Allow listen ports and new connections to localhost

sodabrew's Avatar

sodabrew

05 Aug, 2015 07:24 PM

I am seeing consistent failures in the unit test suite for the EventMachine Ruby gem where it cannot connect to local ports. The unit test basically creates local dummy services and then connects to them to make sure the connections succeed.

I'm also not able to do DNS resolution from within EventMachine, which may be related.
https://ci.appveyor.com/project/sodabrew/eventmachine/build/44/job/...

I tried following steps at https://support.microsoft.com/en-us/kb/947709 as suggested by http://help.appveyor.com/discussions/problems/596-conection-refused... but this didn't help.

The appveyor.yml command I ran was:

install:
  - netsh advfirewall firewall add rule name="Ruby" dir=in action=allow program="C:\Ruby%ruby_version%\bin\ruby.exe" enable=yes remoteip=127.0.0.1/24,LocalSubnet
  1. Support Staff 1 Posted by Feodor Fitsner on 05 Aug, 2015 07:53 PM

    Feodor Fitsner's Avatar

    Why do you think it's firewall problem (especially, when it's loopback address)?

    Try using netstat -ab command to see what process is listening and on what port.

    In general, listening on 127.0.0.1 and requesting it locally works like in this example with local IIS: https://ci.appveyor.com/project/FeodorFitsner/simple-console/build/...

  2. 2 Posted by sodabrew on 07 Aug, 2015 07:14 AM

    sodabrew's Avatar

    I was suspecting the firewall settings because I cannot reproduce these failures on my local Windows installation, neither Windows 8.1 Enterprise nor Windows 10. I was prompted to allow/deny Ruby to listen on the network interfaces, which I allowed, so I wondered if I needed to do the same thing for AppVeyor's instances.

  3. Support Staff 3 Posted by Feodor Fitsner on 07 Aug, 2015 10:35 PM

    Feodor Fitsner's Avatar

    So, it's kind of passing that window asking for permission to use network?
    OK, can you see that window if logged to build worker via RDP?

  4. 4 Posted by gabriel.schulho... on 29 Nov, 2017 09:30 PM

    gabriel.schulhof's Avatar

    Hello!

    I have a similar problem. I'm working on https://github.com/otcshare/iotivity-node, and I ran https://ci.appveyor.com/project/gabrielschulhof/iotivity-node-roxkw/build/1.0.696/job/4b9mt02iptt0k0on#L848 where, as you can see, all the tests pass except the one attempting to use DTLS. This test passes locally in my Windows 10 VirtualBox VM. However, the first time I ran it, it popped a message asking whether I want to allow connections of the kind. I quickly answered before the test would fail, so I didn't really have time to look at the contents of the dialog.

    Is there a way to turn off the firewall using the appveyor.yml file?

    Alternatively, how do I log into the build worker via RDP, as you suggest above?

    Thanks in advance for your help and advice!

  5. 5 Posted by gabriel.schulho... on 29 Nov, 2017 10:13 PM

    gabriel.schulhof's Avatar

    I've tried adding

    - ps: Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

    to the install step, but it hasn't helped.

  6. 6 Posted by Ilya Finkelshte... on 29 Nov, 2017 10:39 PM

    Ilya Finkelshteyn's Avatar

    @gabriel as I understand you are starting server before trying to connect to it here and shut it down after test.

    What I would recommend is to connect with blocking RDP on build finish (doc) and do the following:

    • try run test manually and see if that dialog pops up and if it works with RDP. Make screenshot of that dialog :)

    • if dialog does not pops up and error reproduces on RDP, try the following

      • modify test to do not stop server
      • run netstat -na -p UDP before and after test. Thus we will see if server really started listening and on what port.

    Please let us know what you found.

    Thanks!
    Ilya.

