[Help needed] Port forwarding doesn't working – what i'm missing?
tinpansoul opened this issue · 16 comments
Hello. I'm using ubuntu-16.04 branch with minimal changes in vm.yml (trimmed):
network:
# Private/Host-only network
private:
address: 192.168.56.2
netmask: 192.168.56.0/24
portForwarding:
- { guest: 80, host: 8000, hostIp: '0.0.0.0', protocol: 'tcp' }
- { guest: 13306, host: 3306, hostIp: '0.0.0.0', protocol: 'tcp' }
FIREWALL:
rules:
- { port: 80, protocol: tcp } # HTTP
- { port: 8000, protocol: tcp } # HTTP
- { port: 443, protocol: tcp } # HTTPSInside OSX and Ubuntu /etc/hosts contains this line: 127.0.0.1 api.example.vm
Server is configured correctly – trying to send request from_inside is okay (testing with http api.example.vm:80).
But from OSX requests do not go trough (testing with http api.example.vm:8000).
What i'm missing in configuration? OSX Firewall is turned off, no proxy. How to debug this?
ps: OSX Sierra.
What are you binding to port 80 on this VM? a docker image?
Is it working if you runsudo nc -l 80 and then access http://localhost:8000 on osx? Do you see the HTTP haeder in the terminal?
I want to forward 8000 port from osx to 80 port in vagrant image in ubuntu. Server inside vagrant vm just listening 80 port without any docker or so.
Inside vagrant:
vagrant@DEV-VM ~ % sudo nc -l 80
nc: Address already in use
vagrant@DEV-VM ~ % sudo lsof -Pni4 | grep LISTEN | grep 80
nginx 1720 root 10u IPv4 19344 0t0 TCP 127.0.0.1:80 (LISTEN)
nginx 1720 root 11u IPv4 19345 0t0 TCP 127.0.0.1:8080 (LISTEN)
nginx 1722 www-data 10u IPv4 19344 0t0 TCP 127.0.0.1:80 (LISTEN)
nginx 1722 www-data 11u IPv4 19345 0t0 TCP 127.0.0.1:8080 (LISTEN)
nginx 1723 www-data 10u IPv4 19344 0t0 TCP 127.0.0.1:80 (LISTEN)
nginx 1723 www-data 11u IPv4 19345 0t0 TCP 127.0.0.1:8080 (LISTEN)
Inside osx:
macboo@trogwar ~ sudo lsof -Pni4 | grep LISTEN | grep 80
VBoxHeadl 10412 trogwar 16u IPv4 0xc21398b1399dacf 0t0 TCP *:8000 (LISTEN)
VBoxHeadl 10412 trogwar 17u IPv4 0xc21398b0124e3c7 0t0 TCP 127.0.0.1:8000 (LISTEN)
macboo@trogwar ~ sudo nc -l 8000
nc: Address already in use
macboo@trogwar ~ curl -IL localhost:8000
curl: (7) Failed to connect to localhost port 8000: Operation timed out
macboo@trogwar ~ cat /etc/hosts | grep vm
127.0.0.1 api.example.vm
127.0.0.1 example.vm
macboo@trogwar ~ curl -IL api.example.vm:8000
curl: (7) Failed to connect to api.example.vm port 8000: Operation timed out
What docker containers are running? is dory (reverse proxy) running on vagrant vm?
check docker ps
No docker containers are running, just don't use them right now – docker is not even installed (on both systems).
vm.yml:
###################
# Provisioning features
###################
PROVISION:
update: 1 # do full system update for each full provisoning
samba: 1 # Samba server
ntp: 1 # Time synchronization
mail: 1 # Mail sandbox
php: 1 # Local PHP
docker: 0 # Docker server
dockerDory: 0 # Docker docker service --> https://github.com/FreedomBen/dory
clitools: 0 # CliTools
dnsmasq: 0 # dnsmasq service (needed for docker consul registration)
consul: 0 # Docker consul service
desktop: 0 # GUI desktop [0, kde, unity, gnome]
manpages: 1 # Manpages are not available in baseimage, so reinstall them
buildEssentials: 0 # build essentials (gcc, compilers...)
## Development domain (automatic redirect of *.docker for internal use)
developmentDomain: 'vm'So, docker ps gives error "command not found: docker" on both systems.
Oh wait.. your nginx is running on 127.0.0.1:80? you have to set this to 0.0.0.0:80 for port forwarding because 127.0.0.1:80 is only listening INSIDE of your vm (and is not exposed to the public)
See quote from dev.vm in first post – do you mean this part of config? Is it already okay ?
portForwarding:
- { guest: 80, host: 8000, hostIp: '0.0.0.0', protocol: 'tcp' }Log from vagrant up:
==> default: Forwarding ports...
default: 80 (guest) => 8000 (host) (adapter 1)
default: 22 (guest) => 2222 (host) (adapter 1)
But right now changed my nginx config (in vm) like this:
vagrant@DEV-VM ~ % cat /etc/nginx/sites-enabled/*.conf | grep listen
listen 0.0.0.0:80;
listen 0.0.0.0:80;
Then tested this from vm (OK):
vagrant@DEV-VM ~ % curl -IL api.example.vm
HTTP/1.1 401 Unauthorized
Server: nginx
Content-Type: application/json
Connection: keep-alive
WWW-Authenticate: Bearer realm="Service", error="access_denied", error_description="OAuth2 authentication required"
Cache-Control: no-store, private
Pragma: no-cache
X-Debug-Token: d1803d
Date: Thu, 25 May 2017 10:58:37 GMT
And from osx (FAIL):
macboo@trogwar ~ curl -IL -vvv api.example.vm:8000
* Rebuilt URL to: api.example.vm:8000/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connection failed
* connect to 127.0.0.1 port 8000 failed: Operation timed out
* Failed to connect to api.example.vm port 8000: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to api.example.vm port 8000: Operation timed out
If vagrant is reporting that the port was forwarded maybe it's a vagrant issue? But I'm not sure as I think it's still a problem with your nginx.
The VM still have 192.168.56.2 as IP? can you try access curl -IL 127.0.0.1?
Can you ssh localhost -P 2222? Is this port forward working?
I think that this is issue in my configuration (maybe, in osx) – just forget about something )-: Two days earlier it was working fine (i reinstalled osx from scratch).
The VM still have 192.168.56.2 as IP?
I think yes because of ping 192.168.56.2 is good, but i can't find any other way to check this.
can you try access curl -IL 127.0.0.1
Inside vm – it's good (gives headers from my default php app).
In osx – failed (with port 8000).
Can you ssh localhost -P 2222? Is this port forward working?
I don't know what is -P key, but tried this command from OSX ssh vagrant@localhost -p 2222 and port 222 is working good (logged successfully into vm).
Is it working after running sudo /etc/init.d/firewall-vm stop inside the VM? If yes we have a bug inside the firewall.
Nope.
vagrant@DEV-VM ~ % sudo /etc/init.d/firewall-vm stop
Stopping firewall: flushing ruleset
And then from osx (api.example.vm:8000, 127.0.0.1:8000) not working ("timeout connection"). 192.168.56.2:8000 is "connection refused".
