How can I open specific ports in order to use a SDK for a project?
I have already tried netcat, but it seems that you can only listen to a specific port or open a specific port if you have a hosting website.
To open a port and keep listening on it, on macOS this should be working:
nc -lk 8080
To test you can connect to the opened port by doing:
nc -vt 0 8080
To use UDP, you just need to use option -u, for example:
nc -u -lk 8080
To test you can connect:
nc -u -vt 0 8080
Output:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif (null)
src 127.0.0.1 port 63214
dst 127.0.0.1 port 8080
rank info not available
Connection to 0 port 8080 [udp/http-alt] succeeded!
Related
Trying investigate my issue with docker container. I lost a day when I thought that issue is in nodejs code (it has server and I am trying to connect to this server).
After investigations I found interesting thing for me.
For example - Lets run some test docker image:
docker run -p 888:888 -it ubuntu:16 /bin/bash
After that, prepare and install "simple server to listen our port":
apt-get update
apt-get install -y netcat
nc -l 888
After that I going to try to telnet localhost 888 from my system and got telnet: connect to address 127.0.0.1: Connection refused. The same with nodejs image.
But if you try to use, for example, nginx container -
docker run -p 888:888 -it nginx /bin/bash
I will be successfull:
$telnet 127.0.0.1 888
Trying 127.0.0.1...
Connected to localhost.
How it is possible, what I am missing? Why I can bind and use any port in nginx but not for other images?
When you run nc -l 888, you are creating a port that is listening explicitly for IPv4 connections. If we run ss -tln, we will see:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 1 0.0.0.0:888 0.0.0.0:*
When you run telnet localhost 888 on your host, there's a good chance it's trying to connect to the IPv6 localhost address, ::1. This connection fails if you're trying to connect an IPv4-only socket.
If you explicitly use the IPv4 loopback address by typing telnet 127.0.0.1 888, it should work as expected.
If you enable IPv6 support in nc by adding the -6 parameter:
nc -6 -l 8888
Then you get a socket that listen for both IPv4 and IPv6 connections:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 1 *:888 *:*
And if you attempt to connect to this socket using telnet localhost 888, it will work as expected (as will telnet 127.0.0.1 888).
Most programs (like nginx) open multi-protocol sockets by default, so this isn't normally an issue.
Docker provides a way to map ports between the container and host.
As per the official documentation its also possible to mention host-ip while port mapping.
-p 192.168.1.100:8080:80 - Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.100.
I tried this option to figure out what's the difference with/without the host-ip.
Using just -p 80:80
$ docker run -itd -p 80:80 nginx:alpine
$ curl localhost:80
$ curl 127.0.0.1:80
$ curl 0.0.0.0:80
$ curl 192.168.0.13:80
$ ps -ef | grep docker-proxy
16723 root 0:00 /usr/local/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.1 -container-port 80
$
All the curl commands return the output.
Using host-ip like -p 192.168.0.13:80:80
$ docker run -itd -p 192.168.0.13:80:80 nginx:alpine
$ curl localhost:80
curl: (7) Failed to connect to localhost port 80: Connection refused
$ curl 127.0.0.1:80
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
$ curl 0.0.0.0:80
curl: (7) Failed to connect to 0.0.0.0 port 80: Connection refused
$ curl 192.168.0.13:80 # return output
$ ps -ef | grep docker-proxy
4914 root 0:00 /usr/local/bin/docker-proxy -proto tcp -host-ip 192.168.0.13 -host-port 80 -container-ip 172.17.0.2 -container-port 80
$
All the curl commands failed except 192.168.0.13:80.
Is there any there any other difference apart for the one I mentioned here.
Wondering when to use host-ip based port mapping. Any use cases?
A docker host may have multiple NICs. In the data center, this may be too segregate traffic, e.g. management, storage, and application/public. On your laptop, this may be for wireless and wired interfaces. There are also virtual NICs for things like loopback (127.0.0.1) and VPN tunnels.
When you do not specify an IP in the port publish command, by default docker will bind to all interfaces on the host. In IPv4, this is commonly notated as 0.0.0.0 which means listen on any interface (and this is why I don't connect to this address because there's no such thing as connecting to any IP). With the IP address specified, you manually specify which interface to use. Why would you want to specify this? Several reasons I can think of:
Listening on only 127.0.0.1 to prevent external access
Listening on 0.0.0.0 to explicitly bind to all IPv4 interfaces (it is possible to change docker's default behavior, so this could be necessary for some).
Listening on one physical NIC, allowing other NICs to be bound by other services on the same port.
Listening on only IPv4 interfaces if the app does not work for IPv6.
While there are lots of possible reasons, other than listening on loopback for security, these use cases are very rare and most users leave docker to listen on all interfaces.
I created a debian vm to have my docker host running on.
netstat
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
After that I setup port forwarding for port 2375 as described in many online tutorials.
Next I curl in the cmd of my windows 10 host os.
C:\Users\me>curl localhost:2375
curl: (56) Recv failure: Connection was reset
Notice that connecting to the VMs SSH port is working.
C:\Users\me>curl localhost:666
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
Protocol mismatch.
Can anybody tell me what am I missing? Do I have to kinda allow port 2375 to be called from outside where the SSH port is allowed by default?
The issue is with your docker listening IP.
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
127.0.0.1 means it is only listening for connections generated from inside the VM.
You should change your docker daemon to use 0.0.0.0:2375. Then your port forwarding would work
I run a docker container with the following command:
docker run -d --name frontend_service -net host --publish=3001:3000 frontend_service
As I understand it maps the local port 3001 to the container port 3000.
I already ssh to the container and checked curl localhost:3000. Works. But outside, on the host, I can't curl localhost:3001.
I checked nmap. The port is open:
nmap -v -sT localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2016-10-19 01:24 UTC
Initiating Connect Scan at 01:24
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 5051/tcp on 127.0.0.1
Discovered open port 3001/tcp on 127.0.0.1
Completed Connect Scan at 01:24, 0.06s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
3001/tcp open nessus
5051/tcp open ida-agent
How can i connect the container port with my host port?
When you specify --net=host, you are completely turning off Docker's network setup steps. The container won't get its own network namespace, won't get its own interfaces, and the port publishing system will have nothing to route to.
If you want your -p 3001:3000 to work, don't use --net=host.
I'm attempting to run Vagrantpress, which be default forwards the VM port 80 to the host port 8080. However, it reports that another application is using port 8080 and fails to boot.
Looking around, it seems that using something like lsof | grep :8080 should list the application using the port. However, that command returns empty.
Using Mavericks' Network Utility > Port Scan I get this:
Port Scan has started…
Port Scanning host: 127.0.0.1
Open TCP Port: 80 http
Open TCP Port: 631 ipp
Open TCP Port: 1023
Open TCP Port: 3128 ndl-aas
Open TCP Port: 5001 commplex-link
Open TCP Port: 5003 fmpro-internal
Open TCP Port: 5432 postgresql
Open TCP Port: 8080 http-alt
Open TCP Port: 20559
Open TCP Port: 29754
Open TCP Port: 49524
Open TCP Port: 49525
Port Scan has completed…
But I can't figure out how to close http-alt so that the port can be used by another application.
I have the same problem and I have Cisco AnyConnect installed, which the answer on https://apple.stackexchange.com/questions/66158/unkown-process-listening-at-port-8080 indicates could be the problem. I decided to change the port I was using instead of trying to get rid of the AnyConnect requirement so I can't verify that as a solution, but it's something to try.
You should run lsof -i :8080 instead of lsof | grep :8080, or netstat -nap | grep :8080 (You may need to change the options on OS X as it is BSD), get the PID of the process and terminate / kill it.
If you just want to work around the issue, use auto_correct: true in the port forward block, for example
Vagrant.configure("2") do |config|
config.vm.network "forwarded_port", guest: 80, host: 8080,
auto_correct: true
end
and do a vagrant reload.