URL monitor produces multiple ESTABLISHED (connection) entries in netstat - http

I wrote a URL monitor program in Go, but after a period of time I found many ESTABLISHED entries in netstat -nao|grep 80.
The getHttpStatusCode func:
HttpClient = &http.Client{
Transport: &http.Transport{
Dial: func(netw, addr string) (net.Conn, error) {
deadline := time.Now().Add(30 * time.Second)
c, err := net.DialTimeout(netw, addr, 20*time.Second)
if err != nil {
return nil, err
}
c.SetDeadline(deadline)
c.SetReadDeadline(deadline)
c.SetWriteDeadline(deadline)
return c, nil
},
},
}
// ...
func getHttpStatusCode(url string) int {
if url == "" {
return 200
}
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return 0
}
req.Close = true
req.Header.Add("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17")
resp, err := HttpClient.Do(req)
if err != nil {
return 0
}
defer resp.Body.Close()
return resp.StatusCode
}
I checked the Go manual and don't find something like req.Close() and just defer resp.Body.Close().
Here is the output of netstat -nao | grep 80:
tcp 1343352 0 192.168.2.33:29581 220.181.155.19:80 ESTABLISHED off (0.00/0/0)
And the output of tcpdump tcp port 80:
14:32:54.085095 IP 113.12.80.13.http > wk_0_mysql.KIDC90805.zw.39174: Flags [.], seq 17376:18824, ack 1, win 42, options [nop,nop,TS val 4236145017 ecr 204896351], length 1448
14:32:54.109206 IP wk_0_mysql.KIDC90805.zw.25834 > 220.181.90.8.http: Flags [S], seq 714805337, win 14600, options [mss 1460,sackOK,TS val 204896416 ecr 0,nop,wscale 9], length 0
14:32:54.223349 IP 220.181.155.22.http > wk_0_mysql.KIDC90805.zw.19262: Flags [.], seq 864939135:864940583, ack 1630899997, win 42, options [nop,nop,TS val 1570834172 ecr 204896529], length 1448
14:32:54.223352 IP wk_0_mysql.KIDC90805.zw.19262 > 220.181.155.22.http: Flags [.], ack 1448, win 1301, options [nop,nop,TS val 204896530 ecr 1570834172], length 0
14:32:54.223432 IP 220.181.155.10.http > wk_0_mysql.KIDC90805.zw.27376: Flags [.], seq 3889371684:3889373132, ack 1106685068, win 42, options [nop,nop,TS val 3866364254 ecr 204896529], length 1448
14:32:54.223436 IP wk_0_mysql.KIDC90805.zw.27376 > 220.181.155.10.http: Flags [.], ack 1448, win 594, options [nop,nop,TS val 204896530 ecr 3866364254], length 0
14:32:54.275774 IP 121.12.101.130.http > wk_0_mysql.KIDC90805.zw.63329: Flags [.], seq 1314475629:1314477089, ack 642951590, win 54, length 1460

The HTTP client will by default use keep-alive connections, you can close them by calling transport.CloseIdleConnections (from the docs).
I'm not sure req.Close does anything on client requests, it might only be for the server.

