example in C++ from The Guide on ZeroMQ found here:
http://zguide.zeromq.org/page:all#Ask-and-Ye-Shall-Receive
and run the application, I get a Windows Security Alert that asks if I would like to allow the application to communicate on public or private networks.
It looks like this:
Here is where things get interesting.
I only need my program to listen on port 5555 for connections from localhost and I do NOT need to allow incoming connections on port 5555. This is because I only want to communicate between applications on the localhost.
Client and server are both running on the same machine.
Here is my current process. I start the server, the Windows Security Alert comes up, since I am running the application as a non-administrator account, I only have standard permissions. Then I click Cancel on the Alert.
Clicking cancel on the alert puts an explicit deny inbound rule on all ports for HelloWorldServer.exe. This is totally fine.
Then I start the client. Since the client is connecting to the localhost. I actually does not need to send messages outside of the local machine, and all of its messages arrive at the server just fine.
Given an explicit deny rule on incoming connections to HelloWorldServer.exe, the messages can still arrive from the client on the local host. This is a desirable result.
Now the question becomes is there anyway to automatically respond to the Windows Security Alert to click cancel? Is there any way to suppress it from popping up since the allow is not needed?
The prompt is undesirable because it implies that the application needs to create a vulnerability when it does not.
Please assume that Named Pipes are not a valid alternative to tcp as a means of inter-process communication.
When binding the socket the caller may specify the IP address the socket is bound to. The coding samples provided by ZeroMQ specify
socket.bind ("tcp://*:5555");
where * appears to be specify all possible addresses (INADDR_ANY in BSD socket-derived parlance) which will trigger the Windows firewall as it allows remote and local addresses.
Calling socket.bind with the localhost address 127.0.0.1
socket.bind ("tcp://127.0.0.1:5555");
limits the sockets allowed to connect to the local machine and should silence the firewall warning for most Windows firewall configurations.
On Friday I hosted a WordPress site on my micro instance - I installed LAMP stack, and WordPress on it.
Instance state is Running, but when I try to access website with public domain given in console, it says
web page Not available
I have set an Outbound rule to allow everyone and Inbound rule for my IP address only.
This is about accessing website from outside world, but when I try to connect to my instance with JAVA Interface, MindTerm Web SSH, it says
Network connection timeout error
Can't figure out anything, Just started working on AWS.
I think you have confused the Outbound and Inbound rules - Outbound means traffic going out from the server, while Inbound means traffic from the internet to the server.
As you say, you added an Inbound rule for your IP address only, and you can access the website from you IP only, just like you requested.
Add an Inbound rule for port 80 for0.0.0.0/0, and you should be able to access the site from other locations as well.
If you need to open it to HTTP and SSH, open it for both for 0.0.0.0/0:
Please verify your settings and permission based on this :
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
You might also want to check your firewall, in case that is blocking the access..
My website works fine on my local machine. And it also works fine, when I publish it, and access it over the Internet.
However, when I access it through my company's network (LAN), many requests state in the pending state and they won't return back either successfully, or with error. No IIS logs, no nothing.
After like 5 minutes, the request simply dies. No HTTP response is shown in Chrome's console. I guess it's a network problem. But I don't know how to debug it.
How should I debug this pending state?
This is more a problem for sys-ops than for development but you might need to verify/prove the problem is with the routers and not with your server or computer configuration.
The first tool you need is network analyzer, for this look no further than Wireshark. You'll need administrator permissions on your machine.
Wireshark is intuitive, but has a lot of features, you might want to read a tutorial or two on how to use it.
With Wireshark on your machine you can verify a TCP connection to the server is made or attempted. If you don't know how TCP works, now is the time to learn.
Based on the result you should have your answer of where the problem is:
No TCP SYN sent or sent to wrong IP: problem in your machine. Make sure the server is not redirected to localhost/wrong ip in the hosts file and verify no static routes have been added to your routing table.
Most likely no TCP SYN-ACK: The problem is in the network routing, you might want to install Wireshark on the server and verify the SYN packets are indeed not getting through. Get your sys-ops guys to fix the problem. Probably a misconfigured firewall rule.
Very unlikely: TCP connection established and HTTP request sent to server, but server does not respond. No idea, if the server responds to internet traffic it should respond to your traffic.
By the way if there are no sys-ops guys in your company to fix the problem, get the model of any configurable router between your computer and the server and try asking in Server Fault (or get a consultant).