I have a Java application that makes REST requests to a Jetty server.
It works if I connect to the server with a real DNS name but I get the following exception when I want to make requests to my local testing instance on localhost:
Caused by: com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: Stream closed
at com.sun.jersey.api.client.ClientResponse.hasEntity(ClientResponse.java:480) ~[jersey-client-1.14.jar:1.14]
at com.sun.jersey.client.apache.ApacheHttpClientHandler.handle(ApacheHttpClientHandler.java:182) ~[jersey-apache-client-1.14.jar:1.14]
... 12 common frames omitted
Caused by: java.io.IOException: Stream closed
at java.io.BufferedInputStream.getBufIfOpen(BufferedInputStream.java:162) ~[na:1.7.0_05]
at java.io.BufferedInputStream.reset(BufferedInputStream.java:435) ~[na:1.7.0_05]
at java.io.FilterInputStream.reset(FilterInputStream.java:226) ~[na:1.7.0_05]
at java.io.FilterInputStream.reset(FilterInputStream.java:226) ~[na:1.7.0_05]
at com.sun.jersey.api.client.ClientResponse.hasEntity(ClientResponse.java:464) ~[jersey-client-1.14.jar:1.14]
... 13 common frames omitted
Requests in the browser and with my REST tool work.
I got it to work when I use the IPv6 address for localhost: https://[0:0:0:0:0:0:0:1]/
It always worked for me with localhost. Is it possible that some Java or Windows 7 update changed a default setting so it uses IPv6 instead?
What can I do to make localhost work again and do I need to be worried that this might cause a problem on other PCs when they want to connect to our real server?
I would like to be IPv4 and IPv6 compatible.
edit: here is my hosts file (it is unedited)
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
So I finally found the problem. Apparently Skype uses port 80 and 443 as alternative ports.
As soon as I quit Skype everything worked.
WebApp accessible via localhost but not 127.0.0.1
It probably worked with the IPv6 localhost address because Skype doesn't bind to that one.
Related
If I use this solution:
new ServerSocket(9090, 0, InetAddress.getByName("localhost"))
...and the user changes it's system hosts file to access my website as "localhost", will this fail to prevent access from non-local client?
(in response to the bounty call)
As always in computer security, guarantee depens on attacker capabilities.
The attacker is lame and knows nothing. Then yes, localhost guarantees the locality of the client.
The attacker has login access to the system and can run SSH to the outer world. Then no guarantees - SSH can forward internal ports through tunnels:
ssh -R *:8080:localhost:9090 some.external.server
Executing this command on the box with your java server will result in establishing a tunnel. All requests addressed to some.external.server:8080 will be delivered to localhost:9090 of the target box.
VPS nowdays costs almost nothing, so the attacker can easily rent such external box and use it as the proxy between your localhost and the whole world.
You may try to protect your server by filtering out all requests where Host header is not localhost. It could be easily countermeasured by including a header-rewriting proxy, such as nginx, to the forwarding chain.
Summary
As you can see, guarantee means that users in the target box must be severely limited: no forwarding software. It implies denying users access to system utilities like ssh or installing and/or running them with user privileges. This is highly unlikely unless the box is a set-top box without any user login or software reconfiguration.
Localhost address
The first comment to the question suggests a trick with localhost name resolution:
the user could probably override localhost to that it's no longer 127.0.0.1
The idea is to place a record to /etc/hosts or c:\Windows\System32\Drivers\etc\hosts that binds localhost name to another IP address.
If your box has an Ethernet connection with, say, address 1.2.3.4, then the line
1.2.3.4 localhost
might cause change of localhost address. If this happens, then the line
new ServerSocket(9090, 0, InetAddress.getByName("localhost"))
will bind the port 9090 on the external network interface, that is accessible from the outside of the box.
I tried this on Ubuntu 18.04, and it worked. I successfully connected to the app running on localhost in the box on the other side of Pasific.
BUT
Once upon a time MS Windows developers hardcoded localhost to be 127.0.0.1. Here is the Medium post about that.
I checked with my Windows 10 box. Confirmed: localhost resolves to 127.0.0.1. The test program
package org.example;
import java.net.*;
import java.io.*;
public class TryLocalhost {
public static void main(String[] args) throws IOException {
System.out.println("localhost: " + InetAddress.getByName("localhost"));
}
}
produces
localhost: localhost/127.0.0.1
while hosts file tried to bind localhost to the link-local address
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
192.168.0.198 localhost
The comment is original, from Microsoft.
I am trying to setup a lily cluster where in it talks about Network Configuration which I am unable to understand. But every time I try to run the server I get the following error. Kindly explain me the network configuration and how am I supposed to do this ?