Related

postman http get request with authentification fails with 401 reply

I have an IOT device (PV inverter). As with many of these there is an official API mostly for data retrival and some settings. However, given the right credentials (admin account) you can configure significantly more in the webinterface.
I would like to be able to do this from my home automation server directly (via node red finally). So I tried to have a look at the communication between the browser and the inverter via Wireshark.
I found some GET an POST calls, and wanted to start with the replication of a GET call via node-red or Postman first.
However, no matter what I tried so far I only get 401 replies.
Seemingly, I'm not able to setup the message with proper authentificaion. In wireshark the Postman and the original GET request are very close.
Here is the original (followed by a "200 OK" response):
Internet Protocol Version 4, Src: 192.168.0.64, Dst: 192.168.0.5
Transmission Control Protocol, Src Port: 56183, Dst Port: 80, Seq: 1, Ack: 1, Len: 601
Source Port: 56183
Destination Port: 80
[Stream index: 1]
[Conversation completeness: Incomplete (28)]
[TCP Segment Len: 601]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 2463465501
[Next Sequence Number: 602 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 1894190984
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
[TCP Flags: ·······AP···]
Window: 512
[Calculated window size: 512]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x8409 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[SEQ/ACK analysis]
TCP payload (601 bytes)
Hypertext Transfer Protocol
GET /commands/StandbyState HTTP/1.1\r\n
Host: 192.168.0.5\r\n
Connection: keep-alive\r\n
Accept: application/json, text/plain, /\r\n
Authorization: Digest username="technician", realm="Webinterface area",
nonce="63af2777:24350f8b8a09fb90b82b6ac480d325cc", uri="/commands/StandbyState", response="a09ac5fe504563040d0ff8acfd68653e", qop=auth, nc=00000022, cnonce="NaN"\r\n
username="technician"
realm="Webinterface area"
nonce="63af2777:24350f8b8a09fb90b82b6ac480d325cc"
uri="/commands/StandbyState"
response="a09ac5fe504563040d0ff8acfd68653e"
qop=auth
nc=00000022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/108.0.0.0 Safari/537.36\r\n
Referer: http://192.168.0.5/\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\r\n
\r\n
[Full request URI: http://192.168.0.5/commands/StandbyState]
and here is the captured Postman packet
Internet Protocol Version 4, Src: 192.168.0.64, Dst: 192.168.0.5
Transmission Control Protocol, Src Port: 43404, Dst Port: 80, Seq: 1, Ack: 1, Len: 471
Source Port: 43404
Destination Port: 80
[Stream index: 5]
[Conversation completeness: Incomplete, DATA (15)]
[TCP Segment Len: 471]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 990556558
[Next Sequence Number: 472 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 2175082347
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
[TCP Flags: ·······AP···]
Window: 513
[Calculated window size: 131328]
[Window size scaling factor: 256]
Checksum: 0x8387 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]
[SEQ/ACK analysis]
TCP payload (471 bytes)
Hypertext Transfer Protocol
GET /commands/StandbyState HTTP/1.1\r\n
[truncated]Authorization: Digest username="technician", realm="Webinterface area", nonce="63af2777:24350f8b8a09fb90b82b6ac480d325cc", uri="/commands/StandbyState", algorithm="MD5", qop=auth, nc=00000022, cnonce="NaN", response="a09ac5fe5
username="technician"
realm="Webinterface area"
nonce="63af2777:24350f8b8a09fb90b82b6ac480d325cc"
uri="/commands/StandbyState"
algorithm="MD5"
qop=auth
nc=00000022
cnonce="NaN"
User-Agent: PostmanRuntime/7.30.0\r\n
Accept: /\r\n
Postman-Token: e5d8ee2c-37fb-49ae-aa37-1cf05bfe8608\r\n
Host: 192.168.0.5\r\n
Accept-Encoding: gzip, deflate, br\r\n
Connection: keep-alive\r\n
\r\n
[Full request URI: http://192.168.0.5/commands/StandbyState]
[HTTP request 1/1]
Why does this not work?

https and http working on local network but only http working outside local network

