Netty server, Fedora. I just can't connect to the server from remote host and no listening socket is displayed via netstat util. However I can establish the connection running client and server on the same machine. That's simply like that:
port = System.getProperty(PORT_PROPERTY);
Preconditions.checkNotNull(port, "Network error, port property is not set");
hostAddress = new InetSocketAddress(Integer.valueOf(port));
...
serverChannel = bootstrap.bind(hostAddress);
I've tried initializing hostAddress with the port only, localhost IP, 0.0.0.0 IP, and IP of my network. Nothing helps. What could be the root of problem?
Here's some suggestions that should help disagnosing the problem:
For clarity (until you resolve this), stick to using
new InetSocketAddress("0.0.0.0", Integer.valueOf(port))
since this will ensure you bind to all interfaces.
Invoke the JVM with -Djava.net.preferIPv4Stack=true to force the JVM into IPV4. I have found it easier to muck with these issues when in IPV4 since is it less complicated than V6.
Get the PID of the JVM and then issue a netstat like this:
sudo netstat -ap --numeric-ports | grep <PID>
This should display all sockets for your JVM instance. (Please post this output if you're still not able to connect remotely. Also post the output of ifconfig)
Related
I have BrowserMobProxy realization in the project. This logic uses the IP address for Proxy connection and test UI web-service (Proxy used for request/response statistic saving). All worked fine before, but we restart docker and the IP address for the proxy was changed. Now I need to found a new IP address for the proxy.
Code where IP address used
public static void startProxyServer(String address) {//address = "172.17.0.2"
if (browserMobProxy.isStarted()) {
browserMobProxy.stop();
}
try {
browserMobProxy.start(9090, Inet4Address.getByName(address)); // {1}
useExclusivePort = browserMobProxy.getPort();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
After docker was restarting the project began fails on the line {1}.
I started the search for new IP on the server. Unfortunately, I can't use ifconfig command from the docker image since this command does not install there. So I determined the address from the server in the following way:
After I use IP 172.17.0.2 the code works well and I hoped I resolved this issue, but as it turned out I lost connection with this proxy - on the UI I got the following result:
So I totally confused:
All works well before the docker image was restarted
Old IP looks like 172.19.0.5 but the code fails with it now.
I "found" new IP 172.17.0.2 and code work with it.
I not sure I determined correct IP since all old IP was started with 172.19.0.{4,5,8}
I have no connection with the new IP
I do not know or I found the correct IP and why it suitable for code but not suitable for connection
The project deploys with Jenkins docker image. Browsers start on the selenium grid
#Question:
How do I need to found the correct IP that I can use for a proxy connection?
there are other commands with which you can find which ip your server is running on. check if you have access to any of the following
first you can try
netstat -an
which will give you all IPs your server is listening to along with what ports, and what IPs are connected on it along with the ports
if this doesn't work try this
https://dev.to/trexinc/netstat-without-netstat-inside-containers-9ak
then try
ip addr
which will give you a similar output as ifconfig
and last you can try with
docker inspect -f '{{ .NetworkSettings.IPAddress }}' containerID
which will give you the network interfaces of your docker
I'm trying to connect to a jmx port remotely but I can't seem to connect to it even though the port is open. Its a java process running in a container on a server thats a Nomad worker. Its running on 29406.
Here is what netstat shows:
netstat -tulpn | grep 29406
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 10.137.2.166:29406 0.0.0.0:* LISTEN -
udp 0 0 10.137.2.166:29406 0.0.0.0:* -
And this is whats in /etc/hosts
cat /etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
I've downloaded jmxterm on the server to try and connect to it, and noticed an interesting behavior. When I try using localhost to connect to the port, I get this:
#RuntimeIOException: Runtime IO exception: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused (Connection refused)]
When I use its own IP address, it then seems to work:
$>open 10.137.2.166:29406
#Connection to 10.137.2.166:29406 is opened
$>
Curious to understand why localhost doesn't work when I'm running this on the server itself...
The only way I've gotten jconsole (running on my laptop) to connect to it is by using an ssh tunnel like this:
ssh -Nf -D 7777 10.137.2.166
jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=7777 service:jmx:rmi:///jndi/rmi://10.137.2.166:29406/jmxrmi -J-DsocksNonProxyHosts=
I feel like I should be able to connect to it without creating a tunnel but unsure why I can't. If I run telnet locally from my laptop to the host, the connection does seem to open...
telnet 10.137.2.166 29406
Trying 10.137.2.166...
Connected to 10.137.2.166.
Escape character is '^]'.
To successful JMX handshake
the jmx server should be available by a host name outside (should also be declared on server jvm via java.rmi.server.hostname system property)
in addition to one open port (can be explicitly declared via com.sun.management.jmxremote.rmi.port jvm property) the jmx server chooses random another that's used for new jmx connection. It's quite problematic because you can't foresee particular port in order to exclude it from server's firewall restrictions, so the tunneling is necessary.