Network configuration
Make sure your inter-host-nameresolving is set up correctly. The
hostnames should be properly set up: on each server, the local
hostname should resolve to the IP address of the network interface,
and reverse resolving the IP address should again give the same
hostname (and not localhost or the hostname with some domain suffix
appended to it).
In Lily's bin directory you will find the tool lily-print-host which
will show you what Java detects as hostname and corresponding address.
It is ok to fix this using /etc/hosts instead of changing DNS, but in
that case it should be done consistently on each node so that the
nodes know each other by name.
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.lilyproject.server.modules.repository.BlobManagerSetup]: Constructor threw exception; nested exception is java.io.IOException: Failed on local exception: java.io.IOException: Response is null.; Host Details : local host is: "UG-BLR-L030/192.168.0.105"; destination host is: "localhost":54310;
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
... 32 more
Caused by: java.io.IOException: Failed on local exception: java.io.IOException: Response is null.; Host Details : local host is: "UG-BLR-L030/192.168.0.105"; destination host is: "localhost":54310;
at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:760)
at org.apache.hadoop.ipc.Client.call(Client.java:1229)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:202)
at com.sun.proxy.$Proxy27.getFileInfo(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:164)
at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:83)
at com.sun.proxy.$Proxy27.getFileInfo(Unknown Source)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:628)
at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1532)
at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:803)
at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1332)
at org.lilyproject.repository.impl.DFSBlobStoreAccess.<init>(DFSBlobStoreAccess.java:44)
at org.lilyproject.server.modules.repository.BlobManagerSetup.<init>(BlobManagerSetup.java:56)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148)
... 34 more
Caused by: java.io.IOException: Response is null.
at org.apache.hadoop.ipc.Client$Connection.receiveResponse(Client.java:941)
at org.apache.hadoop.ipc.Client$Connection.run(Client.java:836)
Startup failed. Will try to shutdown and exit.
[INFO ][00:34:55,387][main ] org.lilyproject.runtime.info - Shutting down the modules.
You're getting the error because your hostnames are not properly set up. Particularly the highlighted text in the block-quote below:
[...] reverse resolving the IP address should again give the same hostname (and not localhost or the hostname with some domain suffix appended to it).
"To provide the comfort of tested and supported releases of the Hadoop stack, we have selected to use Cloudera's Hadoop distribution." - Third Paragraph from Installing A Lily Cluster
The steps from Cloudera - Configuring Network Names
To ensure that the members of the cluster can communicate with each other, do the following on every system.
Set the hostname of each system to a unique name (not localhost). For example:
$ sudo hostname myhost-1
Note: This is a temporary measure only. The hostname set by hostname does not survive across reboots
Make sure the /etc/hosts file on each system contains the IP addresses and fully-qualified domain names (FQDN) of all the members of the cluster.
Important:The canonical name of each host in /etc/hosts must be the FQDN (for example myhost-1.mynet.myco.com), not the unqualified hostname (for example myhost-1). The canonical name is the first entry after the IP address.
If you are using DNS, storing this information in /etc/hosts is not required, but it is good practice.
Make sure the /etc/sysconfig/network file on each system contains the hostname you have just set (or verified) for that system, for example myhost-1.
Check that this system is consistently identified to the network:
Run uname -a and check that the hostname matches the output of the hostname command.
Run /sbin/ifconfig and note the value of inet addr in the eth0 entry, for example:
$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:A4:E8:97
inet addr:172.29.82.176 Bcast:172.29.87.255
Mask:255.255.248.0
...
Run host -v -t A \`hostname` and make sure that hostname matches the output of the hostname command, and has the same IP address as reported by ifconfig for eth0; for example:
$ host -v -t A `hostname`
Trying "myhost.mynet.myco.com"
...
;; ANSWER SECTION:
myhost.mynet.myco.com. 60 IN A 172.29.82.176
Other helpful information follows...
Best Practices for Cluster Network Configuration from Hortonworks
These are the best practices for configuring the network for a Hadoop cluster. These are recommended for a stable and performant Hadoop cluster.
Machines should be on an isolated network from the rest of the data center. This means that no other applications or nodes should share network I/O with the Hadoop infrastructure. This is recommended as Hadoop is I/O intensive, and all other interference should be removed for a performant cluster.
Machines should have static IPs. This will enable stability in the network configuration. If the network were configured with dynamic IPs, on a machine reboot or if the DNS lease were to expire then the machine’s IP address would change, and this would cause the Hadoop services to malfunction.
Reverse DNS should be setup. Reverse DNS ensures that a node’s hostname can be looked up through the IP address. Certain Hadoop functionalities utilize and require reverse DNS.