I'm developing a website. Once when I had Windows 10 + XAMPP + Cloudflare-flexible-ssl I could access my website from outside local network with the lock icon appearing in the browsers and https working like a charm (dispite this solution not being secure between my home-server and cloudflare's end). Now I'm using Ubuntu 20.04 + NGINX + self-made ssl certificate with certbot. It is working like a charm from local network but when I try to access my domain from outside my local network I end up with HTTP working fine but HTTPS stuck with ERR_CONNECTION_TIME_OUT or ERR_CONNECTION_REFUSED, mostly after an page loading that takes very long and never ends.
sudo netstat -an | grep "LISTEN "
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:46285 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
nmap -sT mydomain.com
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:03 -03
Nmap scan report for mydomain.com (127.0.0.1)
Host is up (0.00014s latency).
rDNS record for 127.0.0.1: localhost
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
nmap -sT my.ipv4.public.ip(192.XX.XXX.XXX)
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:11 -03
Nmap scan report for 191-055-235-169.xd-dynamic.algartelecom.com.br (my.ipv4.public.ip)
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
sudo iptables -L -vn
Chain INPUT (policy DROP 153 packets, 25075 bytes)
pkts bytes target prot opt in out source destination
5282 638K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
50363 4662K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
50363 4662K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
14107 1158K ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
pkts bytes target prot opt in out source destination
24573 61M ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
24573 61M ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
31 1804 REJECT all -- * * 151.63.97.42 0.0.0.0/0 reject-with icmp-port-unreachable
20 1648 REJECT all -- * * 70.51.16.212 0.0.0.0/0 reject-with icmp-port-unreachable
211 18552 REJECT all -- * * 110.42.190.60 0.0.0.0/0 reject-with icmp-port-unreachable
5020 616K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
70 5460 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
42 9213 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
13842 1119K ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
146 20965 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
10280 1340K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
24083 2022K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
16000 1300K ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
1836 138K ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
14164 1162K ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
10282 1340K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
11976 60M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
2315 144K ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
210 28471 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
1836 138K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
13954 1133K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
13954 1133K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
2112 127K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
196 16547 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
45 2732 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
9 492 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 172 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1701
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* 'dapp_Nginx%20Full' */
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
sudo nano /etc/nginx/sites-available/mydomain.com.conf
map $http_origin $allow_origin {
~^https?://(.*\.)?lojascolmeia.com.br(:\d+)?$ $http_origin;
~^https?://(.*\.)?localhost(:\d+)?$ $http_origin;
default "";
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream wsbackend {
server localhost:2020;
}
server {
# gzip Settings
#should add!!!: gzip_static on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
# cache-control
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|webp|webm|ttf|)$ {
expires 1M;
access_log off;
# max-age must be in seconds
add_header Cache-Control "max-age=8380800, public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "max-age=8380800, public";
}
server_name _ mydomain.com;
error_page 500 502 503 504 /50x.html;
index index.php;
root /var/www/html/mydomain;
access_log /var/www/html/logs/nginx_access.log;
error_log /var/www/html/logs/nginx_error.log;
# HEADERS
add_header 'Access-Control-Allow-Origin' $allow_origin;
# content-security-policy
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?goto=$uri&$args;
}
client_max_body_size 100M;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location /dbadm {
auth_basic "Admin Login";
auth_basic_user_file /etc/nginx/pma_pass;
}
# location ~ \.json {
# add_header Content-Type application/json;
# }
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lojascolmeia.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lojascolmeia.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#proxy_ssl_server_name on;
location /websocket {
proxy_pass http://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;
# prevents 502 bad gateway error
proxy_ignore_client_abort on;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name _ mydomain.com;
listen 80;
return 404; # managed by Certbot
}
sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_tokens off; #https://ubiq.co/tech-blog/hide-nginx-server-version-header/
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
tcpdump and then loading my webpage from localnetwork
sudo tcpdump -n -i any src or dst 192.XX.XXX.XXX(home-network-ipv4-public-ip-from-another-device-from-local-network-connected-to-my-server-via-ssh)
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:35:39.086944 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [S], seq 3186999685, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0
19:35:39.087013 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [S.], seq 2236039596, ack 3186999686, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
19:35:39.091325 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 1, win 512, length 0
19:35:39.091377 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1:518, ack 1, win 512, length 517
19:35:39.091399 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 518, win 501, length 0
19:35:39.092254 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1:1413, ack 518, win 501, length 1412
19:35:39.092256 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1413:2825, ack 518, win 501, length 1412
