Thanks Chris for your explanation, yes there was a setup blocking outbound traffic.
On Tue, Jun 9, 2015 at 7:08 PM, Chris Nauroth <[email protected]> wrote: > Hello Vincenzo, > > The 53159 port in this log doesn't represent a different, second > connection. (There is no second TCP handshake initiated by sending a new > SYN packet.) Instead, 53159 is the ephemeral port that the client > selected for its end of the socket connection. > > Ephemeral ports are assigned by the OS, so the ZooKeeper software doesn't > have direct control over which port will be chosen. Different OSes use a > different range by default, and the range can be reconfigured to something > else in the OS. The IANA suggests 49152-65535, and this is what modern > versions of FreeBSD and Windows use by default. Linux typically uses > 32768-61000 by default. > > Is it possible that your VPN setup is blocking outbound traffic on > ephemeral ports? If so, then that could explain what you're seeing. I'd > also expect it would break other client/server software. > > If you absolutely must bind the client to a specific port number and open > a firewall rule for just that port, then you might be able to achieve that > by writing a custom class that subclasses > org.apache.zookeeper.ClientCnxnSocket and then starting the process with > argument -Dzookeeper.clientCnxnSocket=<your fully qualified class name>. > For more details, see the code here: > > https://github.com/apache/zookeeper/blob/release-3.4.6/src/java/main/org/ap > ache/zookeeper/ZooKeeper.java#L1772-1787 > > > I haven't tried it myself, but this might give you a way to bind to a > specific local port. > > --Chris Nauroth > > > > > On 6/9/15, 5:30 AM, "Vincenzo D'Amore" <[email protected]> wrote: > > >Hi all, > > > >I'm unable to upload a file into a zookeeper instance running behind a > >VPN. > > > >As far as I understood, after the first connection to client port 2181, > >there is a second connection from client to server to a random port which > >is dynamically assigned by zookeeper server. > > > >INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197 > ] > >- Accepted socket connection from /10.0.2.2:53159 > >INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868] - > >Client attempting to establish new session at /10.0.2.2:53159 > >INFO [SyncThread:0:ZooKeeperServer@617] - Established session > >0x14dd817fa700010 with negotiated timeout 20000 for client / > 10.0.2.2:53159 > >WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@357] - > >caught end of stream exception > >EndOfStreamException: Unable to read additional data from client sessionid > >0x14dd817fa700010, likely client has closed socket > >at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228) > >at > >org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory. > >java:208) > >at java.lang.Thread.run(Thread.java:745) > > > >53159 port is unreachable from outside, because it is random and cannot be > >mapped to VPN access rules. > > > >Is there a way to workaround this problem? > >May I define a static port or a port range for the second connection? > > > > > > > >-- > >Vincenzo D'Amore > >email: [email protected] > >skype: free.dev > >mobile: +39 349 8513251 > > -- Vincenzo D'Amore email: [email protected] skype: free.dev mobile: +39 349 8513251