osx firewall also turned off:
macboo@trogwar ~ defaults read /Library/Preferences/com.apple.alf globalstate
0
Please give us the output of: ss -lpat|grep LISTEN running on the VM
If you get connection refused there is noting listening there.. hm
vagrant@DEV-VM ~ % ss -lpat|grep LISTEN
LISTEN 0 64 *:41223 *:*
LISTEN 0 50 *:netbios-ssn *:*
LISTEN 0 128 *:34382 *:*
LISTEN 0 128 *:sunrpc *:*
LISTEN 0 100 192.168.56.2:imap2 *:*
LISTEN 0 100 127.0.0.1:imap2 *:*
LISTEN 0 511 *:http *:*
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 192.168.56.2:smtp *:*
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 1024 *:2812 *:*
LISTEN 0 50 *:microsoft-ds *:*
LISTEN 0 150 :::mysql :::*
LISTEN 0 50 :::netbios-ssn :::*
LISTEN 0 128 :::sunrpc :::*
LISTEN 0 64 :::37265 :::*
LISTEN 0 128 :::33813 :::*
LISTEN 0 128 :::ssh :::*
LISTEN 0 50 :::microsoft-ds :::*
vagrant@DEV-VM ~ % sudo lsof -Pni4 | grep LISTEN
smbd 1359 root 36u IPv4 15304 0t0 TCP *:445 (LISTEN)
smbd 1359 root 37u IPv4 15305 0t0 TCP *:139 (LISTEN)
sshd 1515 root 3u IPv4 22807 0t0 TCP *:22 (LISTEN)
dovecot 1559 root 33u IPv4 17121 0t0 TCP 127.0.0.1:143 (LISTEN)
dovecot 1559 root 34u IPv4 17122 0t0 TCP 192.168.56.2:143 (LISTEN)
nginx 1652 root 10u IPv4 18852 0t0 TCP *:80 (LISTEN)
nginx 1653 www-data 10u IPv4 18852 0t0 TCP *:80 (LISTEN)
nginx 1654 www-data 10u IPv4 18852 0t0 TCP *:80 (LISTEN)
monit 1705 root 6u IPv4 27757 0t0 TCP *:2812 (LISTEN)
master 2265 root 12u IPv4 20992 0t0 TCP 127.0.0.1:25 (LISTEN)
master 2265 root 13u IPv4 20993 0t0 TCP 192.168.56.2:25 (LISTEN)
rpc.statd 2542 statd 9u IPv4 23140 0t0 TCP *:34382 (LISTEN)
rpcbind 2545 root 8u IPv4 23126 0t0 TCP *:111 (LISTEN)
smtpd 3408 postfix 6u IPv4 20992 0t0 TCP 127.0.0.1:25 (LISTEN)
smtpd 3408 postfix 7u IPv4 20993 0t0 TCP 192.168.56.2:25 (LISTEN)
smtpd 3413 postfix 6u IPv4 20992 0t0 TCP 127.0.0.1:25 (LISTEN)
smtpd 3413 postfix 7u IPv4 20993 0t0 TCP 192.168.56.2:25 (LISTEN)
curl -IL http://192.168.56.2/ is fine from macos?
Can you come to slack? Makes it easier to debug https://webdevops.io/slack
curl -IL http://192.168.56.2/ is fine from macos?
WOW! It really works. Even on 80 port.
If i change in /etc/hosts (on osx) record to 192.168.56.2 api.example.com and acces to it by curl -IL api.example.com (with 80 port) – it's working.
But.. i really don't understand how it works (and why it works on 80 port from osx but not works with 8000 port). Before reinstalling osx it works differently (8000 port is ok but forwarding 80 requires root).
Thank you for your time and help, @mblaschke!
If it's still needed to debug, i can join to your slack tomorrow and help with this. But i think there is no need for this (it works now), even if i don't right now understand how (-:
You're running a VM on your OSX host. The VM is using 192.168.56.2 as IP address.
All services running on this VM which runs on public interfaces (or 192.168.56.2) are accessable by the host OS (your OSX) using 192.168.56.2 as destination address eg. URL.
Vagrant can forward ports from the VM to the host so they are accessable as they would run on your host OS (like running nginx on OSX). Normally this should be working without problems.
But you don't have to use port forwardings because you need to configure them. If you just want to access services running on the VM it's fine to use the VM ip address to access them.
Only for services running on 127.0.0.1 they are hidden from the host OS so if you're installation a mysql server and bind them on 0.0.0.0. you can access the mysql database with mysql -h 192.168.56.2 (but you maybe still have to configure the permissions for the remote connection with GRANT statements).