[solved] can't ssh AWS EC2 anymore - iptables flushed
Hi,
I killed a AWS's EC2 connexion by flushing iptables on server side, can't connect anymore.
I connect to an Amazon's EC2 instance (with Ubuntu) mainly as a proxy, from a linux system based laptop, to go through an university's firewall.
(For a heads up, I do have some experience with sysadmin on linux, however not that much with network (close to none). I could be qualified as an "aware beginner". As a mean to get some experience with network, a friend of mine, who is most skilled, suggested to use, and helped me to set up an Amazon EC2 instance.
I get a connexion by pulling a ssh tunnel on a terminal:
ssh -i key.pem -D 8080 -p 443 -o 'IdentitiesOnly yes' [email protected]
However for the tricky part, the university's firewall blocking ssh too.
I could get over it when I eventually setup "stunnel4" to encrypt the whole connection with ssl (found it myself, with some luck in research).
(Installed it when I had the chance to find a proper connexion, which are rare: I found most of hotspot restrictive in that case).
So, it worked well for a while, until I wanted to set up a p2p system (don't laugh guys! It is mostly for study purpose: I needed to down/upload geology maps, which are huge, the firewall always shut our long transfers down, my professors and me).
I tried rtorrent on the server, it worked well.
But because the EC2's 8GB were not big enough, I needed to setup another p2p tool from the laptop (went with Deluge), going through the EC2. For this reason, I opened a range of ports on the Amazon board's security groups (56880-56890, tcp and udp), and added them to iptables, both on ubuntu and laptop, and setup the software accordingly.
# iptables -A INPUT -p tcp --dport 56881:56889 -j ACCEPT
# iptables -A INPUT -p udp --dport 56881:56889 -j ACCEPT
However, because it still did not work, I asked for help to this friend. He told me I set up the software wrong, and suggested me to flush iptables. So, I did it recklessly, on both laptop and EC2'ubuntu.
# iptables --flush
Of course, doing so killed the connexion to the EC2. There, I could not connect to the server anymore:
ssh: connect to host xx.xxx.xxx.xxx port 443: Connection timed out
Trying to fix it, I found this post, but I faced two difficulties I can not get over with during the process.
1st, on the Amazon EC2 board, after I created a temporary instance, I went to stop the broken instance (i-08091d4b: ok),
detached the broken EBS volume (ok) ,
in order to attach it to the temporary instance (i-64402427: not ok).
I couldn't because the two EBS are supposed to be on the same avaibility zone, which I couldn't setup.
Therefore I couldn't attach the broken EBS on the temp instance.
(I tried then create 2 others temporary instances, in order to check if I could set this avaibility zone).
2nd, I anticipate the fact that the temporary instance doesn't have the "stunnel4" system deployed (software, settings and key), then I won't be able to connect to it anyway.
Is anybody faced similar situation? What can I do to fix the situation?
Last edited by OlaffTheGreat (2014-08-17 23:11:21)
Thanks for your reply.
Unfortunaly, I can't have a physical acces as it is a virtual hard drive somewhere.
As the tuto suggested, I tried also to just reboot the session, hopping the iptables would just reset afterward. It could have looked like what you say about "only partialy resetted the firewall". But it seems really out of order.
Edit: well, it is back online... but I don't know why.
I played randomly with the EBS volumes: detach/reattach them, and when I tried to ssh again to the broken session, I get the connexion...
Last edited by OlaffTheGreat (2014-08-17 23:10:53)
Similar Messages
-
Old Logic + a new Mac = can't open old projects anymore. De/re-install?
Hi everybody,
maybe someone can advise me with this problem:
I bought a new Mac recently, did install a fresh OSX 10.5 and then used migration assistant to transfer my old user account from my old Mac (10.4), incl. all files. It did take a night, but it worked - or so I thought. Actually all applications work as they should, except for Logic. I had to re-authorize a few plug-ins, but then all seemed to be cool. I can open a new project, record audio, midi, add plug-ins, all cool. But I ended up with 3 problems, which are really annoying:
1) EXS24 couldn't find most of the samples anymore. Most, not all. I have 4 internal HDs, one for the system, one for audio recordings, one for samples, one for "other stuff". 2 of these disks came from the old Mac, 2 new ones, content copied from old Mac. In the EXS prefs I set "search for samples" to "all volumes", but it still didn't work perfectly. Finally I bought EXSManager Pro and now it seems to work again. I didn't try ALL samples yet, but the +/- 20 EXS instruments I tried, did load all samples.
2) Space Designer doesn't load impulse responses for the presets anymore. They're there and at the right place. I can load SD and import an existing impulse file, no problem. But the presets don't find the required files anymore.
3) Now - and this is the worst one - I can't open old projects anymore. I just can't. It starts loading, I see the rainbow thing (don't know the right word), it turns black & white and that's it. You can watch this forever and nothing happens.
Regarding all 3 issues:
I don't get any error messages. Logic doesn't crash, I can't click 'apple-.' to stop loading/searching. It just doesn't open the file. I had a coffee, a pizza, I let it try for 2 hrs+, but neither did it load a SD preset or an old song file. All I can do is manually quit Logic.
But when I open Logic with the CTRL-button down and click "no" to core audio I can open all songs. Of course I can not hear a tone then, but it's all there. Opening a song takes 3 secs then. I tried to safe a song then with a different name, re-started Logic with core audio but same result. It get's "stuck".
Of course I checked user permissions and all the usual trouble shooting clicks, but still Logic has a mind of it's own. I installed a 2nd user with admin rights, though still the same, plus all the 3rd party plug-ins refusing to work.
Now I was thinking, should I de-install Logic and re-install from the original CDs maybe. And if so, is there anything special I have to take care of? Like manually removing any prefs or cache files?
Or completely re-install the whole Mac? (pleeease no....)...
If anybody has any idea, it'd be highly appreciated.
Thank you in advance and for the energy to read my little novel here,
cheers,
JoernOk, either my question was too long or nobody seems to have an answer. Sad, either way
Here's something I found out in the meantime, maybe this is interesting for somebody or maybe - problem's not totally solved - enough info for any of you to give me further advice.
When I start Logic Core Audio driver de-activated, I can open old songs. Then I save them in a new folder with all audio files and a new name. And I remove all EXS24 instruments as well as the Space Designer. I quit Logic, re-open with Core Audio activated and I can open the song.
Problem no.1: EXS24 instruments don't find the appropriate samples, but EXSMananger Pro did help me with this. Same problem with Space Designer, which doesn't find the impulse responses, connected to a certain preset.
Two questions, every idea would be great!
- Is there any way to teach Space Designer Presets where to look for impulse respones. I can load IR samples directly and create a new preset, but I can't use my old ones.
- Is it possible to install Logic from scratch over an existing version? Or how should I de-install everything connected with Logic and then install a fresh version from CD?
Thank you again,
Joern -
Berkeley DB Java Edition and Amazon AWS/EC2, EBS
In a previous OTN thread titled [BerkeleyDB and Amazon EC2/S3|http://forums.oracle.com/forums/thread.jspa?messageID=2627679&tstart=0] questions were raised about using Berkeley DB Java Edition on AWS/EC2. Specifically,
(1) Does JE work on AWS/EC2, and
(2) Can S3 be used as a persistent store for JE.
To follow up on this, recently I have done some work validating JE on AWS and am happy to report that it works fine (there should be no surprise there). I have run it under 32b and 64b Ubuntu distros with Java 6, but I have no reason to think that it doesn't work on other platforms.
On the second question, I did no work with S3 as a persistent store. Rather, I ran JE with both the Instance Local Storage and with an EBS volume as Environment storage. In the Instance Local Storage case, AWS/EC2 makes no guarantees of durability if the instance fails. In the EBS case, the durability guarantees are much stronger. Both of these storage mechanisms worked fine with JE.
I call attention to the performance that I observed with EBS on an m1.large instance type. Raw write/fsync operations were on the order of 1.99 msec which is quite fast. A discussion of this can be found in this [AWS Forum thread|http://developer.amazonwebservices.com/connect/thread.jspa?messageID=111957𛕕].
Charles LambMorgan,
Yes, we currently plan to only offer replication for Java 1.5. Our motivations are split between the speed consideration and the codeline issues. We've seen better performance with 1.5. Also taking full advantage of the type safety and concurrent support in 1.5 can end up affecting implementation choices significantly, and can make 1.4 code and 1.5 code diverge a lot.
As for bug fixing on the 1.4 releases, we don't yet have an official plan. We care very much about supporting our open source users and have been able to provide backwards patches where critical in the past. However, the cost of backporting between 1.5 and 1.4 may be high for some bug fixes, and we'll probably have to decide case by case.
Regards,
Linda -
AnyConnect VPN on Mac - Can't SSH to Virtualbox Virtual Machines
Hi,
I'm running AnyConnect version 3.1.05170 on my Mac. I'm also doing SW Development on multiple Virtual Machines on my Mac via VirtualBox. When I connect via VPN, I can no longer SSH to my Virtual Machines. I'm sure there is a rules setting or something that is killing my "Host Only Network" in VirtualBox so I can no longer access them. The worst part is that even if I Quit the AnyConnect Client, I still can't SSH to my Virtual Machines, so whatever rule is put in place doesn't go away when I disconnect the tunnel.
Has anyone witnessed this or have a suggestion on how to go about solving it?
Thanks,
- CurtHello,
I just encountered the same problem. To solve it, I checked the box "Allow Local (LAN) access when using VPN (if configured)" in the preferences of AnyConnect.
It's working fine for me but I am using Parallels and not VirtualBox.
Regards
David -
Can't lock the screen anymore with a password
I can't lock the screen anymore since I installed Mavericks. I have assigned a password to the screensaver in the system preferences, but when I activate the screensaver on my iMac 8,1 it does not ask for the password when I wake it up from sleep. I have checked the option in the security preferences that the Mac should ask for a password immediately.
Any idea how the enable the password?Okay, the problem is solved. I don't really know how - I just restarted the mac several times and now it works.
-
After installing the update to Adobe Reader 11.0.09 can't print PDF's anymore
After installing Adobe Reader 11.0.09 I can't print PDF's anymore. After click on 'Print' I get the message 'can't print the document', after click 'OK' I get the message 'there are not pages selected'. What's the solving for this problem? Thanks for troubelshooting!
Two obvious troubleshooting techniques are to delete and re-install the printer driver (or updating printer driver) and fixing the installation of Acrobat. Have you given those a try?
-
I'm using web developer1.1.9 ad-on. When I select a menu CSS->View Style Information, I see red outlined div's, etc. but I can't see these outlines anymore.
I tried uninstall and install both Firefox and Developer ad-on but it did not solve the problem.Firefox also have build-in web developer tools, so there is less need for extensions.
*http://hacks.mozilla.org/2012/03/firefox-aurora-13-developer-tools-updates/
*https://developer.mozilla.org/en/Tools/Page_Inspector
*https://developer.mozilla.org/en/Tools/Page_Inspector/HTML_panel
*https://developer.mozilla.org/en/Tools/Page_Inspector/Style_panel -
Hallo can´t find my ultrabeat anymore.. what´s happened where can i find it??
Hallo can´t find my ultrabeat anymore.. what´s happened where can i find it??
If you have not already done so, shut down MBA, restart, and try again. If the camera still does not work, use all relevant suggestions from Apple's http://support.apple.com/kb/HT2090.
(Apple has changed the built-in camera's name on newer Macs from "iSight" to "FaceTime" and then to "FaceTime HD." Regardless of the name of your Mac's built-in camera, the same info and troubleshooting applies.)
If your troubleshooting proves that yours is a Skype-specific problem (your cam works in more than one user account with Apple apps) that remains even after you have updated to the latest Skype version that is compatible with your Mac OS, Skype's comprehensive support system should best be able to help you use their product with your system.
You can search or post for help with your problem in Skype's dedicated Skype Discussions for Mac. The Skype users who post there may have already solved your problem.
If nothing else works to fix your Skype, you can even sign in and ask for email help directly from Skype's Technical Support people.
Message was edited by: EZ Jim
Mac OSX 10.8.2 -
Can't change cache directory anymore?
Hey I reinstalled spotify and I can't seem to find the option in the settings where you could change the directory of the buffer files anymore? Can you not change this anymore? Will this come back in an future update?Otherwise I won't be able to use spotify any longer and have to look for a better solution.
I expect they correct this HUGE mistake. What about who have a SSD? Are you gona to pay a new SSD? If you don't solve this mistake i remove my premium.
-
Just downloaded the latest version of iTunes, but can't find "Power Search" anymore to locate specific songs or artists quickly? "Browse" takes waaay too long. Any suggestions?
http://www.apple.com/feedback/kaywerty wrote:
A rather long winded way of asking if anybody knows if it's possible to have multi-windows open
It's not possible.
Suggestions here -> Apple Product feedback -
How can I use iCloud again after upgrading OS to Mountain Lion? 2 days of trying every password I have ever used, AND changing Apple ID and iTunes ID, still nothing. Can't backup on iCloud anymore.
Apple ID's can be used for anything, a single ID can be used for all your accounts (ie iCloud, iTunes, MAS, Apple community etc), ideally this would be the way forward. So far as iTunes goes you need to continue to use the same ID as you have always used or you will lose access to your previous purchases and your iTunes match subscription.
If you are using a second ID for iCloud, you can continue to do so or use the ID you use for iTunes, but if you choose the later you will need to move all your calendar, contact etc data to the account using the ID you use for iTunes.
When (if) you change which account you use you would delete the account on an iOS device and log back in with the correct details, on a mac you would sign out in the iCloud system preference pane. -
I have just upgrade Itunes (10.6.3.25) and now I can not see my Ipad anymore. before the upgrade it was working fine. I already tried all suggestions from the support page, except re-installing Itunes. any suggestions?
SinluFrank wrote:
already tried all suggestions from the support page, except re-installing Itunes. any suggestions?
Yes. Reinstall iTunes. If that is the point at which you stopped trying the support suggestions then it makes sense to me, that you move on to the next suggestion and if reinstalling iTunes is the next suggestion, so be it.
However .... I too have issues that arise out of the blue with my iPad being recognized in iTunes and what I always do and it eventually works is to quit iTunes, restart my MacBook, and reboot my iPad.
Rebooting the iPad is the last thing that I do and only if I have no success with quitting iTunes and restarting the Mac. It may take a few tries to work, but if you are that dead set against reinstalling iTunes, then give it a try. -
Help! I can't burn a CD anymore. I try it in finder and get a can't communicate error...in iTunes...same thing...in iPhoto, (you guessed it...same thing)
I can read my created CD's just fine with no problems (those I have created as well as those from Apple [iLife 6.0, system DVD's that came with it etc.]). I have fixed permissions, erased and reinstalled 10.4 that came with my mini, and still have this problem.
The finder acknowledges a blank CD, but won't write to it...iTunes same thing...iPhoto the same thing.
Burner need replaced, or is it an OS problem? CD's bad (have sucessfully written to 35 of the 50 in the spindle Memorex CD-R Music)?
Mac Mini 1.33 G4 Mac OS X (10.4.9)The following is from the Mac Help:
I can't burn a CD or DVD
If you can't burn files on a recordable disc, see if the surface of the disc is smeared or dirty. Clean the disc with a soft, damp cloth and try again. If the disc is scratched, try another disc.
Try using a disc made for a slower recording speed, such as 2x or 4x instead of 8x.
If you still can't burn a disc, either you don't have an optical drive that can record discs, or your disc may already have files on it and can't be used again.
Check to see what type of disc you have. If your disc is CD-R or DVD-R, you can't erase files contained on it or burn more data on the disc. If the disc is rewritable, you need to erase the disc with Disk Utility before you can record on it again. For more information, open Disk Utility, (in the /Applications/Utilities folder), choose Help>Disk Utility Help, and search for "erasing discs."
To see if an optical drive can burn discs:
Open System Profiler, located in /Applications/Utilities.
Select Disc Burning in the Hardware list.
If more than disc drive is connected to your computer, select the one you want to use from the list of drives.
Look at the entries for "CD-Write" and "DVD-Write."
If the entry contains "-R," your computer can write to a CD-R or DVD-R only once. If the entry contains "-RW," your computer can erase a CD-RW or DVD-RW and write to it again.
If you are using an application such as iDVD to create a custom disc, check the application's help for more information and instructions.
If you are trying to perform multisession burning (burning data to a disc in more than one session until the disc is full), you must use Disk Utility. See Disk Utility Help for more information.
If none of the above helps, I suggest you take your Mac in for service.
Carolyn -
I have a ipod 5th gen and i changed my password because everyone knew it. I had forgotten it and now it is fully disabled. I can not get it online anymore and i have tried everything to get it restored. Please help as I am really worried
Disabled
Place the iOS device in Recovery Mode and then connect to your computer and restore via iTunes. The iPod will be erased.
iOS: Wrong passcode results in red disabled screen
If recovery mode does not work try DFU mode.
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
For how to restore:
iTunes: Restoring iOS software
To restore from backup see:
iOS: Back up and restore your iOS device with iCloud or iTunes
If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
You can redownload most iTunes purchases by:
Downloading past purchases from the App Store, iBookstore, and iTunes Store
If problem what happens or does not happen and when in the instructions? When you successfully get the iPod in recovery mode and connect to computer iTunes should say it found an iPod in recovery mode. -
After update to Maverick, I can't ssh to remote servers from my Mac.
I can ssh localhost, but I can't ssh to remote servers.
cykuo-MBP:~ cykuo$ ssh root@my_server_ip
Read from socket failed: Connection reset by peer
cykuo-MBP:~ cykuo$ ssh root@my_server_ip
Read from socket failed: Operation timed out
cykuo-MBP:~ cykuo$ ssh -vvv root@my_server_ip
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 51: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to my_server_ip [my_server_ip] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/cykuo/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/cykuo/.ssh/id_rsa type 1
debug1: identity file /Users/cykuo/.ssh/id_rsa-cert type -1
debug1: identity file /Users/cykuo/.ssh/id_dsa type -1
debug1: identity file /Users/cykuo/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "my_server_ip" from file "/Users/cykuo/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Operation timed out
cykuo-MBP:~ cykuo$I used to use 2 keyboard keys - It now works with only 1.
So it works now , but different.
Thank you.
Maybe you are looking for
-
AR Aging report... partial payment Report
Dear Experts, In the Aging Report i have the Scenario that partial payment's record should not fell on the bucket based on Net Value of that record, instead it should refer some reference field. which field it has to refer?
-
What's The Point Of Having DVRS If The Guide Is Incorrect?
As the holiday season is upon us with a new year right around the corner verizon's guide issues still continue to get worse and worse with each day that passes with no end in sight as to verizon actually making an effort to correct the guide issues t
-
After years of using iTunes on my G4 suddenly it won't open. Error message says "The file "iTunes Library" cannot be read because it was created by a newer version of iTunes". What do I do? I have been attempting to move my Library to a newer MacB
-
Drop down box in selection screen
Hi all, I have a requirement in which i need to display a drop down list box for some of the fields in the input selection screen like 1) status to be A) Yes b) No and the 2) Order field to be A) Not started B) In Progress C) Complete....
-
Could someone help me with load balancing, current stats: I have a limited understanding, but from what I can make out, we have a significant number of clients being denied association and load balancing to different AP's but then the candidate count