I am checking the internet connection of my computer and do not understand a few points.
The following is a result from $ netstat:
I do not understand why for some items in the list have localhost:xxxxx as their foreign address.
since netstat shows the internet connections, shouldn't this show IP addresses of outside my computer?
netstat per default tries to convert the data it finds into host names. It does so by reverse resolving the IP addresses via DNS.
For example, 127.0.0.1 gets replaced with localhost in this case.
The same happens with the ports, but there it doesn't happen via DNS, but via a file like /etc/services which provides a mapping between port numbers and service names.
You can prevent this with the netstat option -n.
Related
When setup a IP-Alias via gloud command or the interface, it works out of the box. But in the machine itself, i do not see any configuration, ip addr-entries, no firewall rules, no routes that would allow to be the machine pingable - but it's pingable (local and remote)! (for example 10.31.150.70, when you setup a 10.31.150.64/26-subnet, and you primary IP is 10.31.150.1)
On the other hand, the primary IP of the machine is a /32-Netmask. For example:
10.31.150.1/32, Gateway: 10.31.0.1/16. So, how can the machine reach the gateway, 10.31.0.1, when the gateway is out of the range?
When removing the Main-IP via ip addr del, the aliases aren't pingable anymore.
Google runs a networking daemon on your instance. It runs as the google-network-daemon service. This code is open source and viewable at this repo. This repo has a Python module called google_compute_engine which manages IP aliasing among other things. You can browse their code to understand how Google implements this (they use either ip route or ifconfig depending on the platform)
To see the alias route added by Google on a Debian box (where they use ip route underneath for aliasing) run the following command.
ip route ls table local type local dev eth0 scope host proto 66
If you know your Linux commands, you can remove appropriate routes after stopping the daemon, and then assign the alias IP address to your primary interface as the second IP address to see the ifconfig approach in action as well.
When alias IP ranges are configured, GCP automatically installs VPC network routes for primary and alias IP ranges for the subnet of the primary network interface. Alias IP ranges are routable within the GCP virtual network without requiring additional routes. That is the reason why there is no configuration on the VM itself but still it's pingable. You do not have to add a route for every IP alias and you do not have to take route quotas into account.
More information regarding Alias IP on Google Cloud Platform (GCP) can be found in this help center article.
Be aware that Compute Engine networks only support IPv4 unicast traffic and it will show the netmask as /32 on the VM. However, it will still be able to reach the Gateway of the subnet that it belongs to. For example, 10.31.0.0/16 includes hosts ranging from 10.31.0.1 to 10.31.255.254 and the host 10.31.150.1 is within that range.
To further clarify why VM instances are assigned with the /32 mask, it is important to note that /32 is an artificial construct. The instance talks to the software defined network, which creates and manages the "real" subnets. So, it is really a link between the single address and the gateway for the subnet. As long as the link layer is there, communications are established and everything works.
In addition to that, network masks are enforced at the network layer. This helps avoid generation of unnecessary broadcast traffic (which underlying network wouldn't distribute anyway).
Note that removing the primary IP will break the reachability to the metadata server and therefore the IP aliases won't be accessible.
I am facing a strange issue these days. I have a list of IP addresses which I want to connect to during the deployment using Jenkins. Now what is happening is, if I am deploying at one IP address (remote machine but in same location) in my local location server, I can successfully do that. But If I am trying to deploy to an IP address (remote machine in other country/region) It is throwing the error, saying
Error : Ip address XYZ is not reachable or is invalid.
Please be notified that I am able to get the response from the machine when I ping it using:
ping XYZ
But while trying to deploy on it using Jenkins, I am not.
Please let me know if there's any solution for this problem.
There isn't enough data points but you can look for these things
1. IP address, Check if all three machines are in same n/w (Jenkins Server, target and your machine)
You can check it with IP address of each machine
2. check Gateway set for Jenkins server
3. Best way if feasible is to ssh / rdp to your Jenkins server and try running your command manually that will give you
Local machine get loopback address(127.0.0.1), so it will be reachable or any local machine having IP address with same subnet mask thats called LAN.
When you are reaching out to remote machine, either it should be public IP address(visible to everyone in the world) or you must have connect to that Area-Network via VPN, this is called tunnelling to remote over the WAN (wide area network). Their(remote location) again, you will notice that all the IP address have same subnet mask as you have on the local machine.
So their could be be IP address duplication case in VPN scenario, where you are bale to ping but not able to reach. This is because, IP address is assigned to other machine but not you yours and ping responses are coming from that other machine. That means your machine is in failed to resolve ARP and in dormant state.
In man page about SO_REUSEADDR(man 7 socket):
When the listening socket is bound to INADDR_ANY with a specific port then it is not possible to bind to this port for any local address. Argument is an integer boolean flag.