19:35:39.092257 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 2825:4097, ack 518, win 501, length 1272
19:35:39.093381 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 2825, win 512, length 0
19:35:39.094964 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4097:4580, ack 518, win 501, length 483
19:35:39.096049 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4580, win 512, length 0
19:35:39.102807 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 518:582, ack 4580, win 512, length 64
19:35:39.102834 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 582:674, ack 4580, win 512, length 92
19:35:39.102887 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 674, win 501, length 0
19:35:39.103058 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4580:4659, ack 674, win 501, length 79
19:35:39.103137 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4659:4738, ack 674, win 501, length 79
19:35:39.103205 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4738:4809, ack 674, win 501, length 71
19:35:39.103301 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 674:1365, ack 4580, win 512, length 691
19:35:39.104771 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4809, win 512, length 0
19:35:39.104793 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1365:1396, ack 4809, win 512, length 31
19:35:39.104812 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 1396, win 501, length 0
19:35:39.115063 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 4809:6221, ack 1396, win 501, length 1412
19:35:39.115066 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 6221:7633, ack 1396, win 501, length 1412
19:35:39.115068 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 7633:9045, ack 1396, win 501, length 1412
19:35:39.115069 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 9045:10457, ack 1396, win 501, length 1412
19:35:39.115070 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 10457:11869, ack 1396, win 501, length 1412
19:35:39.115268 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 11869:13281, ack 1396, win 501, length 1412
19:35:39.115384 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 13281:14693, ack 1396, win 501, length 1412
19:35:39.115511 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 14693:16105, ack 1396, win 501, length 1412
19:35:39.115630 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 16105:17517, ack 1396, win 501, length 1412
19:35:39.115749 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 17517:18929, ack 1396, win 501, length 1412
19:35:39.116796 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 7633, win 512, length 0
19:35:39.116831 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 18929:20341, ack 1396, win 501, length 1412
19:35:39.116833 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 20341:21753, ack 1396, win 501, length 1412
19:35:39.116834 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 21753:22031, ack 1396, win 501, length 278
19:35:39.117833 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 17517, win 512, length 0
19:35:39.118256 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22031, win 512, length 0
19:35:39.391422 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1396:1615, ack 22031, win 512, length 219
19:35:39.391510 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1615:2081, ack 22031, win 512, length 466
19:35:39.391551 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2081, win 501, length 0
19:35:39.391761 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22031:22066, ack 2081, win 501, length 35
19:35:39.394267 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22066:22417, ack 2081, win 501, length 351
19:35:39.395852 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22417, win 511, length 0
19:35:39.402034 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2081:2207, ack 22417, win 511, length 126
19:35:39.402071 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2207:2537, ack 22417, win 511, length 330
19:35:39.402121 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2537, win 501, length 0
19:35:39.402303 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22417:22452, ack 2537, win 501, length 35
19:35:39.404553 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22452:22791, ack 2537, win 501, length 339
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
**tcpdump and then loading my webpage from device outside local network (over 3G)
sudo tcpdump -n -i any src or dst XXX.XXX.XXX.XXX(my-phone-ip-over-3G)
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:59:56.882577 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [SEW], seq 1941385008, win 65535, options [mss 1412,nop,wscale 5,nop,nop,TS val 1626285022 ecr 0,sackOK,eol], length 0
19:59:56.882642 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [S.E], seq 971375185, ack 1941385009, win 65160, options [mss 1460,sackOK,TS val 1104199128 ecr 1626285022,nop,wscale 7], length 0
19:59:56.905511 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 1, win 4112, options [nop,nop,TS val 1626285045 ecr 1104199128], length 0
19:59:56.935141 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [P.], seq 1:403, ack 1, win 4112, options [nop,nop,TS val 1626285076 ecr 1104199128], length 402: HTTP: GET / HTTP/1.1
19:59:56.935175 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 0
19:59:56.935289 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [P.], seq 1:359, ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 358: HTTP: HTTP/1.1 301 Moved Permanently
19:59:56.966260 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, options [nop,nop,TS val 1626285105 ecr 1104199180], length 0
19:59:57.087070 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, length 0
19:59:57.087096 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199332 ecr 1626285105], length 0
20:00:05.684479 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [R], seq 1941385411, win 0, length 0
10 packets captured
10 packets received by filter
0 packets dropped by kernel
MY MODEM(NOKIA G-240W-G) CONFIG FOR PORT FOWARDING
enter image description here
What I have done:
Tryed disabling UFW (Ubuntu firewall) but still not working outside local network.
Called my ISP over 10 times. They always say it must be a local network problem. They swear all ports are opened and free to use it.
I'm thinking to fall back to Cloudflare`s flexible ssl and work all trafic upon port 80 or pay for premium internet access or something...
I uploaded my app to an remote VPS exactly the way it was setted on my local network and everything just worked fine. So the problem was my ISP blocking the ports...

Cant send data to Firebase using AT commands

I'm using an Arduino with a GSM modem to try to send data to firebase.
However, when I try to, I get the following error:
SEND OK HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 27 May 2019
22:34:09 GMT Content-Type: text/html Content-Length: 166 Connection:
close Strict-Transport-Security: max-age=31556926; includeSubDomains;
preload
400 Bad Request 400 Bad Request
nginx
CLOSED
The AT commands I issue are:
AT+QIOPEN="TCP", "drone-polution.firebaseio.com", 443
OK
CONNECT OK
AT+QISEND
>
POST /NewDB/.json
Accept: application/json
Content-Type: application/json
Content-Length: 9
{"a":"b"}
The last line is the actual payload.
Any help appreciated.
First, try this to program SAM chip to create an interface between Modem and your console PC (I found that there are good ready functions in MC20_Arduino_Interface.h which you can setup the modem.)
A simple program looks like this:
#include "MC20_Arduino_Interface.h"
// set serial port that connects to MC20
//#define serialMC20 Serial1
void setup()
{
//Begin serial comunication with Arduino and Arduino IDE (Serial Monitor)
SerialUSB.begin(115200);
while (!Serial);
//Being serial communication witj Arduino and MC20
serialMC20.begin(115200);
delay(1000);
SerialUSB.println("Setup Complete!");
}
void loop()
{
//Read MC20 output (if available) and print it in Arduino IDE Serial Monitor
if (serialMC20.available())
{
SerialUSB.write(serialMC20.read());
}
//Read Arduino IDE Serial Monitor inputs (if available) and send them to MC20
if (SerialUSB.available())
{
serialMC20.write(SerialUSB.read());
}
}
Also, I suggest you use Arduino's serial monitor for communication.
If the Modem starts successfully you will see SMS Ready and Call Ready in the serial monitor.
According to Quectel HTTP docs for a POST request:
3.2. Send POST Request to HTTP Server
AT+QIFGCNT=0
OK
AT+QICSGP=1,"CMNET" //Set APN
OK
AT+QIREGAPP //Optional
OK
AT+QIACT //Optional
OK
AT+QHTTPURL=58,30 //Set URL
CONNECT
<Input data>
//For example, input 58 bytes:
http://api.efxnow.com/DEMOWebServices2.8/Service.asmx/Echo
OK
//POST the data whose size is 18 bytes and the maximum latency time for inputting is 50s.
//It is recommended to set the latency time as long as enough to download all the data in the latency time.
AT+QHTTPPOST=18,50,10
CONNECT
//This means module enters into data mode and is ready to receive data from UART.
//For example, input 18 bytes: Message=helloworld.
OK
//This means all data has been received, and DCD is set to high.
AT+QHTTPREAD=30 //Read the response of HTTP server.
CONNECT
<Output data> //Output the response data of HTTP server to UART.
//For example, UART outputs:
<?xml version="1.0" encoding="utf-8"?>
<string xmlns="https://api.efxnow.com/webservices2.3">Message='helloworld' ASCII:104 101 108 108
111 119 111 114 108 100 </string>
OK
AT+QIDEACT //Deactivate PDP context.
DEACT OK
For example for httpbin.org/post it would become something like this:
16:45:56.416 -> AT+QIFGCNT=0
16:45:56.416 -> OK
16:46:02.918 -> AT+QICSGP=1,"mtnirancell"
16:46:02.918 -> OK
16:46:07.850 -> AT+QIREGAPP
16:46:07.850 -> OK
16:46:12.275 -> AT+QIACT
16:46:12.275 -> OK
16:46:27.467 -> AT+QHTTPURL=23,60
16:46:27.467 -> CONNECT
16:46:27.467 -> <http://httpbin.org/post>
16:46:36.965 -> OK
16:46:36.965 ->
16:46:48.786 -> AT+QHTTPPOST=18,50,10
16:46:48.786 -> CONNECT
16:46:48.786 -> <message=helloworld>
16:47:02.094 -> OK
16:47:02.094 ->
16:47:06.569 -> AT+QHTTPREAD=30
16:47:06.569 -> CONNECT
16:47:06.569 -> {
16:47:06.569 -> "args": {},
16:47:06.569 -> "data": "",
16:47:06.569 -> "files": {},
16:47:06.569 -> "form": {
16:47:06.569 -> "message": "helloworld"
16:47:06.569 -> },
16:47:06.569 -> "headers": {
16:47:06.569 -> "Accept": "*/*",
16:47:06.569 -> "Content-Length": "18",
16:47:06.569 -> "Content-Type": "application/x-www-form-urlencoded",
16:47:06.602 -> "Host": "httpbin.org",
16:47:06.602 -> "User-Agent": "QUECTEL_MODULE"
16:47:06.602 -> },
16:47:06.602 -> "json": null,
16:47:06.602 -> "origin": "*******, ********",
16:47:06.602 -> "url": "https://httpbin.org/post"
16:47:06.602 -> }
16:47:06.602 -> OK

TFTP timeout while bootstraping nodes (Mirantis Openstack)

I have a strange issue with TFTP server. While I'm trying to boot my bare-metal Dell R710 to provision new roles to Mirantis Openstack I'm getting:
CLIENT MAC ADDR: ....
CLIENT IP: ...
GATEWAY IP: ...
PXE-E32: TFTP open timeout
But the most strange thing that server will boot successfully after some time (in a few hours).
We are using integrated NICs - Broadcom NetXtream II cards
Please find below tcpdump from tftp/dhcp server (fuel master):
[root#fuel2 ~]# sudo tcpdump ether host d0:67:xx:xx:xx:xx
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:08:54.881515 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548
12:08:59.028611 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548
12:08:59.083520 ARP, Request who-has fuel2.labs.mydomain.org tell 172.25.190.7, length 46
12:08:59.083558 ARP, Reply fuel2.labs.mydomain.org is-at 00:50:56:a8:38:e1 (oui Unknown), length 28
12:08:59.083751 IP 172.25.190.7.bootpc > SI1-SCCM-LV.mydomain.org.pxe: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548
12:08:59.111846 IP 172.25.190.7.ah-esp-encap > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0
12:09:01.115771 IP 172.25.190.7.acp-port > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0
12:09:05.125596 IP 172.25.190.7.msync > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0
12:09:11.112825 IP 172.25.190.7.gxs-data-port > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0
12:09:19.077381 IP 172.25.190.7.vrtl-vmf-sa > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0
12:09:29.022504 IP 172.25.190.7.newlixengine > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
12:10:05.052292 IP 172.25.190.7.newlixconfig > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
12:11:17.063229 IP 172.25.190.7.tsrmagt > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
12:13:05.052148 IP 172.25.190.7.tpcsrvr > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
12:15:29.018871 IP 172.25.190.7.idware-router > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
Issue was solved. Looks like we have a wds service in our network that is listening this subnet as well.

Puzzled about the `telnet localhost` and `telnet 0.0.0.0`

I wrote a simple GO program which listens to 0.0.0.0:9999 and 127.0.0.1:9999:
func main() {
go bind("0.0.0.0:9999", "111 ")
go func() {
time.Sleep(2 * time.Second)
bind("127.0.0.1:9999", "222 ")
}()
time.Sleep(time.Hour)
}
func bind(address string, content string) {
fmt.Println("-------------", address, "-----------------")
listener, err := net.Listen("tcp", address)
if err != nil {
panic(err)
return
}
fmt.Println(listener.Addr().String())
conn, _ := listener.Accept()
for {
_, err := conn.Write([]byte(content))
if err != nil {
panic(err)
}
time.Sleep(1 * time.Second)
}
}
The meaning of the code:
It binds two addresses, and gives different responses to the clients of them
binding "0.0.0.0:9999": will send "111 " repeat to client
binding "127.0.0.1:9999": will send "222 " repeat to client
And then I use telnet to try different addresses, and the responses are:
telnet 127.0.0.1 9999: 222 (OK)
telnet localhost 9999: 111 (WHY?!)
telnet 0.0.0.0 9999: 222 (WHY?!)
telnet <my-internal-ip> 9999: 111 (OK)
I'm quite confused about some of them:
telnet localhost 9999: 111 (WHY?!)
localhost should point to 127.0.0.1, so I think it's same to telnet 127.0.0.1 9999 and the response should be 222, but the actual one is 111
telnet 0.0.0.0 9999: 222 (WHY?!)
I think 0.0.0.0 is not same to 127.0.0.1, I expect to get response of 111, but get 222
I also have a demo project: https://github.com/golang-demos/go-bind-0.0.0.0-127.0.0.1-demo
Update: My os is OSX
Both localhost and 0.0.0.0 are resolved to 127.0.0.1 by the OS
$ ping 0.0.0.0
PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms
$ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.035 ms`
localhost could resolve to something else depending on /etc/hosts file.
An excellent explanation for Linux ping 0.0.0.0 behavior is here.

Resources