Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago In trying a different port (I used 11111), nmap did show the port as open but a
non local client still couldn't connect to it.Original comment by wpmccorm...@gmail.com on 16 Jan 2014 at 4:55
GoogleCodeExporter
commented
9 years ago If you can connect to the iperf server locally but not from a different host,
this sounds like a firewall problem. By default the iperf server doesn't bind
to any particular port (it would if you use the -B option), so there's no
particular reason for iperf to take connections via one interface versus
another.
When you say "cannot connect clients except from the same machine" what error
message do you get from your client?
Any way you can tell if you have a firewall configured on this host and if so
what its ruleset is? (I wish I could give more specific guidance but I'm more
of a FreeBSD person, most of my Linux experience is CentOS.)
Original comment by bmah@es.net on 16 Jan 2014 at 5:24
GoogleCodeExporter
commented
9 years ago I agree it sounds like a firewall issue, but the fact that client and server
are at the opposite ends of a VPN, and also that the the machine where the
iperf server is running has NO iptables config (below), leaves me scratching my
head. Even though I can connect locally, nmap still does not show the port as
being open. Just to prove that this isn't a fire wall issues, I can connect to
a server that I wrote that is listening on tcp/11111. I didn't do anything
special to make this work.
/* testing client connection to another server app ... it works */
root@fibuntu:~# telnet 172.16.125.5 11111
Trying 172.16.125.5...
Connected to 172.16.125.5.
Escape character is '^]'.
read|NO_FAN_FAULT_M1
!read|NO_FAN_FAULT_M1|1
disconect
ERROR : invalid command : disconect
quit
ERROR : invalid command : quit
disconnect
Connection closed by foreign host.
/* start iperf, the [3] is something I added so I could see what the sock fd
was */
root@SAM.304-ms:/home/fiber# /usr/local/bin/iperf3 -s -4 -V
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201 [3]
-----------------------------------------------------------
/* from another console, see what iperf is doing */
root@SAM.304-ms:/home/fiber# netstat -ap| grep 5201
tcp 0 0 *:5201 *:* LISTEN
1099/iperf3
root@SAM.304-ms:/home/fiber# ps aux|grep iperf
root 1099 0.0 0.0 1728 544 pts/0 S+ 16:41 0:00
/usr/local/bin/iperf3 -s -4 -V
root 1108 0.0 0.0 3284 724 pts/2 S+ 16:41 0:00 grep iperf
/* try to connect to the iperf server across and OpenVPN tunnel, server to
client*/
root@fibuntu:~# /usr/local/bin/iperf3 -c 172.126.125.5 -p 5201 -V -t 60
iperf version 3.0.1 (10 January 2014)
Linux fibuntu 3.5.0-39-generic #60-Ubuntu SMP Tue Aug 13 18:33:05 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
iperf3: error - unable to connect to server: Connection timed out
/* see what ports are open on the remote side */
root@fibuntu:~# nmap -sT 172.16.125.5
Starting Nmap 6.00 ( http://nmap.org ) at 2014-01-16 15:33 CST
Nmap scan report for 172.16.125.5
Host is up (0.083s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
11111/tcp open vce
Nmap done: 1 IP address (1 host up) scanned in 11.82 seconds
/* see what ports are open on the local side */
root@SAM.304-ms:/home/fiber# nmap -sT localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2014-01-16 16:34 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
11111/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.83 seconds
/* check iptables */
root@SAM.304-ms:/home/fiber# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
root@SAM.304-ms:/home/fiber# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Original comment by wpmccorm...@gmail.com on 16 Jan 2014 at 9:48
GoogleCodeExporter
commented
9 years ago oh yea ... and finally, iperf local client:
root@SAM.304-ms:/home/fiber# iperf3 -c 172.16.125.5
Connecting to host 172.16.125.5, port 5201
[ 4] local 172.16.125.5 port 52123 connected to 172.16.125.5 port 5201
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-1.00 sec 77.9 MBytes 653 Mbits/sec 0
[ 4] 1.00-2.00 sec 77.0 MBytes 646 Mbits/sec 0
[ 4] 2.00-3.00 sec 77.9 MBytes 653 Mbits/sec 0
[ 4] 3.00-4.00 sec 77.4 MBytes 648 Mbits/sec 0
[ 4] 4.00-5.00 sec 77.2 MBytes 649 Mbits/sec 0
[ 4] 5.00-6.00 sec 77.6 MBytes 651 Mbits/sec 0
[ 4] 6.00-7.00 sec 77.1 MBytes 647 Mbits/sec 0
[ 4] 7.00-8.00 sec 77.9 MBytes 654 Mbits/sec 0
[ 4] 8.00-9.00 sec 77.1 MBytes 646 Mbits/sec 0
[ 4] 9.00-10.00 sec 77.8 MBytes 653 Mbits/sec 0
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 775 MBytes 650 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 775 MBytes 650 Mbits/sec receiver
iperf Done.