Server listened at only 10.137.2.166.
When you trying to create new socket with localhost domain, your application tying to establish 127.0.0.1 adress but your application not listening at this ip.
If you want to connect with localhost domain you have few options for solving.
Change your server configuration to listen on 127.0.0.1 and 10.137.2.166 at same time.
Change your server configuration to listen on 0.0.0.0 .
Listening at 0.0.0.0 its not recommended for security reasons .
Use iptables to forward port. Requires root privileges.
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp -i lo --dport 29406 -j DNAT --to-destination 10.137.2.166:29406
iptables -A FORWARD -p tcp -d 10.137.2.166 --dport 29406 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
if you don't have root privileges you can use socat.
socat TCP-LISTEN:29406,fork,bind=127.0.0.1 TCP:10.137.2.166:29406
I only used jmx for visualvm connection and in this case they are two ports required to be available:
com.sun.management.jmxremote.port=9010
com.sun.management.jmxremote.rmi.port=9011
Also the java.rmi.server.hostname need to be set accordingly to the right network interface as the port will be bound only on that interface.
Once the ports are available from your client, you can use the jmx connection on the jmxremote.port port.
I try configure jmx according this instruction: http://activemq.apache.org/jmx.html
On localhost all works well. But when i try connect to FreeBSD server over VPN jconsole can't establish connection.
I use such settings for ACTIVEMQ_SUNJMX_START variable:
ACTIVEMQ_SUNJMX_START="
-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_BASE}/conf/jmx.password
-Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_BASE}/conf/jmx.access
-Djava.rmi.server.hostname=vpn_id_address
-Dcom.sun.management.jmxremote.local.only=false"
What i do wrong?
Confirm the port is listening, using netstat or other tool.
netstat -na | grep 1616
... should show an entry as LISTENING
Try to telnet to the port and send garbage. The server will disconnect you
$ telnet localhost 1099
Trying ::1...
Connected to localhost.
Escape character is '^]'.
garbage
Connection closed by foreign host.
There are a million other reasons why it may not be working. Firewall settings on the server, VPN port mapping, etc.. etc.. Until #1 and #2 are confirmed there isn't anything else to go on.
open command prompt/terminal then type: jconsole
then your jconsole will open and connect to activemq from it
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
After starting tomcat with jpda on, while at my company I can remote debug a bunch of web applications in eclipse. For a number of reasons I am now in need of developing and remote debugging those same webapps from outside the company firewall, and i can only access that server via ssh on port 22.
I tunneled most needed ports (svn, nexus, tomcat itself, from the server or via the server) to localhost and those services work fine, but I cannot start the eclipse debugger in any way; i'm getting "connection timed out while waiting for packet XXX" or "connection refused" from the second time i try on.
Checking with nmap on the server, it reports the port open before the first connection attempt, and it becomes closed after that. I get no interesting output log in catalina.out
The command i use to start the tunnel is:
ssh -L 8000:localhost:8000 user#mycompany.com
iptables was temporarily stopped both on the server and in the local machine for testing.
Am i missing something? Do I need to forward some other port to localhost? Or is it in some way involved name resolution?
EDIT
Open ports before connection attemp from eclipse:
root#lnxulisse:/opt/apache-tomcat-6.0.32/bin# lsof -p 2147 -n |grep TCP
java 2147 root 4u IPv4 640850 0t0 TCP *:8000 (LISTEN)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 48r IPv6 642625 0t0 TCP 172.24.0.82:48347->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
and after:
java 2147 root 4u IPv6 642769 0t0 TCP 172.24.0.82:48956->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 5u IPv4 640851 0t0 TCP 127.0.0.1:8000->127.0.0.1:34193 (ESTABLISHED)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
exact eclipse error returned is:
Exception occurred during launch
Failed to connect to remote JVM. Connection timed out.
Timeout occurred while waiting for packet 204.
(the packet number varies on each attempt).
in workspace/.metadata/.log i get:
!ENTRY org.eclipse.osgi 2 0 2011-07-17 18:43:53.024
!MESSAGE While loading class "org.eclipse.core.net.proxy.IProxyService", thread "Thread[main,6,main]" timed out waiting (5000ms) for thread "Thread[Thread-6,5,main]" to finish starting bundle "org.eclipse.core.net_1.2.1.r35x_20090812-1200 [232]". To avoid deadlock, thread "Thread[main,6,main]" is proceeding but "org.eclipse.core.net.proxy.IProxyService" may not be fully initialized.
