SSH forwarding error: bind: Cannot assign requested address
David Medinets
david.medinets at gmail.com
Mon Jul 30 10:26:29 UTC 2012
Thanks again for taking the time to help. I removed that rule as shown
below. But the same error is still happening. I don't know what you
meant by "Hopefully a move to a REST API instead of ssh tunneling
should alleviate that." Is that something I should do? I own the
server. It is for experimentation so that I can learn juju and other
tools.
medined at affy:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:2181
ACCEPT tcp -- anywhere anywhere tcp dpt:2888
ACCEPT tcp -- anywhere anywhere tcp dpt:3888
ACCEPT tcp -- anywhere anywhere tcp dpt:9000
ACCEPT tcp -- anywhere anywhere tcp dpt:9001
ACCEPT tcp -- anywhere anywhere tcp dpt:50010
ACCEPT tcp -- anywhere anywhere tcp dpt:50020
ACCEPT tcp -- anywhere anywhere tcp dpt:50030
ACCEPT tcp -- anywhere anywhere tcp dpt:50060
ACCEPT tcp -- anywhere anywhere tcp dpt:50070
ACCEPT tcp -- anywhere anywhere tcp dpt:50075
ACCEPT tcp -- anywhere anywhere tcp dpt:4560
ACCEPT tcp -- anywhere anywhere tcp dpt:9997
ACCEPT tcp -- anywhere anywhere tcp dpt:9999
ACCEPT tcp -- anywhere anywhere tcp dpt:11224
ACCEPT tcp -- anywhere anywhere tcp dpt:12234
ACCEPT tcp -- anywhere anywhere tcp dpt:50095
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit:
avg 5/min burst 5 LOG level debug prefix "iptables denied: "
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
On Sun, Jul 29, 2012 at 10:47 AM, Kapil Thangavelu
<kapil.thangavelu at canonical.com> wrote:
>
> from your listing below this rule is your problem, probably worthwhile to
> figure out why its being inserted. I would guess some sort of firewall
> management tool (shorewall, etc) with a default deny policy.
>
> REJECT all -- anywhere anywhere reject-with
> icmp-port-unreachable
>
> Just to clarify this is your juju client machine as a hostile environment
> for using an open port. Hopefully a move to a REST api instead of ssh
> tunneling should alleviate that.
>
> hope that helps,
>
> Kapil
>
>
> On Sat, Jul 28, 2012 at 10:27 PM, David Medinets <david.medinets at gmail.com>
> wrote:
>>
>> The issue is back. I did remove that rule. To review, juju bootstrap
>> works but juju status displays
>>
>> SSH forwarding error: bind: Cannot assign requested address
>>
>> The response from 'iptables -L' is:
>>
>> medined at affy:~$ sudo iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT all -- anywhere anywhere
>> ACCEPT all -- anywhere anywhere state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- anywhere anywhere tcp dpt:http
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:https
>> ACCEPT tcp -- anywhere anywhere tcp dpt:2181
>> ACCEPT tcp -- anywhere anywhere tcp dpt:2888
>> ACCEPT tcp -- anywhere anywhere tcp dpt:3888
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9000
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9001
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50010
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50020
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50030
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50060
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50070
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50075
>> ACCEPT tcp -- anywhere anywhere tcp dpt:4560
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9997
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9999
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:11224
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:12234
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:50095
>> ACCEPT tcp -- anywhere anywhere state
>> NEW tcp dpt:ssh
>> ACCEPT icmp -- anywhere anywhere icmp
>> echo-request
>> LOG all -- anywhere anywhere limit:
>> avg 5/min burst 5 LOG level debug prefix "iptables denied: "
>> REJECT all -- anywhere anywhere
>> reject-with icmp-port-unreachable
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>> REJECT all -- anywhere anywhere
>> reject-with icmp-port-unreachable
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT all -- anywhere anywhere
>>
>> ---
>>
>> I just don't know enough about iptables and this kind of security to
>> resolve the issue. Juju is so promising that I want it to work. Please
>> let me know if there is anything I can do on my side to help determine
>> where the issue is.
>>
>> Thank you for your help so far.
>
>
More information about the Juju
mailing list