  7. 7 Posted by gabriel.schulho... on 03 Dec, 2017 11:14 PM

    gabriel.schulhof's Avatar

    The dialog did not pop up. I ran netstat -apn before, during, and after the test, and I got the following results:

    C:\Users\appveyor>netstat -apn UDP
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      UDP    0.0.0.0:500            *:*
      UDP    0.0.0.0:3389           *:*
      UDP    0.0.0.0:4500           *:*
      UDP    0.0.0.0:5355           *:*
      UDP    192.168.0.203:137      *:*
      UDP    192.168.0.203:138      *:*
    
    C:\Users\appveyor>netstat -apn UDP
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      UDP    0.0.0.0:500            *:*
      UDP    0.0.0.0:3389           *:*
      UDP    0.0.0.0:4500           *:*
      UDP    0.0.0.0:5355           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:51928          *:*
      UDP    0.0.0.0:51929          *:*
      UDP    0.0.0.0:51932          *:*
      UDP    0.0.0.0:51933          *:*
      UDP    192.168.0.203:137      *:*
      UDP    192.168.0.203:138      *:*
    
    C:\Users\appveyor>netstat -apn UDP
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      UDP    0.0.0.0:500            *:*
      UDP    0.0.0.0:3389           *:*
      UDP    0.0.0.0:4500           *:*
      UDP    0.0.0.0:5355           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:51928          *:*
      UDP    0.0.0.0:51929          *:*
      UDP    0.0.0.0:51932          *:*
      UDP    0.0.0.0:51933          *:*
      UDP    192.168.0.203:137      *:*
      UDP    192.168.0.203:138      *:*
    
    C:\Users\appveyor>netstat -apn UDP
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      UDP    0.0.0.0:500            *:*
      UDP    0.0.0.0:3389           *:*
      UDP    0.0.0.0:4500           *:*
      UDP    0.0.0.0:5355           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5683           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:5684           *:*
      UDP    0.0.0.0:51928          *:*
      UDP    0.0.0.0:51929          *:*
      UDP    0.0.0.0:51932          *:*
      UDP    0.0.0.0:51933          *:*
      UDP    192.168.0.203:137      *:*
      UDP    192.168.0.203:138      *:*
    
    C:\Users\appveyor>netstat -apn UDP
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      UDP    0.0.0.0:500            *:*
      UDP    0.0.0.0:3389           *:*
      UDP    0.0.0.0:4500           *:*
      UDP    0.0.0.0:5355           *:*
      UDP    192.168.0.203:137      *:*
      UDP    192.168.0.203:138      *:*
    
    C:\Users\appveyor>
    

    So, the server is indeed listening during the test, yet the client is unable to connect to it.

    In fact, I ran just the server, and, indeed, more UDP ports are open when the server is running than there are when it is not.

  8. 8 Posted by gabriel.schulho... on 04 Dec, 2017 03:30 PM

    gabriel.schulhof's Avatar

    I'm not sure if it makes a difference, but the server does not listen on pre-determined ports. It listens on different ports at different times.

  9. 9 Posted by Ilya Finkelshte... on 04 Dec, 2017 11:37 PM

    Ilya Finkelshteyn's Avatar

    Is client tying to connect to the port opened by server?

    Also can you please run Get-NetUDPEndpoint instead of netstat -apn UDP because it will show also IPv6 information (I just realized that client is trying to open IPv6 endpoint).

  10. 10 Posted by Ovan Crone on 25 Dec, 2017 05:24 PM

    Ovan Crone's Avatar

    I am having the same issue. I am binding to 0.0.0.0:12345, works fine on all dev machines, but yes, you do have to accept the firewall dialog.

  11. 11 Posted by Ilya Finkelshte... on 27 Dec, 2017 10:37 PM

    Ilya Finkelshteyn's Avatar

    @ Ovan Crone can you provide a repro? Also if you add RDP, do you see the same firewall dialog on the AppVeyor VM? You can add non-blocking RDP at the init stage and blocking RDP at on_finish stage.

  12. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:25 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac