But why then I got "connection refused" when trying to connect over tcp to my server? I thought I need to allow required ports to enable connection.
Connection refused means you received a RST packet in response to a SYN (connection attempt). Which means there's nothing listening on that port. If a firewall would block it you would get a "connection timed out" or similar error message.
I've wrote a server to listen tcp connections and test in on my local machine (mac), then I moved server on remote machine (FreeBSD) and when trying to connect I'm getting error.
Your service failed to start or isn't started at all. Or it's listening on a different port. As I said, a "connection refused" means you received a RST. You will receive a RST if you try to connect to a closed port. This has nothing to do with a firewall.
It's not. There is NO firewall turned on by default. That was the case 7 years ago, and is still the case today.
Hm...ok, it's strange because on my local machine it works fine but on remote machine I got error
and by the way I also can't connect with VS Code remote ssh plugin to my FreeBSD server as I did earlier with Linux machine.
This sounds more like your FreeBSD machine isn't even connected to the network. Or it doesn't have the IP address you think it has, in other words you're connecting to the wrong IP. That IP might belong to a different system (which doesn't have these services running). Another potential cause could be an IP conflict, two machines on the network having the same IP address.Hm...ok, it's strange because on my local machine it works fine but on remote machine I got error
This at least should be kind of on-topic in the thread: A good firewall software will leave you a choice whether packets are properly rejected (e.g. for TCP using RST) or just dropped.
There's some potential that a firewall returning an RST could result in some information leakage. If you look at the differences of the TTL value of a response between an open and firewalled port. The firewalled port will have a higher TTL value. Pretty much all firewalls default to a 'drop', not a 'block-return'.
I can connect to FreeBSD machine over ssh to compile server code so it is visible and have IP.
I've tested server code on my local mac and it works. If there were any errors during server startup I'll see error cause I check every return value related to socket creation and listening.
#include <err.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/event.h>
#include <sys/socket.h>
#include <unistd.h>
#define NUM_CLIENTS 10
#define MAX_EVENTS 32
#define MAX_MSG_SIZE 256
extern char * __progname;
struct client_data {
int fd;
} clients[NUM_CLIENTS];
int get_conn(int fd) {
for (int i = 0; i < NUM_CLIENTS; i++)
if (clients[i].fd == fd)
return i;
return -1;
}
int conn_add(int fd) {
if (fd < 1) return -1;
int i = get_conn(0);
if (i == -1) return -1;
clients[i].fd = fd;
return 0;
}
int conn_del(int fd) {
if (fd < 1) return -1;
int i = get_conn(fd);
if (i == -1) return -1;
clients[i].fd = 0;
return close(fd);
}
void recv_msg(int s) {
char buf[MAX_MSG_SIZE];
int bytes_read = recv(s, buf, sizeof(buf) - 1, 0);
buf[bytes_read] = 0;
printf("\nclient #%d: %s", get_conn(s), buf);
fflush(stdout);
}
void send_welcome_msg(int s) {
char msg[80];
sprintf(msg, "welcome! you are client #%d!\n", get_conn(s));
send(s, msg, strlen(msg), 0);
}
void run_event_loop(int kq, int local_s) {
struct kevent evSet;
struct kevent evList[MAX_EVENTS];
struct sockaddr_storage addr;
socklen_t socklen = sizeof(addr);
printf("strarted to listen\n");
while (1) {
int num_events = kevent(kq, NULL, 0, evList, MAX_EVENTS, NULL);
for (int i = 0; i < num_events; i++) {
// receive new connection
if (evList[i].ident == local_s) {
int fd = accept(evList[i].ident, (struct sockaddr *) &addr, &socklen);
if (conn_add(fd) == 0) {
EV_SET(&evSet, fd, EVFILT_READ, EV_ADD, 0, 0, NULL);
kevent(kq, &evSet, 1, NULL, 0, NULL);
send_welcome_msg(fd);
} else {
printf("connection refused.\n");
close(fd);
}
} // client disconnected
else if (evList[i].flags & EV_EOF) {
int fd = evList[i].ident;
printf("client #%d disconnected.\n", get_conn(fd));
EV_SET(&evSet, fd, EVFILT_READ, EV_DELETE, 0, 0, NULL);
kevent(kq, &evSet, 1, NULL, 0, NULL);
conn_del(fd);
} // read message from client
else if (evList[i].filter == EVFILT_READ) {
recv_msg(evList[i].ident);
}
}
}
}
int create_socket_and_listen() {
struct addrinfo *addr;
struct addrinfo hints;
memset(&hints, 0, sizeof hints);
hints.ai_flags = AI_PASSIVE;
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
getaddrinfo("127.0.0.1", "8080", &hints, &addr);
int local_s = socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
int bindResult = bind(local_s, addr->ai_addr, addr->ai_addrlen);
if(bindResult != 0) {
printf("bindResult %d\n", bindResult);
exit(bindResult);
}
int listenResult = listen(local_s, 5);
if(listenResult != 0) {
printf("listenResult %d\n", listenResult);
exit(listenResult);
}
return local_s;
}
int main(int argc, char *argv[]) {
int local_s = create_socket_and_listen();
int kq = kqueue();
struct kevent evSet;
EV_SET(&evSet, local_s, EVFILT_READ, EV_ADD, 0, 0, NULL);
kevent(kq, &evSet, 1, NULL, 0, NULL);
run_event_loop(kq, local_s);
return EXIT_SUCCESS;
}I think it's not code related because it works fine on my local machine I think the problem is related to some FreeBSD settings.
Is this supposed to be some sort of troll? I mean, you hardcode
127.0.0.1, the IPv4 address of the local loopback interface, for binding/listening, and expect to connect to that from some remote machine?Millions of tons of excuses ((( I just copy-pasted it from my local machine. Now it works on remote machine too. Thank you
okay, so you really didn't notice. Stupid stuff like that happens! Still please don't "hijack" some ancient thread next time, thanks