Unable to telnet to another machine - php

I am getting a bit desperate after hours of research:
A Windows 7 computer with a local PHP application that listens to port 12345 with a socket.
From the same Windows 7:
If I do telnet localhost 12345, the php code sees the connection.
If I do telnet 127.0.0.1 12345, the php code sees the connection.
If I do telnet <local_ip_address> 12345, the php code DOES NOT see the connection.
If I do telnet <dns_name> 12345, the php code DOES NOT see the connection.
From another machine I don't have any connection at all when I use the ip or the dns address.
Doing a telnet from another machine with the same address but on ports 80 or 21 work perfectly.
Even with the local firewall / antivirus disabled I get the same result.
I am using a standard Apple TimeCapsule as access point, but not configured specially, not sure if that can influence for ports > 1024...
Would you have any idea for me ?
Thanks !

There are really 2 options to get this behavior that I can see;
Your firewall is enabled (which you tested)
Your socket is binding to 127.0.0.1 instead of your public IP.
I'd have a look at your local binding, aka the address you give to socket_bind().
If it says "127.0.0.1", change it to 0.

telnet 12345 is trying to connect to a machine whose IP is 12345 decimal, aka 0.0.4.210 in dotted quad format. You cannot use telnet like that - the argument cannot be simply a port number. It'll be interpreted as an IP.

Related

Port Redirect on Mac

What is the easiest option to redirect a request to a different host/port?
Here is my entire scenario:
I am making a request using php to a certain ip and port. The response includes another url location, but it is badly configured and instead of including ip and port, it simply includes a server name. Now, if I access the entire url location that I have as response with the server name replaced with the proper ip and port it works.
I've tried editing /etc/hosts setting the server name to the ip address, but how do I workaround the port too?
I am using mac osx 10.9.4, and I've tried some things with ipfw and pf, but neither really worked.
Thanks.
I had a similar problem quite recently on Mavericks (10.9). The way I solved it included 2 steps:
hosts file
Simply added a line similar to this:
127.0.0.1 www.someaddress.com
port forwarding
To set up port forwarding I used ipfw, which worked fine, e.g:
ipfw add 100 fwd 127.0.0.1,9001 tcp from any to any 80 in
In the example above port 9001 is forwarded to port 80. Even though ipfw is deprecated it still works.

mysql_connect (localhost / 127.0.0.1) slow on Windows platform

I am using Windows 7, Apache 2, PHP 5, MySQL 5, all are on the same machine.
I have found an interesting issue, I have the following code:
$sql = "select * from user1";
$conn = mysql_connect("localhost", "root", "xxxxxxxx");
mysql_select_db("test1");
mysql_query("set names utf8");
$result = mysql_query($sql, $conn);
while ($row = mysql_fetch_assoc($result)){
foreach ($row as $key => $value){
echo $key." => ".$value." || ";
}
echo "<br/>";
}
mysql_free_result($result);
mysql_close($conn);
The running time for the above code is over 1 second.
When I use 127.0.0.1 instead of localhost, the running time is around 10 ms.
I tried to find the underlying reason on the internet, and this is the result:
I recently moved my development from XP to Windows 7 and found that webpages I had developed were taking 5 seconds long to load. This was unacceptable of course so I had to track down the problem.
I eventually tracked down the offending function/method pdo::construct. I also found that mysql_connect was taking about 1 second to make a connection. After a little googling I found an explaination that php had issues with IPv6 and that you could fix the problem by either disabling IPv6 or switching to the ipaddress 127.0.0.1 when making your connection.
I wonder what the issue of IPv6 on PHP is, just want to get a deeper understaning. Thanks.
PHP is attempting to open a connection to localhost. Because your computer is connected to your network via IPv6 it's trying the IPv6 version of 'localhost' first, which is which is an IP address of ::1
http://en.wikipedia.org/wiki/IPv6_address#Special_addresses
::1/128 — The loopback address is a unicast localhost address. If an
application in a host sends packets to this address, the IPv6 stack
will loop these packets back on the same virtual interface
(corresponding to 127.0.0.0/8 in IPv4).
It looks like your MySQL server isn't listening to that address, instead it's only bound to an IPv4 address and so once PHP fails to open the connection it falls back and tries to open localhost via IPv4 aka 127.0.0.1
I personally prefer to use either IP addresses or use ether the Windows hosts file or Mac equivalent to define 'fake' domain names and then use those when connecting to MySQL, which resolve to IP addresses. Either way I can know exactly whether an IPv4 or IPv6 address will be used.
Both MySQL and Apache support IPv6 but you have to tell them to use an IPv6 address explicitly. For MySQL see:
http://dev.mysql.com/doc/refman/5.5/en/ipv6-server-config.html
For Apache config see:
http://httpd.apache.org/docs/2.2/bind.html
Apache supports multiple IP addresses so you can use both at once - if the network card in the machine has both an IPv4 and IPv6 address. MySQL only supports one address.
PHP is trying to connect to "localhost" in Windows 7/8/10 it is ::1, but MySQL is not listening on IPv6 sockets, you can apply several fixes:
1) In your host file (C:/windows/system32/drivers/etc/host) set localhost to 127.0.0.1
2) In PHP the MySQL server change from localhost to 127.0.0.1
3) In my.ini, add or edit: bind-address = ::
If the address is ::, the server accepts TCP/IP connections on all
server host IPv4 and IPv6 interfaces. Use this address to permit both
IPv4 and IPv6 connections on all server interfaces.
Suggested option if you have MySQL >= 5.5.3

Cannot connect to mysql with 127.0.0.1

With the following code I can connect to mysql:
mysql_connect("localhost","username","");
But if I change localhost to 127.0.0.1 I get the following error:
Can't connect to MySQL server on '127.0.0.1' (13)
Why doesn't it work with 127.0.0.1?
localhost is special cased and uses UNIX sockets instead of TCP/IP. 127.0.0.1 doesn't get that special handling.
See the documentation:
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file. This occurs even if a --port or -P option is given to specify a port number. To ensure that the client makes a TCP/IP connection to the local server, use --host or -h to specify a host name value of 127.0.0.1, or the IP address or name of the local server. You can also specify the connection protocol explicitly, even for localhost, by using the --protocol=TCP option.
If it doesn't work when you use TCP/IP then the database probably isn't listening on the network. This is generally a good thing as it enhances security (not that listening on 127.0.0.1 exposes any problems, but listening on all interfaces gives more opportunity for attacks).
If you really want to allow connections via the network, then see skip-networking.
have you got an entry in your hosts file mapping 127.0.0.7 to localhost?
Do you have more than 1 mysql servers installed/running on your system? If so, please specify the port number of the mysql server you are trying to access like 127.0.0.1:3306,127.0.0.1:8889 etc.
If you do not know whether there are any other mysql server instances running on your system also, please specify the port.
You will be able to access it when you add the privileges for 'root'#'127.0.0.1' in the "USER_PRIVILEGES" table in the "information_schema" database
You might also try disabling SELINUX

PHP connect via SSH tunnel to LDAP in other network

I'm developing website for my school. In that school we authenticate users via LDAP, so there was an idea to do the same via school-site. On that site everything is working perfectly, but during developing I need very often to test if such solution works, of not. In order not to commit my changes so often I want to test this site on my local computer, but for connecting with LDAP i want to use ssh tunnel. In school network we have one server through witch we are connecting with inside of our school network. It's address is phoenix.lo5.bielsko.pl. Inside this network we have LDAP server with opened 389 and 636 ports. It's address is auth.lo5. I don't have access to auth.lo5 via SSH, I can only connect with it to get some LDAP entries. So, I've tried to run SSH tunnel by running:
ssh -L 636:auth.lo5:636 hfaua#phoenix.lo5.bielsko.pl
Then, I've set in my /etc/hosts that auth.lo5 is pointing to 127.0.0.1. I'm connecting to LDAP in PHP in such a way:
ldap_connect('ldaps://auth.lo5', 636);
But I'm getting error Can't contact LDAP server. I think, that problem might be on phoenix.lo5.bielsko.pl in its SSH daemon config or in arguments passed to ldap_connect() function. Can you tell me, what should I set in sshd_config or in arguments passed to ldap_connect to get it working?
I posted the same question in similar thread, but no one has answered my question.
P.S. In my /etc/ssh/sshd_config I have line AllowTcpForwarding yes
If I got it right phoenix.lo5 and auth.lo5 are 2 different machines.
If so you have to create a tunnel to the ssh machine, and then send the ldap queries to the right machine.
Your command: ssh -L 636:auth.lo5:636 hfaua#phoenix.lo5.bielsko.pl is right if phoenix.lo5.bielsko.pl can resolve auth.lo5 via DNS or /etc/hosts, if not you need to use its internal ip address.
Also if you want to use port 636 on your pc, you need to run your command as superuser (root or with sudo) else you need to use an high port (above 1024) as stated by Borealid
Once the tunnel is up you have to point to localhost to do the queries
I ran into this same issue. Running with -d1 showed me this error:
TLS: hostname (mylaptop.local) does not match common name in certificate (*.mydomain.com).
TLS reverse lookup of 'localhost' is 'mylaptop.local', checking if that matches the certificate common name
Could be you're hitting a similar problem.
I was able to fake it out by running:
sudo hostname someserver.mydomain.com
which caused SSL to assume it was talking to the right host.
I was also getting the error hostname (mylaptop.local) does not match common name in certificate (*.mydomain.com). However I did not want to edit the hostname of my machine to match that of the LDAP server. Instead I edited the hosts file (etc/hosts on linux) file to add a line that would intercept requests to the LDAP server eg:
127.0.0.1 ldap.server.com
This has the added benefit of not requiring you to change which server name you are trying to connect to in your code, you only need to change the port number if you chose a different port.
Try replacing all instances of auth.lo5 with localhost:
ssh -L 636:localhost:636 hfaua#phoenix.lo5.bielsko.pl
and
ldap_connect('ldaps://localhost', 636);
If that doesn't work, try turning off SSL to see if that works:
ssh -L 389:localhost:389 hfaua#phoenix.lo5.bielsko.pl
and
ldap_connect('localhost', 389);

PHP can't connect to localhost XMPP server on port 5222

I've set up an ejabberd install locally on my Windows box, where I also have Apache, PHP and MySQL. I've also confirmed that it works great using Digsby, and have kicked the tires a bit by creating some users, sending some messages, etc. All good.
However, PHP can't open a stream using stream_socket_client to port 5222. Even at its simplest level:
stream_socket_client("tcp://localhost:5222", $errno, $errstr, 30, STREAM_CLIENT_CONNECT);
Returns a timeout error. However, again, connecting with an IM client to localhost on port 5222 works fine. (Using stream_socket_client to open a simple connection to localhost on port 80 also works.)
Any ideas? I'm stuck!
selinux needs to be off, or allow apache to talk to xmpp
Many servers don't listen on the loopback device by default, or only listen on ::1 or 127.0.0.1 and have localhost pointing to the other. Check by doing:
% netstat -an | grep 5222
and checking the output for a LISTEN line that shows where your server is listening.
Finally, try using the IP address of your box explicitly as the connection hostname.
Sometimes you just need to peek on the line to see exactly what is going on. Windump(tcpdump) is your friend in these cases.

Categories