I have a PHP based SFTP application I created and it has been working great. Now I have to put it on a server that has a firewall. I get this error:
Message: ssh2_connect(): php_network_getaddresses: getaddrinfo failed: Name or service not known
If I turn off the firewall it works fine. The firewall accepts:
ALL outbound ports.
All inbound 443 traffic, buts drops ALL other inbound traffic.
I read something about cURL needing port 9091 inbound open but that did not work.
I tried allowing all inbound port 22 (ssh) traffic but that did not work.
I tried allowing all inbound port 80 (http) traffic but still not working.
I tried using phpseclib instead of SSH2 PECL, but still get the same type of error.
Does anyone have any idea what inbound port has to be open?
Or have any ideas on what else might be going on?
Related
I have a webspace on a free hosting platform. The latter doesn't allow server-to-server connections to a port different from 80 in php scripts. I need to connect to another website on a port different from 80 using php Curl libraries, but obviusly it doesn't work, my host blocks the connection. Is there a method to bypass this limitation?
Sounds like it's a firewall limitation and you can only ask your hosting company for specific permission.
But if you have control over another website, you can send request to it's 80 and route to port xx.
I am using laravel-gamp (https://github.com/irazasyed/laravel-gamp) to track events in my Laravel 5.2 REST server. However if I set sending method to sync I always get this error (I am using SSL):
cURL error 7: Failed to connect to ssl.google-analytics.com port 443:
Connection refused (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html)
I am running Laravel on a Ubuntu VM with cURL updated to the latest version.
How can I fix this error?
Thanks
Simply it was Ubuntu iptables blocking outgoing connections for port 443
I'm trying out Azure for the first time. I followed this guide to create a web application with a MySQL database.
So the DB node was create and I can see it in my resources and I can view the credentials in the properties. However, I can't connect to it from my desktop.
It looks like a firewall issue as I'm unable to telnet to it:
telnet us-cdbr-azure-west-c.cloudapp.net 3306
Trying 104.209.43.4...
telnet: connect to address 104.209.43.4: Operation timed out
telnet: Unable to connect to remote host
Can anyone tell me what I'm doing wrong?
Thanks in advance.
Usually, this issue is raised due to IP or Port is blocked by firewall.
As the comments show that others can connect to your MySQL server, so I think we can exclude that server side firewall blocked your IP and Port.
If you are in a protect network environment, check whether the gateway of network has a white list and your MySQL server endpoint is in the list, or whether the gateway has block the 3306 port. You can change a network environment if possible to check this.
Another attempt is that you can change a PC to have a test to connect to your MySQL server. If it could work, you can compare with the successful PC firewall configuration.
The question has already been asked on this forum but my concern in different. I have shared server space on Crazy domains and Blue Host. I have tried sending push notification with both of them. When i try it on Crazy Domain I get the following error:
Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2196 (Connection timed out) in /home4/karmamob/public_html/pushNotification/api.php on line 20
Failed to connect: 110 Connection timed out
When i run the same on Crazy Domain , I get the following error.
Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2196 (Connection timed out) in /home4/karmamob/public_html/pushNotification/api.php on line 20
Failed to connect: 110 Connection timed out
There should be no issues with the certificate because it runs fine on my local mac PC.
What i want to ask is, Can I solve this problem if I buy a Dedicated IP from BLUE HOST?
No you don't. Shared hosting plans tend to have controlled environments that you, as a shared user, can't really change, such as open or blocked ports. Is there any way you can check if connections through port 2196 are being successfully established (not necessarily to Apple)? Some low-cost, shared plans are known for blocking some juice in favour of stability and security. Also check if your push certs are properly uploaded. Cheers.
Yes, as NewObjective clarified, 2195 & 2196 ports have to be open. To open these ports you might ask Bluehost technical support team (ticket/chat), but you have to have dedicated IP address before that.
But there is another issue. If you try to send push notification message right after dedicated IP address is set and both ports are open you might receive the same "Connection timed out" error. You can test that problem by logging in to your server via SSH and running "telnet gateway.sandbox.push.apple.com 2195" command. If you receive "Connection timed out" error - you can try to contact Bluehost support team, but they can't solve this problem.
If you try to telnet any other server with 2195 opened port you will also receive that error. I had about 10 chats with Bluehost support team, opened 10 or so tickets, but they really couldn't help me. But two weeks later everything began to work. I think it was because turning dedicated IP on takes some time, but I'm not sure. Anyway, it very interesting that Bluehost support team always answers that the problem is on the Apple side, even if you tell them that any other server with 2195 opened port isn't available too)
I am using NetworkRedux shared hosting and following the APNs setup instructions at http://www.raywenderlich.com/3443/apple-push-notification-services-tutorial-part-12 then I get this:
Warning: stream_socket_client() [function.stream-socket-client]: unable to
connect to ssl://gateway.sandbox.push.apple.com:2195 (Connection timed out) in
FILEPATH on line 21
Failed to connect: 110 Connection timed out
It looks like they are blocking this, lame. Is there a may I can use my same script including my private key and everything to connect to a proxy that will connect to Apple? I am not interested in services that "do push for you" or web APIs or anything. I want a temporary fix that I can build off of and then remove when I migrate this to a real host, that doesn't block those ports.
Actually it is possible, but direct is the best way if possible in your environment. If you have to use an HTTP Proxy, then all you need to do is connect to the proxy, then create an HTTP Tunnel through the proxy to Apple's servers - don't initiate the TLS with Apple until after the proxy connection is create. Here is some good documentation on creating such a HTTP Tunnel with PHP: http://kakku.wordpress.com/2007/11/25/proxy-hacks-final-httptunnel-tcpip-connections-over-plain-old-get-and-post-requests/