Hello Vincenzo, The 53159 port in this log doesn't represent a different, second connection. (There is no second TCP handshake initiated by sending a new SYN packet.) Instead, 53159 is the ephemeral port that the client selected for its end of the socket connection.
Ephemeral ports are assigned by the OS, so the ZooKeeper software doesn't have direct control over which port will be chosen. Different OSes use a different range by default, and the range can be reconfigured to something else in the OS. The IANA suggests 49152-65535, and this is what modern versions of FreeBSD and Windows use by default. Linux typically uses 32768-61000 by default. Is it possible that your VPN setup is blocking outbound traffic on ephemeral ports? If so, then that could explain what you're seeing. I'd also expect it would break other client/server software. If you absolutely must bind the client to a specific port number and open a firewall rule for just that port, then you might be able to achieve that by writing a custom class that subclasses org.apache.zookeeper.ClientCnxnSocket and then starting the process with argument -Dzookeeper.clientCnxnSocket=<your fully qualified class name>. For more details, see the code here: https://github.com/apache/zookeeper/blob/release-3.4.6/src/java/main/org/ap ache/zookeeper/ZooKeeper.java#L1772-1787 I haven't tried it myself, but this might give you a way to bind to a specific local port. --Chris Nauroth On 6/9/15, 5:30 AM, "Vincenzo D'Amore" <[email protected]> wrote: >Hi all, > >I'm unable to upload a file into a zookeeper instance running behind a >VPN. > >As far as I understood, after the first connection to client port 2181, >there is a second connection from client to server to a random port which >is dynamically assigned by zookeeper server. > >INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] >- Accepted socket connection from /10.0.2.2:53159 >INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868] - >Client attempting to establish new session at /10.0.2.2:53159 >INFO [SyncThread:0:ZooKeeperServer@617] - Established session >0x14dd817fa700010 with negotiated timeout 20000 for client /10.0.2.2:53159 >WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@357] - >caught end of stream exception >EndOfStreamException: Unable to read additional data from client sessionid >0x14dd817fa700010, likely client has closed socket >at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228) >at >org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory. >java:208) >at java.lang.Thread.run(Thread.java:745) > >53159 port is unreachable from outside, because it is random and cannot be >mapped to VPN access rules. > >Is there a way to workaround this problem? >May I define a static port or a port range for the second connection? > > > >-- >Vincenzo D'Amore >email: [email protected] >skype: free.dev >mobile: +39 349 8513251
