zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vincenzo D'Amore" <v.dam...@gmail.com>
Subject Re: VPN Zookeeper client connection
Date Tue, 09 Jun 2015 20:59:21 GMT
Thanks Chris for your explanation, yes there was a setup blocking outbound
traffic.

On Tue, Jun 9, 2015 at 7:08 PM, Chris Nauroth <cnauroth@hortonworks.com>
wrote:

> Hello Vincenzo,
>
> The 53159 port in this log doesn't represent a different, second
> connection.  (There is no second TCP handshake initiated by sending a new
> SYN packet.)  Instead, 53159 is the ephemeral port that the client
> selected for its end of the socket connection.
>
> Ephemeral ports are assigned by the OS, so the ZooKeeper software doesn't
> have direct control over which port will be chosen.  Different OSes use a
> different range by default, and the range can be reconfigured to something
> else in the OS.  The IANA suggests 49152-65535, and this is what modern
> versions of FreeBSD and Windows use by default.  Linux typically uses
> 32768-61000 by default.
>
> Is it possible that your VPN setup is blocking outbound traffic on
> ephemeral ports?  If so, then that could explain what you're seeing.  I'd
> also expect it would break other client/server software.
>
> If you absolutely must bind the client to a specific port number and open
> a firewall rule for just that port, then you might be able to achieve that
> by writing a custom class that subclasses
> org.apache.zookeeper.ClientCnxnSocket and then starting the process with
> argument -Dzookeeper.clientCnxnSocket=<your fully qualified class name>.
> For more details, see the code here:
>
> https://github.com/apache/zookeeper/blob/release-3.4.6/src/java/main/org/ap
> ache/zookeeper/ZooKeeper.java#L1772-1787
>
>
> I haven't tried it myself, but this might give you a way to bind to a
> specific local port.
>
> --Chris Nauroth
>
>
>
>
> On 6/9/15, 5:30 AM, "Vincenzo D'Amore" <v.damore@gmail.com> wrote:
>
> >Hi all,
> >
> >I'm unable to upload a file into a zookeeper instance running behind a
> >VPN.
> >
> >As far as I understood, after the first connection to client port 2181,
> >there is a second connection from client to server to a random port which
> >is dynamically assigned by zookeeper server.
> >
> >INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197
> ]
> >- Accepted socket connection from /10.0.2.2:53159
> >INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868] -
> >Client attempting to establish new session at /10.0.2.2:53159
> >INFO  [SyncThread:0:ZooKeeperServer@617] - Established session
> >0x14dd817fa700010 with negotiated timeout 20000 for client /
> 10.0.2.2:53159
> >WARN  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@357] -
> >caught end of stream exception
> >EndOfStreamException: Unable to read additional data from client sessionid
> >0x14dd817fa700010, likely client has closed socket
> >at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228)
> >at
> >org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.
> >java:208)
> >at java.lang.Thread.run(Thread.java:745)
> >
> >53159 port is unreachable from outside, because it is random and cannot be
> >mapped to VPN access rules.
> >
> >Is there a way to workaround this problem?
> >May I define a static port or a port range for the second connection?
> >
> >
> >
> >--
> >Vincenzo D'Amore
> >email: v.damore@gmail.com
> >skype: free.dev
> >mobile: +39 349 8513251
>
>


-- 
Vincenzo D'Amore
email: v.damore@gmail.com
skype: free.dev
mobile: +39 349 8513251

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message