Red Hat Bugzilla – Bug 1025631
can't connect to remote ports from gear - SELinux permission denied
Last modified: 2015-05-14 19:32:15 EDT
Description of problem:
Cannot use telnet on ssh shell, neither use php's fsockopen function to contact another server
Version-Release number of selected component (if applicable):
try to telnet any domain and get a permission denied error.
telnet: connect to address 184.108.40.206: Permission denied
Expected results: (HOME)
telnet: connect to address 220.127.116.11: Connection refused
telnet: Unable to connect to remote host
trying to send sms through a sms gateway, but can't connect to it.
Hi William, you've got a PHP application, you're ssh'd into your gear, and you're trying to open a telnet session to the remote host from within the gear?
(In reply to Clayton Coleman from comment #1)
> Hi William, you've got a PHP application, you're ssh'd into your gear, and
> you're trying to open a telnet session to the remote host from within the
yes, i need to connect to another host through php in my gear, but i am not allowed.
UPDATE: I can NOT telnet from any of my gears. Tried again, but still getting permission denied error.
@William, are you really connecting to the remote host that is publicly accessible?
I just tried telnet from my PHP gear and it worked correctly:
> rhc ssh <php-app>
> telnet www.openshift.com 80
> Trying 18.104.22.168...
> Connected to www.openshift.com.
> Escape character is '^]'.
> GET / HTTP/1.1
> host: www.openshift.com
> HTTP/1.1 301 Moved Permanently
> Content-Type: text/html; charset=iso-8859-1
> Date: Mon, 18 Nov 2013 17:38:33 GMT
> Location: https://www.openshift.com/
> Server: Apache/2.2.15 (Red Hat)
> Content-Length: 318
> Connection: keep-alive
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <title>301 Moved Permanently</title>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://www.openshift.com/">here</a>.</p>
> <address>Apache/2.2.15 (Red Hat) Server at www.openshift.com Port 80</address>
On port 80, i can connect. But none other port.
telnet androidumes.no-ip.org 9090
telnet: connect to address 22.214.171.124: Permission denied
Current OpenShift Online security policies are being reviewed for relaxing outbound ports. 9090 is on the current blacklist.