1025631 – can't connect to remote ports from gear - SELinux permission denied

Bug 1025631 - can't connect to remote ports from gear - SELinux permission denied

Summary: can't connect to remote ports from gear - SELinux permission denied

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	OpenShift Online
Classification:	Red Hat
Component:	Containers
Sub Component:
Version:	2.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Jhon Honce
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-01 06:38 UTC by William Monteiro
Modified:	2015-05-14 23:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-19 15:39:22 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description William Monteiro 2013-11-01 06:38:36 UTC

Description of problem:
Cannot use telnet on ssh shell, neither use php's fsockopen function to contact another server

Version-Release number of selected component (if applicable):


How reproducible:
try to telnet any domain and get a permission denied error.

Actual results:
telnet ssh.inf.ufsm.br
Trying 200.18.42.12...
telnet: connect to address 200.18.42.12: Permission denied

Expected results: (HOME)
telnet ssh.inf.ufsm.br
Trying 200.18.42.12...
telnet: connect to address 200.18.42.12: Connection refused
telnet: Unable to connect to remote host

Additional info:
trying to send sms through a sms gateway, but can't connect to it.
Thanks!

Comment 1 Clayton Coleman 2013-11-01 18:54:19 UTC

Hi William, you've got a PHP application, you're ssh'd into your gear, and you're trying to open a telnet session to the remote host from within the gear?

Comment 2 William Monteiro 2013-11-03 15:43:46 UTC

(In reply to Clayton Coleman from comment #1)
> Hi William, you've got a PHP application, you're ssh'd into your gear, and
> you're trying to open a telnet session to the remote host from within the
> gear?

yes, i need to connect to another host through php in my gear, but i am not allowed.

Comment 3 William Monteiro 2013-11-06 06:32:21 UTC

UPDATE: I can NOT telnet from any of my gears. Tried again, but still getting permission denied error.

Comment 4 Vojtech Vitek 2013-11-18 17:42:07 UTC

@William, are you really connecting to the remote host that is publicly accessible?

I just tried telnet from my PHP gear and it worked correctly:
> rhc ssh <php-app>
>
> telnet www.openshift.com 80
> Trying 107.21.108.229...
> Connected to www.openshift.com.
> Escape character is '^]'.
> GET / HTTP/1.1             
> host: www.openshift.com
> 
> HTTP/1.1 301 Moved Permanently
> Content-Type: text/html; charset=iso-8859-1
> Date: Mon, 18 Nov 2013 17:38:33 GMT
> Location: https://www.openshift.com/
> Server: Apache/2.2.15 (Red Hat)
> Content-Length: 318
> Connection: keep-alive
> 
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://www.openshift.com/">here</a>.</p>
> <hr>
> <address>Apache/2.2.15 (Red Hat) Server at www.openshift.com Port 80</address>
> </body></html>

Comment 5 William Monteiro 2013-11-18 19:36:45 UTC

On port 80, i can connect. But none other port.

telnet androidumes.no-ip.org 9090
Trying 186.252.152.241...
telnet: connect to address 186.252.152.241: Permission denied

Comment 7 Jhon Honce 2013-12-19 15:39:22 UTC

Current OpenShift Online security policies are being reviewed for relaxing outbound ports.  9090 is on the current blacklist.

Note You need to log in before you can comment on or make changes to this bug.