I'm currently trying to setup a tunneling tool, specific for game servers.
So you can start the server locally and everyone can join without open your ports or getting unsecure.
Basicly I do a reverse ssh tunnel to one of my dedicated linux servers where the game port get mapped to a different port (for example 8888). So the server is now exposed to the internet and available for anyone and the user don't have to get unsecure and open his own ports. Everyone can connect to the following ip: SERVERADRESS:8888.
The command which gets executed looks like this:
ssh -N -R "*:8888:localhost:25565" root#SERVERADRESS
This works fine just as i want. But I also want to secure my "forwarding" server, so I'm relativ new to networking but I found reverse proxy's. I watched some tutorials and I installed the "Nginx Proxy Manager" tool which comes with a web interface and looks very good and easy. So there is an option to create an Stream (Picture below), there you can enter the incoming port and the forward Host + port, for example: REVERSEPROXY:7777 -> FORWARDINGSERVER:8888. So with this I want to hide the ip adress from the server where all the ssh tunnels. Sadly this Stream tool won't work, I already saw some other topics with that. They all said to enter the port into the docker-compose.yml which I already did + restart. But for now it won't work. Any other soloutions for this problem? Or completly different ideas to protect my server?
https://i.stack.imgur.com/FolLe.png https://i.stack.imgur.com/KuJbt.png https://i.stack.imgur.com/2SN4a.png https://i.stack.imgur.com/9kzbj.jpg
I try to do my own tunneling tool, but with a protection so that my server getting damaged.
new here. I'm currently trying to set up an implementation of Tabula on a Windows Server. I've set up a non-standard port to run the service (port 8090) and have set up firewall rules, but I can't seem to make it work. I've also been assured by the hosting company that they don't filter ports so all possible ports would have been blocked by either the router or the machine itself.
I've also set up port forwarding (with similar settings that work on the router). Didn't work.
I've also tried using port 80, then temporarily turning off the Apache server on that machine so it would free up that port. To no avail, alas.
I've also tried Proxypass, with the same failed results:
<Location /tab>
ProxyPass http://release.123-246.com:8090/
ProxyPassReverse http://release.123-246.com:8090/
</Location>
It works on localhost (127.0.0.1:8090) and local network address (192.168.0.4:8090, but only from within the machine's browser) but can't seem to make it work on live (78.46.210.12:8090)
Pretty sure I'm missing something, but I don't know what it is. Help please? I'm welcome to different approaches on this.
Did you check that Tabula is listening on the appropriate interface?
The version of Tabula that is packaged as a Windows application might not bind to the interface fronted by your reverse proxy.
Try this command to make Tabula listen on all available interfaces:
jruby -G -r jbundler -S rackup -o 0.0.0.0 config.ru
Docker noob here. Have setup a dev server with docker containers. I am able to run a basic containers.
For example
docker run --name node-test -it -v "$(pwd)":/src -p 3000:3000 node bash
Works as expected. As soon as I have many small projects, I would like to bind/listen to actual http localhost path instead of port. Something like that
docker run --name node-test -it -v "$(pwd)":/src -p 3000:80/node-test node bash
Is it possible? Thanks.
EDIT. Basically I want to type localhost/node-test instead of localhost:3000 in my browser window
It sounds like what you want is for your Docker container to respond to a URL like http://localhost/some/random/path by somehow specifying that path in the Docker --port option.
The short answer to that is no, that is not possible. The reason is that a port is not related to a path in any way - an HTTP server listens on a port, and serves resources that are found at a path. Note that there are many different types of servers and all of them listen on some port, but many (most?) of them have no concept of a path at all. For example, consider an SMTP (mail transfer) server - it often listens on port 25, but what does a path mean to it? All it does is transfer mail from one server to another.
There are two ways to accomplish what you're trying to do:
write your application to respond to particular paths. For example, if you're using the Express framework in your node application, create a route for the path you want.
use a proxy server to accept requests on one path and relay them to a server that's listening to another path.
Note that this has nothing to do with Docker - you'd be faced with the same two options if you were running your application on any server.
I'm trying to set up a malware analysis lab, following the instructions found here:
https://blog.christophetd.fr/malware-analysis-lab-with-virtualbox-inetsim-and-burp/
In setting up inetsim to simulate internet protocols, I keep getting "http_tcp_80 - failed!" everytime I run it. Changing the port it uses in the configuration file to 8080 causes the it to work. When I run it on a different vm, the configuration works as intended.
I have apache also installed on this vm. Could it be interfering?
Edit: I just installed a new vm to try using inetsim without apache installed. HTTP is reported to be running, but now dns_53_tcp_udp is reported to be failing to start. Trying to browse web pages to bring up inetsim's default page fails, regardless of if I use the FQDN or the IP address. The only time I get the page is with localhost. Otherwise, I get server not found. At least I know its not apache.
The error I get with DNS indicates that the 0.0.0.0 ip is already in use, which doesn't make sense to me since 0.0.0.0 is being used to bind the services to all IPs. Changing the inetsim.conf file so "service_bind_address 10.0.0.0" instead of "service_bind_address 0.0.0.0" seems to run dns, but the browser on both the analysis machine and the victim machine still report no server found.
You should stop the Apache server:
service apache2 stop
It works for me.
I guess there are some other processes listening on those ports.
Use
sudo netstat -tulpn | grep LISTEN
It will print out those processes with their pid. For example, 964 is the pid of the first process in this case:
Check if something is occupying your corresponding ports. Shut them down with
sudo kill -9 <pid>
Of course, the busy processes running on those ports may not in listening states but still be able to cause such a problem. So you can check it with
sudo netstat -tulpn
just in case.
Anyway, it does work for me.
I am getting error:
"Lost connection to MySQL server at 'reading initial communication packet, system error: 0"
while I am going to connect my db.
If I am using localhost everything is working fine.
But when I am using my live IP address like below, it's getting error:
mysql_connect("202.131.xxx.106:xxxx", "xxxx", "xxxxx") or die(mysql_error());
Someone here suggests that it might be a firewall problem:
I have just had this problem and found it was my firewall. I use PCTools Firewall Plus and it wasn't allowing full access to MySQL. Once I changed that it was fine.
Could that be it?
Also, someone here suggests that it might be because the MySQL server is bound to the loop-back IP (127.0.0.1 / localhost) which effectively cuts you off from connecting from "outside".
If this is the case, you need to upload the script to the webserver (which is probably also running the MySQL server) and keep your server host as 'localhost'
Open mysql configuration file named my.cnf and try to find "bind-address", here replace the setting (127.0.0.1 OR localhost) with your live server ip (the ip you are using in mysql_connect function)
This will solve the problem definitely.
Allow remote connect to MySQL.
Edit file:
>sudo nano /etc/mysql/my.cnf
Comment line:
#bind-address = 127.0.0.1
Restart MySQL:
>sudo service mysql restart
Create user for remote connection.
>mysql -uroot -p
CREATE USER 'developer'#'localhost' IDENTIFIED BY 'dev_password';
CREATE USER 'developer'#'%' IDENTIFIED BY 'dev_password';
GRANT ALL ON *.* TO 'developer'#'localhost';
GRANT ALL ON *.* TO 'developer'#'%';
In my case I need to connect remotely from Windows to VirtualBox machine with Ubuntu. So I need to allow port 3306 in iptables:
>iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
Had this problem when setting up a new slave server. Found it was the slave server IP address was missing from the master server /etc/hosts.allow file. Added the IP address and it let me connect to the master server.
Note that I use hosts.allow and hosts.deny to control access.
I had this problem and it ended up being the prior sys admin changed the port MySQL was running on. MySQL Workbench was trying to connect to the default 3306 but the server was running on 20300.
The error means that it didn't receive a response from the port it expected to find the server on. The causes range from contacting the wrong machine (For one of a number of reasons) to the server not being on the expected port.
Check which port your server is bound to in /etc/mysql/my.cnf. Does that correspond to what is in your connect statement. If they match then try connecting with mysql from the server itself and from the command line of the machine where you are running the client. If it works form one place and not another then you may have a firewall / router configuration issue.
One more reason...
I ran into an Ubuntu server where everything was customized and could not connect because of that same error.
This setting was inside /etc/ssh/sshd_config
PermitTunnel no
After turning into
PermitTunnel yes
I was able to connect remotely to my MySQL DB
The problem on my case was MySQL being bind only to the lo on linux.
in order to solve the problem i have edited the my.cnf (found at /etc/mysql/my.cnf) removing the line bind-address=127.0.0.1
this allows mysql to bind to any network interface
I just set up mysql on a windows box. I got the OP's error when trying to connect with the Navicat MySql client on the same box. I had to specify 127.0.0.1 as the host, and that got it.
localhost, or the servers actual ip address both did not work.
This error occurred to me while trying to connect to the Google Cloud SQL using MySQL Workbench 6.3.
After a little research I found that my IP address has been changed by the internet provider and he was not allowed in the Cloud SQL.
I authorized it and went back to work.
I faced the same problem. I checked and tried to set AllowTcpForwarding Yes but it was missing in my sshd_config so no help.I didn't change sshd_config or my.cnf. Make sure the ssh hostname is NOT the same with the mysql hostname(use localhost).
In workbench, choose + to add new connection and set the following:
connection method: standard TCP/IP over SSH
SSH Hostname: 192.168.0.50:22 (replace remote SSH server IP and port(optional))
SSH Username: sshuser
You can set password or add at the prompt
MYSQL Hostname: localhost or 127.0.0.1
MYSQL Server port:3306
You can set password or add at the prompt
Test connection. It should be successful then hit OK.Viola!
I ran into this exact same error when connecting from MySQL workbench. Here's how I fixed it. My /etc/my.cnf configuration file had the bind-address value set to the server's IP address. This had to be done to setup replication. Anyway, I solved it by doing two things:
create a user that can be used to connect from the bind address in the my.cnf file
e.g.
CREATE USER 'username'#'bind-address' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON schemaname.* TO 'username'#'bind-address';
FLUSH PRIVILEGES;
change the MySQL hostname value in the connection details in MySQL workbench to match the bind-address
The problem for me was that DNS queries were blocked by the FW within the subnet. The solution was to disable DNS lookups within MySQL.
The problem was quite stupid for me.
I used to get the same issue on AWS EC2 Ubuntu machine (MariaDB is installed locally for the time being), so I tried to make SSH tunneling, and had the same issue. So I tried to ssh tunnel over terminal:
ssh -L13306:127.0.0.1:3306 root#ip.address -i my/private/key.pem
And it told me this:
Please login as the user "ubuntu" rather than the user "root".
I changed ssh user from root to ubuntu, just like my ssh config, and it connected just fine.
So check your SSH connecting user.
I oversaw this, so this too half an hour of my time, so I hope this will be useful for you.
For me the config file was found "/etc/mysql/mysql.conf.d/mysqld.cnf" commenting out bind address did the trick.
As we can see here:
Instead of skip-networking the default is now to listen only on
localhost which is more compatible and is not less secure.
I am trying to connect my db docker container on Ubuntu 18.04, same problem.
First check your device by run nmcli dev to check if device docker0 is connected.
If it is not connected, try to restart docker service:
sudo service docker restart
I tried make a telnet over remote server on port 3306.
The error message is clear
Host 'x.x.x.x' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.
As root at server mysqladmin flush-hosts worked at all!
I had the same error when using localhost. I restarted the MySQL service and it worked fine.
in my case, I had ALL: ALL in hosts.deny. Changing this to ALL: PARANOID solved my problem when connecting over ssh
Ran into this same issue, Bind Address back and forth to no avail. Solution for me was flushing privileges.
mysql> FLUSH PRIVILEGES;
Firewalld blocks the IP address. so to give access, use these commands:
firewall-cmd --permanent --zone=trusted --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=trusted --add-port=3306/tcp
firewall-cmd --reload
For me setting bind-address = 0.0.0.0 in mysql/my.cnf worked. It basically listens to all addresses (but still one port) then.
And don't forget restart your server: systemctl restart mysql
I just had the same problem, but in my case I solved it with
service mysqld start
In my case it was the university wifi blocking port 3306. I was able to connect by using a mobile hotspot.
Change to a mobile hotspot or another network, and if it works there, then you know that original network is blocking port 3306. If you get the same error on more than 1 network, then you know it's specific to your machine.
I had port 3306 in Docker container but in Dockerfile it was 33060. I edited the port in Docker container to 33060
Must have been added to the Dockerfile
ENV MYSQL_ROOT_HOST 172.17.0.1
I have done below 3 steps then working for me.
bind-address = "YOUR MACHINE IP" in my.cnf file at /etc/my.cnf
Restart service by command : service mysql restart
GRANT ALL PRIVILEGES ON yourDB.* TO 'username'#'YOUR_APPLICATION_IP' IDENTIFIED BY 'YOUR_PASSWORD' WITH GRANT OPTION;
I had the same issue installing MySQL docker image then trying to connect from WSL2 MySQL client.
As it was stated in the accepted answer that it should be a firewall issue, in my case this error was caused due to not allowing docker for windows to communicate to private network.
I changed the settings on "Firewall & network protection", "allow an app through firewall", "change settings" (need administrator rights) and allowed "Docker desktop backend" to connect to private network.
I had the same error on my Mac with a local MySQL installation. The problem was that the number files that MySQL was opening was too high for MacOS.
To see if you have the same problem you can run this command and look for File Descriptor errors:
tail -200 /usr/local/var/mysql/$(whoami).err | grep "Warning"
I added this line to my.cnf file and the problem was fixed:
table_open_cache = 200
Had the same problem, what worked for me was:
Go to Windows Firewall where you allow applications.
mysql probably won't be in the list, so you need to add it, its path is typically C:/Program Files (x86)/MySQL/bin/mysql
Mark both private and public networks, apply.
When connecting to Mysql remotely, I got the error.
I had this warning in /var/log/mysqld.log:
[Warning] IP address 'X.X.X.X' could not be resolved: Temporary failure in name resolution
I just added this line to /etc/hosts file:
X.X.X.X some_name
Problem solved! Not using skip-name-resolve caused some errors in my local app when connecting to MySQL.