I'll keep investigating.
Many thanks for your input.
Best wishes,
Will.
Sent: Thursday, August 06, 2015 at 1:10 AM
From: "Mihai Moldovan" <io...@ionic.de>
To: "Will Smith" <_wi...@mail.com>, x2go-user@lists.x2go.org
Subject: Re: [X2Go-User] Problem connecting to Centos 7 (x2go 4.0.1.19).
From: "Mihai Moldovan" <io...@ionic.de>
To: "Will Smith" <_wi...@mail.com>, x2go-user@lists.x2go.org
Subject: Re: [X2Go-User] Problem connecting to Centos 7 (x2go 4.0.1.19).
On 05.08.2015 06:37 PM, Will Smith wrote:
> Dear Mahai,
>
> Many thanks for your response. I can ssh localhost from the server no problems.
I wasn't talking just about connecting to localhost:22, but connections to
localhost with random ports.
> Indeed, all services on localhost are trsuted. Having investigated further, I
> can see that it uses the public IP address when attempting to bind to localhost
> rather than 127.0.0.1 when firewalld is running. Cf. with firewalld running, the
> logs contain
>
> Info: Agent running with pid '204654'.
> Session: Starting session at 'Wed Aug 5 14:57:49 2015'.
> Info: Proxy running in server mode with pid '204654'.
> Info: Waiting for connection from 'localhost' on port '30011'.
> Warning: Refusing connection from '131.***.***.100'.
> 100' on port '30011',
Urgh, yeah. It checks whether the connection comes from 127.0.0.1. If your
"localhost" entry does not map to that, connections WILL fail.
> and I'm unable to connect, but after stopping the firewalld service, and
> reconnecting, they contain
>
> Info: Agent running with pid '214487'.
> Session: Starting session at 'Wed Aug 5 15:19:53 2015'.
> Info: Proxy running in server mode with pid '214487'.
> Info: Waiting for connection from 'localhost' on port '30011'.
> Info: Accepted connection from '127.0.0.1'.
> Info: Connection with remote proxy completed.
>
> and I can connect no problem. The routing table is the same in both cases. My
> /etc/hosts file contains the localhost line first and the public hostname/IP
> address line second. Perhaps this is more of a firewalld question, but any
> further light which can be shed on the issue would be most useful.
Maybe your resolver does weird things with firewalld running? In any case,
whether firewalld is running or not, localhost should (not just for X2Go, but in
general) not resolve to a public IP address.
Sadly I have no idea what could be misbehaving, other than the resolver. The
hosts file should be prioritized in /etc/nsswitch.conf, but there's probably
ways to screw that up.
Mihai
> Dear Mahai,
>
> Many thanks for your response. I can ssh localhost from the server no problems.
I wasn't talking just about connecting to localhost:22, but connections to
localhost with random ports.
> Indeed, all services on localhost are trsuted. Having investigated further, I
> can see that it uses the public IP address when attempting to bind to localhost
> rather than 127.0.0.1 when firewalld is running. Cf. with firewalld running, the
> logs contain
>
> Info: Agent running with pid '204654'.
> Session: Starting session at 'Wed Aug 5 14:57:49 2015'.
> Info: Proxy running in server mode with pid '204654'.
> Info: Waiting for connection from 'localhost' on port '30011'.
> Warning: Refusing connection from '131.***.***.100'.
> 100' on port '30011',
Urgh, yeah. It checks whether the connection comes from 127.0.0.1. If your
"localhost" entry does not map to that, connections WILL fail.
> and I'm unable to connect, but after stopping the firewalld service, and
> reconnecting, they contain
>
> Info: Agent running with pid '214487'.
> Session: Starting session at 'Wed Aug 5 15:19:53 2015'.
> Info: Proxy running in server mode with pid '214487'.
> Info: Waiting for connection from 'localhost' on port '30011'.
> Info: Accepted connection from '127.0.0.1'.
> Info: Connection with remote proxy completed.
>
> and I can connect no problem. The routing table is the same in both cases. My
> /etc/hosts file contains the localhost line first and the public hostname/IP
> address line second. Perhaps this is more of a firewalld question, but any
> further light which can be shed on the issue would be most useful.
Maybe your resolver does weird things with firewalld running? In any case,
whether firewalld is running or not, localhost should (not just for X2Go, but in
general) not resolve to a public IP address.
Sadly I have no idea what could be misbehaving, other than the resolver. The
hosts file should be prioritized in /etc/nsswitch.conf, but there's probably
ways to screw that up.
Mihai
_______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
