![]() ![]() > Start Eclipse Dependency Injection Extensions Warning: NLS unused message: Workbench_zoomChangedRestart in: .ssages Warning: NLS unused message: WorkbenchPreference_showMultipleEditorTabsButton in: .ssages 19:36:49.086 - Initialize desktop platform. 19:36:48.866 - Instance path: 'file:/C:/Users/salty/AppData/Roaming/DBeaverData/workspace6/' !MESSAGE Cannot establish tunnel to 54.253.44.80:22 To me this suggests the tunnel and web server config is working just fine and it is definitely something blocking port 443 on AWS but I’m at a loss as to where to turn next.!ENTRY 4 0 16:39:31.264 However, if I telnet on the AWS machine to port 8443 it is successful. I can now set up the tunnel on port 8443 successfully without receiving the warning but I still get connection refused on AWS port 443 with telnet and https requests are not getting through. I’ve then tried to replicate the config for port 80 by changing the web server listening port to something non-standard, say 8443, and adding another prerouting rule, input rule and security group exactly as before. Neither of these are showing any process active on 443 on AWS and in any case, I’ve tried rebooting the AWS instances to clear any persistent processes and still get the same symptoms when it comes back up. All the info I’ve found on this warning suggests this is likely caused by a process that still has a grip on the port and can be found using either netstat -plant or similar, or lsof -i -t. ![]() To be clear, the web server is definitely listening on port 443 because I can connect with https requests locally. The ssh process stays alive on the web server but seems to be dead for all intents and purposes, any attempt to connect to 443 on AWS with telnet gets refused. ssh -N -R 443:localhost:443 -i ~/.fwd/portal.uk.pem remote port forwarding failed for listen port 443 A firewall input rule and security group rule is in place to allow connections to 443, but attempting to set up the tunnel results in a listening port warning. First I’ve tried a straight-through tunnel for port 443. I’ve come to the point where I need to start serving up pages over https and gone about creating the same config for port 443, but I keep coming up against a failure to connect to port 443 on the AWS instance. With all this in place everything works just as intended, pages are served to the outside world. There are also firewall rules on the input chain that open up ports from all sources, and I have configured a security group in the EC2 management console to similarly allow traffic into ports from all sources. ssh -N -R 8080:localhost:8080 -i ~/.fwd/portal.uk.pem firewall redirect rule looks like this iptables -A PREROUTING -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 8080 The ssh tunnel uses autossh and takes it’s configuration from a config file, but is equivalent to the following ssh command. Though I don’t think it is relevant to the problem per se, it has been helpful for troubleshooting, so for context I should state that the web server is listening on a non-standard port, lets say 8080, and a prerouting firewall rule on the AWS instance redirects requests on port 80 to 8080. To this end I have an AWS EC2 instance running SLES, and I have a reverse forwarded ssh tunnel initiated from the web server to serve up incoming requests on port 80. I have a web server which is sat behind Carrier Grade NAT and therefore needs an external server to give me a stable IP address. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |