Bug 1025631 - can't connect to remote ports from gear - SELinux permission denied
can't connect to remote ports from gear - SELinux permission denied
Status: CLOSED UPSTREAM
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Jhon Honce
libra bugs
: SupportQuestion
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-01 02:38 EDT by William Monteiro
Modified: 2015-05-14 19:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-19 10:39:22 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description William Monteiro 2013-11-01 02:38:36 EDT
Description of problem:
Cannot use telnet on ssh shell, neither use php's fsockopen function to contact another server

Version-Release number of selected component (if applicable):


How reproducible:
try to telnet any domain and get a permission denied error.

Actual results:
telnet ssh.inf.ufsm.br
Trying 200.18.42.12...
telnet: connect to address 200.18.42.12: Permission denied

Expected results: (HOME)
telnet ssh.inf.ufsm.br
Trying 200.18.42.12...
telnet: connect to address 200.18.42.12: Connection refused
telnet: Unable to connect to remote host

Additional info:
trying to send sms through a sms gateway, but can't connect to it.
Thanks!
Comment 1 Clayton Coleman 2013-11-01 14:54:19 EDT
Hi William, you've got a PHP application, you're ssh'd into your gear, and you're trying to open a telnet session to the remote host from within the gear?
Comment 2 William Monteiro 2013-11-03 10:43:46 EST
(In reply to Clayton Coleman from comment #1)
> Hi William, you've got a PHP application, you're ssh'd into your gear, and
> you're trying to open a telnet session to the remote host from within the
> gear?

yes, i need to connect to another host through php in my gear, but i am not allowed.
Comment 3 William Monteiro 2013-11-06 01:32:21 EST
UPDATE: I can NOT telnet from any of my gears. Tried again, but still getting permission denied error.
Comment 4 Vojtech Vitek 2013-11-18 12:42:07 EST
@William, are you really connecting to the remote host that is publicly accessible?

I just tried telnet from my PHP gear and it worked correctly:
> rhc ssh <php-app>
>
> telnet www.openshift.com 80
> Trying 107.21.108.229...
> Connected to www.openshift.com.
> Escape character is '^]'.
> GET / HTTP/1.1             
> host: www.openshift.com
> 
> HTTP/1.1 301 Moved Permanently
> Content-Type: text/html; charset=iso-8859-1
> Date: Mon, 18 Nov 2013 17:38:33 GMT
> Location: https://www.openshift.com/
> Server: Apache/2.2.15 (Red Hat)
> Content-Length: 318
> Connection: keep-alive
> 
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://www.openshift.com/">here</a>.</p>
> <hr>
> <address>Apache/2.2.15 (Red Hat) Server at www.openshift.com Port 80</address>
> </body></html>
Comment 5 William Monteiro 2013-11-18 14:36:45 EST
On port 80, i can connect. But none other port.

telnet androidumes.no-ip.org 9090
Trying 186.252.152.241...
telnet: connect to address 186.252.152.241: Permission denied
Comment 7 Jhon Honce 2013-12-19 10:39:22 EST
Current OpenShift Online security policies are being reviewed for relaxing outbound ports.  9090 is on the current blacklist.

Note You need to log in before you can comment on or make changes to this bug.