!STACK 0
org.osgi.framework.BundleException: State change in progress for bundle "reference:file:plugins/org.eclipse.core.net_1.2.1.r35x_20090812-1200.jar" by thread "Thread-6".
at org.eclipse.osgi.framework.internal.core.AbstractBundle.beginStateChange(AbstractBundle.java:1073)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:278)
[...]
!ENTRY org.eclipse.ui.ide 4 4 2011-07-17 18:43:53.028
!MESSAGE Proxy service could not be found.
eclipse is configured for direct internet connection.
EDIT 2
I think the solution might be here:
http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
but i have some trouble understanding his JNDI/RMI settings, and to what extent that applies to my configuration.
EDIT 3
This is a clarification for those answering "use <lan|local ip address> instead of <localhost>"
computer A: my workstation in the company
computer B: my workstation at home
computer C: server running tomcat
B and C are in two different sub-networks in the same network infrastructure; only connections to port 22 of C from outside are allowed (and somewhat "proxied", I don't know network internals).
A is "outside" (my dsl connection with dynamic ip address).
Debugging on C from B via ssh tunnel -> works
Debugging on C from A via ssh tunnel -> connection timed out while waiting for packet XXX
This article suggests that the default port on which the remote Java virtual machine (JVM) is listening in debugging mode is 1044. You should tunnel the port on which the remote JVM is running as well.
More generally, you could run wireshark/tcpdump to see to which port connection attempts are made when starting the debugger.
EDIT:
A few more things I would try:
check on the remote host (e.g. with ps auxwww if it's Linux) with which arguments (look for what comes behind -Xrunjdwp or with lsof -p PID_OF_JVM_TO_BE_DEBUGGED on which TCP port it listens (look for lines with TCP and LISTEN in the lsof output)
make sure that the JVM on the remote host listens on the lo interface, not the network interface (that's what you specify with the localhost in the -L option to ssh).
Does starting the debugger by hand on the machine where you start eclipse with jdb -attach localhost:8000 work ? (you could also try this on the remote host to ensure the debugger is running on the port 8000)
make sure that eclipse tries to connect to localhost (when not specifying a bind address before the first 8000 with the -L option ssh listens on the lo interface)
I often had this problem when doing remote debugging. I do not know the exact reason for this problem, but I used the below solution and maybe it works for you, too:
instead of
ssh -L 8000:localhost:8000 user#remotehost
is used
ssh -L 8000:remotehost:8000 user#remotehost
for creating the SSH tunnel (note the remotehost instead of localhost between the port numbers in the second example). Instead of the remote host's name, you can also use the normal IP address of the remote host (not the loopback address 127.0.0.1, but the true local network IP address).
Hope it helps and good luck!
Assuming the remote Tomcat instance has been started with something like -Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n, try this command:
ssh -L 8000:0.0.0.0:8000 user#mycompany.com -N
On my Mac, I tried out ssh -L 10701:localhost:10700 user#localhost -N locally, where a Tomcat instance was started with -Xrunjdwp:transport=dt_socket,server=y,address=10700,suspend=n, and attempting to attach on port 10701 within Eclipse, I kept seeing "Failed to connect to remote VM com.sun.jdi.connect.spi.ClosedConnectionException". By changing the tunnel command to ssh -L 10701:0.0.0.0:10700 user#localhost -N, Eclipse was able to attach.
Can you please give the exact parameters of the -Xrunjdwp parameter?
Also do you have tried different methods for debugging (server=y/n, suspend=y/n)?
Perhaps inversing the connection (let the tomcat connect to the debugger instead of letting the debugger connect to tomcat) may help.
Well I am answering myself after a long time; in my specific case, the solution was to put eclipse JVM in listening mode:
Connection Type: "Standard (Socket Listen)"
and reverse the direction of the tunnel:
ssh -L 8001:localhost:8001 user#work (run on server (S), "localhost" is W)
ssh -R 8001:localhost:8001 user#work (run at home (H), "localhost" is W)
Some explanation: as in the question, my situation was:
H -------------------> S not working ( ssh -L 8001:S:8001 user#S from H)
H W -------> S working ( ssh -L 8001:S:8001 user#S from W)
home work server
While reversing like this:
H <------- W S ssh -R 8001:localhost:8001 user#W (from H)
H W <------- S ssh -L 8001:localhost:8001 user#W (from S)
home work server
did the trick. In other words, whatever is written on S:8001, is forwarded to W:8001, and whatever in turn is written to W:8001, is forwarded to H:8001, where my eclipse JVM is listening.
The tomcat JVM on S should be started with server=n, with arguments:
-agentlib:jdwp=transport=dt_socket,server=n,suspend=n,address=8001
I'm on a vista machine. I've started tomcat 5.5.27 with these options:
CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=9003 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false"
When I connect via jconsole and added the following service url
service:jmx:rmi:///jndi/rmi://localhost:9003/jmxrmi
it would not connect. Any ideas ?
Ok, I orignally supposed the URL given by op was wrong but it turns out no. So I can't answer.
Still, here are the basics:
For a simple connection through jconsole.
If you know that the JMX Server you want to connect to has the RMI registry port at 9003 for example, connect using
localhost:9003
instead.
Otherwise, here's what I found out from the ground up:
Suppose you have the JMX Server (alias 'JMX Agent' alias 'the JVM you want to connect to') running on 'TARGET MACHINE' with the RMI registry port at 'RMI REGISTRY PORT' and the JMX RMI server port at 'JMX RMI SERVER PORT'.
Note:
The RMI registry tells JMX clients where to find the JMX RMI server port; information can be obtained under key jmxrmi.
The RMI registry port is generally known as it is set through system properties at JVM startup.
The JMX RMI server port is generally not known as the JVM chooses it at random (if no other precautions are taken).
The following URI will lead to success (tested)
service:jmx:rmi://<TARGET_MACHINE>:<JMX_RMI_SERVER_PORT>/jndi/rmi://<TARGET_MACHINE>:<RMI_REGISTRY_PORT>/jmxrmi
This looks nasty. Let's cut it apart.
This URI is an RFC2609 "Service Location Protocol URL" (well, it's really an URI, right?)
It is composed of:
service - a constant
jmx:rmi - the service type composed of: abstract type jmx and URL scheme rmi
the rest - the sap (service access protocol specification)
sap is decomposed into:
//<TARGET_MACHINE>:<JMX_RMI_SERVER_PORT> - ipsite
/jndi/rmi://<TARGET_MACHINE>:<RMI_REGISTRY_PORT>/jmxrmi - URL part
A well-informed JMX client connects to the "ipsite" to do JMX-over-RMI exchanges; but what of the JMX client that doesn't KNOW that port? Patience...
URL part is decomposed into:
/jndi/ - This seems to tell the JMX client that it can get lookup information at the location that follows
rmi://<TARGET_MACHINE>:<RMI_REGISTRY_PORT>/jmxrmi - Yep, we get information about the JMX RMI Server at the RMI registry, under the lookup key jmxrmi
This is somewhat cart-before-horse, as one has to contact the RMI registry given by the latter part of the SLP URL first.
After scratching head, intuitively, let's try:
service:jmx:rmi://<TARGET_MACHINE>/jndi/rmi://<TARGET_MACHINE>:<RMI_REGISTRY_PORT>/jmxrmi
Yes, that works! The JMX RMI server port is nicely obtained from the registry. On second thoughts, the target machine should also be obtained from the registry, thus:
service:jmx:rmi:///jndi/rmi://<TARGET_MACHINE>:<RMI_REGISTRY_PORT>/jmxrmi
Even better, that works, too!
References:
1 download.oracle.com/javase/6/docs/api/javax/management/remote/rmi/package-summary.html
2 download.oracle.com/javase/6/docs/api/javax/management/remote/JMXServiceURL.html
3 mx4j.sourceforge.net/docs/ch03s04.html
4 download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevg
5 http://www.rfc-editor.org/rfc/rfc2609.txt
On Ubuntu 10.04, using OpenJDK 6 and Tomcat 6.0.29, I was unable to activate JMX for a local jconsole session, no matter how many com.sun.management.jmxremote.* options I passed to java with CATALINA_OPTS. The problem was the -Djava.io.tmpdir setting, which defaults to $CATALINA_BASE/temp. I simply had to set:
CATALINA_TMPDIR="/tmp"
at the beginning of bin/catalina.sh and I was able to connect locally with jconsole, jmap, jps etc. There was no need for any com.sun.management.jmxremote.* settings at all.
Are the processes run under the same user?
You can also check by running jps and jconsole (both in the JDK_HOME/bin directory)
This is also needed for OS X 10.7 aka Lion.
I answered a similar question here:java.rmi.ConnectException: Connection refused to host: 127.0.1.1;
I found many of the Q&A on this topic, not nothing was helping me - that's because my issue was more basic ( what can I say I am not a networking guru :) ). My ip address in /etc/hosts was incorrect. What I had tried included the following for CATALINA_OPTS:
CATALINA_OPTS="$CATALINA_OPTS -Djava.awt.headless=true -Xmx128M -server
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=7091
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=A.B.C.D" #howeverI put the wrong ip here!
export CATALINA_OPTS
My problem was that I had changed my ip address many months ago, but never updated my /etc/hosts file. it seems that by default the jconsole uses the hostname -i ip address in some fashion even though I was viewing local processes. The best solution was to simply change the /etc/hosts file.
The other solution which can work is to get your correct ip address from /sbin/ifconfig and use that ip address when specifying the ip address in, for example, a catalina.sh script:
-Djava.rmi.server.hostname=A.B.C.D