But in Unix Network Programming, I find:
SO_REUSEADDR allows a new server to be started on the same port as an existing server that is bound to the wildcard address, as long as each instance binds a different local IP address. This is common for a site hosting multiple HTTP servers using the IP alias technique (Section A.4). Assume the local host's primary IP address is 198.69.10.2 but it has two aliases: 198.69.10.128 and 198.69.10.129. Three HTTP servers are started. The first HTTP server would call bind with the wildcard as the local IP address and a local port of 80 (the well-known port for HTTP). The second server would call bind with a local IP address of 198.69.10.128 and a local port of 80. But, this second call to bind fails unless SO_REUSEADDR is set before the call. The third server would bind 198.69.10.129 and port 80. Again, SO_REUSEADDR is required for this final call to succeed.
Aren't they contradictory?
They are not in conflict. The second quote provides a way around the default behaviour specified by the first paragraph.
I have implement a Client-Server application in java. The server can serve multiple clients, and I want to test that, but my knowledges on Networking is poor, and I need a way to test my application on my home.
I have a rooter, which are connected both of my computers. My "server" class in java uses as host the local host (127.0.0.1) on a given port.
How can I test my program if
The Server.java is running on the Computer A
Server.java is running on 127.0.0.1 on 3943 port
1st Client.java is running on the Computer A
1st Client.java is connected to 3943 port
2nd Client.java is running on the Computer B
2nd Client.java is connected to 3943 port
Any ideas?
Use unique ports for the clients and servers running on the same machine. In addition 127.0.0.1 is localhost (internal to that machine). Computer B cannot communicate with 127.0.0.1 on Computer A. Use 127.0.0.1 if all applications or on the same machine. Use the computers actual IP address if you want external machines to be able to communicate with the server.
When client and server, are on the same computer, what you are doing must be already working.
To connect from a different computer, you need to find the "real" ip address of your server.
If you are on Windows, open a command shell on your computer A, and run ipconfig. On unix/linux/mac, run ifconfig.
Look for a string, looking like an ip address, but not 127.0.0.1, there has to be another one if you are connected to a network, probably looks like 10.0.0. or 192.168.<0 or 1> ..
Use this address everywhere instead of 127.0.0.1
A full TCP connection consists of two different endpoints. The server side of the connection is one endpoint (it will be do a listen on that endpoint). When a client creates it's side of the connection (the client socket), it will do a connect to the server ip:port combo and get a number assigned from a range of so-called "ephemeral" ports.
The fact that both sides of the connection have the same IP address doesn't matter - the full connection is defined by two distinct elements (address:port combinations).
FirstClient's connection to the server will be ServerIP:ServerPort<->Client1_IP:Client1_Port, and SecondClient's connection will be ServerIP:ServerPort<->Client2_IP:Client2_Port. The network layer can differentiate between these (they are two different connection streams) and route traffic to the appropriate sender/receiver for that stream.
If you run the server bound to IP 127.0.0.1 you are not opening it to the network, only your own computer will be able to connect to it, acessing 127.0.0.1 (loopback IP address).
To open this server to the network, you must do one of the two things:
Bind it to the IP 0.0.0.0 so it will be acessible from all networks;
Bind it to a specific network IP address so that it will be available to that network only.
Its common practice to just bind it to 0.0.0.0, its easier.
Once its done, you will be able to connect from other computers to the server running on computer A, however, not through IP 127.0.0.1. Thats the loopback address and can only be used by a computer to connect to itself.
Computer A can use the IP 127.0.0.1 to connect to the server since the server is running on it, but other network computers will have to specify computer A's network IP address.
You can find your IP address on the network adapter details, or running the command ipconfig /all on a command prompt (Windows) or ifconfig (Linux).
I have a website that I'm running locally at localhost:8000. I'd like to access my site from other devices on my network. I've tried to visit the site via my computer's internal IP address via: 127.0.0.1:8000but this doesn't work. Is this possible?
Three most probable things:
Check if there is a network route between the client and the server machine (commands like PING and TRACERT will help);
Check if the server machine has a firewall. If it does, there must be a rule allowing (opening) connections through that port (8000) in TCP;
Most likely, the problem is one of the two above. If not, there's one last thing:
Make sure the web server (the one that serves localhost:8000) is bound to listen to all IP addresses (not only 127.0.0.1).
To know that, search for servername bind all ip addresses on google. E.g., for apache HTTPD, it'd be apache bind all ip addresses.
here is what I do in similar cases:
search rejetto hfs on google, it is single executable less than 1Mb size and download it into your server machine.
after starting it, follow menu->IP addresses. these are all your possible addresess on the server side.
these are your IP addresses to enter, and your port is 8000 as you mentioned.
most possible IP addresses you will find are in the format of following:
192.168.?.?
10.0.0.?
169.254.?.?
besided you will probably need to add a firewall rule for your server app.