root@SAM.304-ms:/home/fiber# /usr/local/bin/iperf3 -s -4 -V
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201 [3]
-----------------------------------------------------------
Time: Thu, 16 Jan 2014 21:49:53 GMT
Accepted connection from 172.16.125.5, port 52122
Cookie: SAM.1389908993.023567.3d267dee45bd62
TCP MSS: 16384 (default)
[ 5] local 172.16.125.5 port 5201 connected to 172.16.125.5 port 52123
Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0
seconds, 10 second test
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 77.8 MBytes 652 Mbits/sec
[ 5] 1.00-2.00 sec 77.1 MBytes 646 Mbits/sec
[ 5] 2.00-3.00 sec 77.8 MBytes 654 Mbits/sec
[ 5] 3.00-4.00 sec 77.5 MBytes 648 Mbits/sec
[ 5] 4.00-5.00 sec 77.1 MBytes 649 Mbits/sec
[ 5] 5.00-6.00 sec 77.6 MBytes 651 Mbits/sec
[ 5] 6.00-7.00 sec 77.1 MBytes 647 Mbits/sec
[ 5] 7.00-8.00 sec 77.9 MBytes 654 Mbits/sec
[ 5] 8.00-9.00 sec 77.1 MBytes 646 Mbits/sec
[ 5] 9.00-10.00 sec 77.8 MBytes 653 Mbits/sec
[ 5] 10.00-10.00 sec 128 KBytes 441 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
Test Complete. Summary Results:
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.00 sec 775 MBytes 650 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 775 MBytes 650 Mbits/sec receiver
CPU Utilization: local/receiver 0.7% (0.0%u/0.7%s), remote/sender 56.8%
(0.6%u/56.2%s)
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201 [3]
-----------------------------------------------------------
Original comment by wpmccorm...@gmail.com on 16 Jan 2014 at 9:51
GoogleCodeExporter
commented
9 years ago Is it possible this all has something to do with OpenVPN? I'll see if can get
to the iperf server over a LAN ... need to make iperf work on cygwin 1st!Original comment by wpmccorm...@gmail.com on 16 Jan 2014 at 9:54
GoogleCodeExporter
commented
9 years ago Debian linux systems on the OpenVPN client LAN can connect iperf client across
the tunnel to the iperf server running on the same Ubuntu system that runs the
OpenVPN server.
Connecting a cygwin iperf client to a debian linux iperf server, not going
through a VPN, and whether on the same LAN or to a VLAN, produces a similar but
somewhat different result, detailed below:
/* 1st start the server */
root@SAM.demo-ms:/home/fiber# iperf3 -s -V
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
/* then start a client */
Bill McCormick@FIBERIO-BILL /usr/local/bin
$ iperf3 -c 192.168.120.5
Connecting to host 192.168.120.5, port 5201
/* nothing seems to happen until I ctrl-c the client, then I see this on the
server ... */
root@SAM.demo-ms:/home/fiber# iperf3 -s -V
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Time: Thu, 16 Jan 2014 23:00:21 GMT
Accepted connection from 10.5.101.143, port 6886
Cookie: a39fc3ab-e8aa-4494-91c3-0b5875d0c159
TCP MSS: 1460 (default)
iperf3: the client has unexpectedly closed the connection
iperf version 3.0.1 (10 January 2014)
Linux SAM 2.6.33 #1 PREEMPT Wed Jun 30 11:35:16 EDT 2010 i586 GNU/Linux
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Original comment by wpmccorm...@gmail.com on 16 Jan 2014 at 11:05
GoogleCodeExporter
commented
9 years ago Hrm. I'm reading the complete set of comments on this bug (admittedly a bit of
time has passed since you wrote them), and I'm trying to sort this out. It
looks like in Comment #6 you have things working (at least with the all Linux
systems...we don't presently support building on CygWin)?
In Comment #5 you asked whether this had to do with OpenVPN. That's certainly
possible in that the OpenVPN endpoints could be doing some filtering).
If there are some cases that aren't working, perhaps you could see if doing
"telnet server 5201" (i.e. try to telnet to the iperf3 server on TCP port 5201)
works or if you get a connection timeout. If you get a connection timeout from
both the iperf3 client and the telnet client, the problem isn't in iperf3 (I
suspect this will be the case). If you get a timeout from the iperf3 client,
but a successful connection setup with telnet, then there's some more digging
required.
Original comment by bmah@es.net on 3 Feb 2014 at 10:17
Original issue reported on code.google.com by
wpmccorm...@gmail.comon 16 Jan 2014 at 1:37