I have a fairly simple Rails app that connect to Postgres server (locally).
Uptil now, I was under the impression if not specified (socket in the database.yml) the pg client connect with postgres over TCP on a loopback interface.
Fyi,this is how my configuration looks like.
{:adapter=>"postgresql", :encoding=>"unicode", :database=>"scp_development"}
But I think I was wrong I can't sniff any packet over the loopback interface at port 5432.
sudo tcpdump -nnvvXSs 1514 -i lo0 dst port 5432
Which is letting me believe that it working over Unix domain socket.
So, is there a fairly reliable way to determine ...
Whether I'm connected to TCP socket or Unix socket?
Related
When I'm trying to connect to a docker MySQL that's running and forwarding to my local TCP:3306 I get the following answer
mysql -u root -pPASSWORD
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
but when I do mysql -u root -pPASSWORD -h127.0.0.1 it connects wonderfully.
Any clue?
[UPDATE]
Considering the comments and this post I create ~/.my.cnf
with this content
[Mysql]
user=root
password=yourpass
host=127.0.0.1
port=3306
Giving these changes I could connect the localhost with the 127.0.0.1 address.
If you don't specify a host with -h (or a host directive in your .my.cnf), then MySQL defaults to connect to localhost. Connections to localhost use the UNIX domain socket interface, not TCP/IP. So it's not connecting to a TCP/IP port, and therefore does not forward to your docker container.
This distinction between localhost and 127.0.0.1 is a historical oddity of MySQL. Normally localhost and 127.0.0.1 are assumed to be equivalent. But MySQL treats the hostname "localhost" as special, using it to invoke the UNIX domain socket interface. This is a bit faster than using TCP/IP, but of course only works if the connection is on the local computer.
Currently I need to establish remote connection with my server (Ubuntu 16.04 LTS).
I Install Postgresql and I made the following settings:
/etc/postgresql/9.5/main/postgresql.conf:
listen_addresses='*'
/etc/postgresql/9.5/main/pg_hba.conf:
host all all 0.0.0.0/0 md5
If run this command: netstat -anpt | grep LISTEN
shows the port is listening
but when I try to establish the connection, I have this error:
And this tool tells me that the port is closed:
Allowing only on Configurations of Postgresql server is not enough. You need to add a firewall rule in google compute engine. Check this
Firewall rules control incoming or outgoing traffic to an instance. By default, incoming traffic from outside your network is blocked.
I'm struggling with exposing Mosquitto that I setup on my Centos7 homeserver to the outside internet through my router.
Mosquitto runs fine on my localhost and post 1883 on the homeserver. I am able to pub/sub, and it is listening on the port as 127.0.0.1:1883 (tcp)
My home router has a dynamic IP (for now), say 76.43.150.206. On the router I port forwarded 1883 as both internal/external ports to my home server, say 192.168.1.100.
In the mosquitto.conf file, I have one simply line "listener 1883 76.43.150.206".
When I then attempt to pub/sub using a python client on an external computer as mqttc.connect("76.43.150.206", 1883), it says connection refused.
Any hints on what I'm doing wrong or how to get it working? BTW, my understanding of this setup is very basic and I've pretty much been going off blogs.
Here's how it will work:
1.) Setup mosquitto.conf as
listener 1883 0.0.0.0
#cafile <path to ca file>
#certfile <path to server cert>
#keyfile <path to server key>
#require_certificate false
0.0.0.0 binds the server to all interfaces present.
You can uncomment the code to enable TLS for better security. But you'll have to configure the client to use the same as well..
2.) Port forward router's 1883 port number to port 1883 of IP of machine running the broker.
3.) Start the broker and test your client!
You should not put the external address into the mosquitto config file.
You should probably not even have a listen line at all as mosquitto will bind to all available IP addresses on the machine it's running with the default port (1883).
If you really must use the listen directive (e.g. in order to set up SSL) then it should be configured with the internal IP address of the machine running the broker, in this case 192.168.1.100 and with a different port number so it does not clash with the default
listen 1884 192.168.1.100
When I publish and subscribe at localhost its work fine.
When I try from my PC at home I just can't connect to the broker.
open TCP port in/out at security group - 1883 8883 8080
open the ports also at my ec2 instance firewall...
what is the problem? I use the public DNS by amazon as I think I should...
This is an exercise at diagnosing network problems:
1) netstat -a -n | grep 1883
will tell you whether your broker is configured correctly
2) wireshark packet capture will tell you whether your system is receiving packets at the specific port
You will not get an answer until you at least do those.
How I can say a port is open or closed. What's the exact meaning of Open port and closed port.
My favorite tool to check if a specific port is open or closed is telnet. You'll find this tool on all of the operating systems.
The syntax is: telnet <hostname/ip> <port>
This is what it looks like if the port is open:
telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
This is what it looks like if the port is closed:
telnet localhost 9999
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host
Based on your use case, you may need to do this from a different machine, just to rule out firewall rules being an issue. For example, just because I am able to telnet to port 3306 locally doesn't mean that other machines are able to access port 3306. They may see it as closed due to firewall rules.
As far as what open/closed ports means, an open port allows data to be sent to a program listening on that port. In the examples above, port 3306 is open. MySQL server is listening on that port. That allows MySQL clients to connect to the MySQL database and issue queries and so on.
There are other tools to check the status of multiple ports. You can Google for Port Scanner along with the OS you are using for additional options.
A port that's opened is a port to which you can connect (TCP)/ send data (UDP). It is open because a process opened it.
There are many different types of ports. These used on the Internet are TCP and UDP ports.
To see the list of existing connections you can use netstat (available under Unix and MS-Windows). Under Linux, we have the -l (--listen) command line option to limit the list to opened ports (i.e. listening ports).
> netstat -n64l
...
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
...
udp 0 0 0.0.0.0:53 0.0.0.0:*
...
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
...
In my example, I show a TCP port 6000 opened. This is generally for X11 access (so you can open windows between computers.)
The other port, 53, is a UDP port used by the DNS system. Notice that UDP port are "just opened". You can always send packets to them. You cannot create a client/server connection like you do with TCP/IP. Hence, in this case you do not see the LISTEN state.
The last entry here is "raw". This is a local type of port which only works between processes within one computer. It may be used by processes to send RPC events and such.
Update:
Since then netstat has been somewhat deprecated and you may want to learn about ss instead:
ss -l4n
-- or --
ss -l6n
Unfortunately, at the moment you have to select either -4 or -6 for the corresponding stack (IPv4 or IPv6).
If you're interested in writing C/C++ code or alike, you can read that information from /proc/net/.... For example, the TCP connections are found here:
/proc/net/tcp (IPv4)
/proc/net/tcp6 (IPv6)
Similarly, you'll see UDP files and a Unix file.
Programmatically, if you are only checking one port then you can just attempt a connection. If the port is open, then it will connect. You can then close the connection immediately.
Finally, there is the Kernel direct socket connection for socket diagnostics like so:
int s = socket(
AF_NETLINK
, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK
, NETLINK_SOCK_DIAG);
The main problem I have with that one is that it does not really send you events when something changes. But you can read the current state in structures which is safer than attempting to parse files in /proc/....
I have some code handling such a socket in my eventdispatcher library. Only it still has to do a poll to get the data since the kernel does not generate events on its own (i.e. a push is much better since it only has to happen once when an event actually happens).