I am developing an Android application and I'm using PostgreSQL bundled with PostGIS. I want to use a local database for that but connecting via 'localhost' doesn't work, I have tried the alternative to use '127.0.0.1' instead but it is not working, I am getting the following error:
org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Using my network's ipv4 adress works, but I cannot connect via localhost. How can I fix that?
My pg_hba.conf looks like:
...
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 192.168.1.1/24 trust
host all all 0.0.0.0/0 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#host replication postgres 127.0.0.1/32 trust
#host replication postgres ::1/128 trust
and my postgresql.conf looks like:
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5123 # (change requires restart)
max_connections = 100 # (change requires restart)
My code in Eclipse looks like
private String DB_URL = "jdbc:postgresql://" + Server.getDbserver() + ":" + Server.getDbport() + "/postgis";
And my variables inside my Server class look like.
private static String dbserver = "localhost";
private static int dbport = 5123;
As a summary, connecting via my network ipv4 (for example 192.168.1.199) works, but connecting via 'localhost' or '127.0.0.1' generates me the error I posted above.
Why are you using 192.168.1.1/24 and trust? Try it maybe like this:
host all all 192.168.1.1/32 md5
And then implement the connection with username / password.
Well, you need a connection between your Android device and your computer but unfortunately, the USB cable does not do that.
However, if you do want to rule your application offline, you will have to make your PC or your Android device a hotspot. I would not reccomend you to make your tablet a hotspot, but making a computer a hotspot is pretty easy, you can use Connectify and voila, your laptop is connected to the same LAN as your computer and you will get the computer ipv4 provided to you by Connectify itself.
Have fun.
I am using a virtual machine on a server.
My local IP of the VM is 192.168.1.10
I am trying to achieve something which requires me to edit my /etc/hosts as provided in this link
http://www.thatisjava.com/java-tech/55200/
I am having similar problems, My console reads
RTP--- :DataAddress: /192.168.1.10
ControlAddress: /192.168.1.10
DataPort: 42050
ControlPort: 42051
java.io.IOException: Local Data AddressDoes not belong to any of this hosts local interfaces
java.io.IOException: Local Data AddressDoes not belong to any of this hosts local interfaces
at org.speechforge.cairo.rtp.RTPConsumer.init(RTPConsumer.java:181)
at org.speechforge.cairo.rtp.RTPConsumer.<init>(RTPConsumer.java:95)
at org.speechforge.cairo.rtp.server.RTPStreamReplicator.<init> (RTPStreamReplicator.java:69)
And some more.
The answer to the problem given is
I solved this one. The problem is JMF seems to use
InetAddress.getAllByName() which returns (at least in my case) only
single IP address no matter how many addresses I have defined on my
interfaces. The problem was solved by placing my IP address that I
wanted to use by session manager into /etc/hosts. It must be the first
line in /etc/hosts otherwise the other row that matches is used.
Unfortunately, I cant make out what He is trying to state. My /etc/hosts read
127.0.0.1 localhost
127.0.1.1 SparkVM104
So am I supposed to change 127.0.0.1 with my 192.168.1.10
or am I supposed to create an alias like 127.0.0.1/192.168.1.10
or Shall I just paste 192.168.1.10 in the top as
192.168.1.10
127.0.0.1 localhost
127.0.1.1 SparkVM104
Any help is appreciated.
Regards.
The format for /etc/hosts is
IP_address canonical_hostname [aliases...]
(see http://linux.die.net/man/5/hosts), so to list 192.168.1.10 first, the /etc/hosts file would have to look like this:
192.168.1.10 SomeHostName SomeOtherHostName
127.0.0.1 localhost
In /etc/hosts, localhost should map to 127.0.0.1 and nothing else, and your external hostname to your external IP address and nothing else. Some Linux distributions are stated to violate this rule and it breaks everything.
I am trying to connect to PostgreSQL db from my java program,I am getting an exception as
org.postgresql.util.PSQLException: Connection refused. Check that the hostname
and port are correct and that the postmaster is accepting TCP/IP connections.
Can anyone help me to resolve this issue?
See: http://www.postgresql.org/docs/current/interactive/auth-pg-hba-conf.html
Client authentication is controlled by a configuration file, which
traditionally is named pg_hba.conf and is stored in the database
cluster's data directory. (HBA stands for host-based authentication.)
A default pg_hba.conf file is installed when the data directory is
initialized by initdb. It is possible to place the authentication
configuration file elsewhere, however; see the hba_file configuration
parameter.
The example table covers all.
My values from windows64bit machine with ipv6. This allows connection from all users from the same machine.
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust