154

I'm trying to write a server program in C, using another client, I get this error when I try to connect through port 2080 for example.

connection refused

What can be the reasons of this error?

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
Zenet
  • 6,961
  • 13
  • 38
  • 45
  • I just got this error, because of a mistake of the server where I host my website. The server could still be `ping`ed, http://www.downforeveryoneorjustme.com/ showed that it's not just me and I could also still access it via FTP. After a couple of minutes the mistakes was resolved. – Martin Thoma Dec 01 '14 at 16:39
  • 2
    @moose: ping does not tell you whether a specific port is accessible ad listening, only whether the IP address is reachable. But `connect()` depends on a specific IP and port being ready for use. – Remy Lebeau May 21 '15 at 19:02
  • 1
    Server Fault has a canonical question about [Connection Refused](http://serverfault.com/questions/725262/what-causes-the-connection-refused-message). – Raedwald Sep 30 '15 at 12:34
  • Here's a succinct explanation of [Connection Refused](https://www.corvil.com/kb/what-is-a-tcp-connection-refused). – rbinnun May 09 '18 at 13:47
  • I got a connection refused on Ubuntu because I was trying to receive connection on 'localhost' but 'localhost' was not properly configured on my machine. Changing 'localhost' to '' (Python) solved the problem. – user1097111 Mar 12 '19 at 23:42

14 Answers14

138

There could be many reasons, but the most common are:

  1. The port is not open on the destination machine.

  2. The port is open on the destination machine, but its backlog of pending connections is full.

  3. A firewall between the client and server is blocking access (also check local firewalls).

After checking for firewalls and that the port is open, use telnet to connect to the ip/port to test connectivity. This removes any potential issues from your application.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
a'r
  • 35,921
  • 7
  • 66
  • 67
  • 12
    Firewalls would normally give timeout errors, as the connect (SYN) packet is just discarded. Connection refused is because the server has received and rejected the SYN packet. – RedPandaCurios Feb 25 '10 at 11:04
  • 29
    Not always, as firewalls can be configured to reject rather than drop the packets. – a'r Feb 25 '10 at 11:05
  • connect() with incorrect Server IP address and port number configuration in client program will also result in errno 111. – smRaj Jan 14 '15 at 21:59
  • In addition: when you need to acces https, but you have specified http://... this error can also occur. – Fico Apr 10 '15 at 07:11
  • It can also happen if you have connected to that port already and further connections are refused, it is happening in my case. – cbinder May 15 '15 at 06:33
  • @cbinder: that can happen if the server is designed to accept only one connection at a time, or if it closes its listening port after accepting a connection. Most servers are designed to accept multiple connections on the same listening port, though. – Remy Lebeau May 21 '15 at 19:00
  • What about the "window size" thing in TCP? Is it the same as (3) ? –  Jun 03 '17 at 17:31
  • (2) is only true on Windows server hosts. Others just drop the SYNs which eventually lead to client connect timeouts. (1) and (3) are only true of firewalls that violate basic security by resetting instead of just silently dropping the SYNs. – user207421 Aug 16 '17 at 10:46
  • if the error was because the backlog were full, how would you fix it? – ACarter Feb 13 '18 at 19:15
  • 4
    @a'r How would you know the status of backlog? – Naveen Verma Jan 15 '19 at 12:31
  • If the backlog is full, the server should be able to drop the packet, the client will retry because of a timeout. – Sung Qee Mar 21 '19 at 06:22
  • What really often happens to me I forget to make htons to port or htonl to address, so I go to another port and don't know this. – dev_null Jul 19 '20 at 11:39
  • @a'r Just curious, what packet does the server transfer back when the backlog limit is reached in order to make the client consider that the connection is refused? Thanks! – Feng. Ma Jun 05 '21 at 16:01
85

The error means the OS of the listening socket recognized the inbound connection request but chose to intentionally reject it.

Assuming an intermediate firewall is not getting in the way, there are only two reasons (that I know of) for the OS to reject an inbound connection request. One reason has already been mentioned several times - the listening port being connected to is not open.

There is another reason that has not been mentioned yet - the listening port is actually open and actively being used, but its backlog of queued inbound connection requests has reached its maximum so there is no room available for the inbound connection request to be queued at that moment. The server code has not called accept() enough times yet to finish clearing out available slots for new queue items.

Wait a moment or so and try the connection again. Unfortunately, there is no way to differentiate between "the port is not open at all" and "the port is open but too busy right now". They both use the same generic error code.

Josh Darnell
  • 11,304
  • 9
  • 38
  • 66
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • 4
    There's also one edge case as explained here: http://www.softlab.ntua.gr/facilities/documentation/unix/unix-socket-faq/unix-socket-faq-3.html#ss3.6 . basically if you are stress testing your client/server app, and you are using the naive approach as mentioned in 3.6, "connection refused" error may happen, and it's different case from the above two. – ernesto Apr 17 '14 at 07:26
  • This needs to be upvoted. Once the obvious cause (nothing listening) has been resolved, then this is actually the most likely explanation, and fixing it can be a complex matter. – Graham Nicholls Nov 29 '17 at 12:11
  • if the backlog of queued inbound requests has reached it's maximum, how can we fix this? – ACarter Jan 26 '18 at 11:45
  • is a backlog queued by IP? I tried using telnet email-smtp.eu-west-1.amazonaws.com 25 from an EC2 instance and my local machine, the EC2 instance telnet call is giving connection refused while from my local machine it works – dresh Mar 10 '19 at 09:48
  • "nothing is listening" is probably caused by the machine being up but the server (software) e.g. Apache is not running. – ttulinsky Oct 25 '19 at 17:04
43

If you try to open a TCP connection to another host and see the error "Connection refused," it means that

  1. You sent a TCP SYN packet to the other host.
  2. Then you received a TCP RST packet in reply.

RST is a bit on the TCP packet which indicates that the connection should be reset. Usually it means that the other host has received your connection attempt and is actively refusing your TCP connection, but sometimes an intervening firewall may block your TCP SYN packet and send a TCP RST back to you.

See https://www.rfc-editor.org/rfc/rfc793 page 69:

SYN-RECEIVED STATE

If the RST bit is set

If this connection was initiated with a passive OPEN (i.e., came from the LISTEN state), then return this connection to LISTEN state and return. The user need not be informed. If this connection was initiated with an active OPEN (i.e., came from SYN-SENT state) then the connection was refused, signal the user "connection refused". In either case, all segments on the retransmission queue should be removed. And in the active OPEN case, enter the CLOSED state and delete the TCB, and return.

Community
  • 1
  • 1
James Brock
  • 3,236
  • 1
  • 28
  • 33
23

Connection refused means that the port you are trying to connect to is not actually open.

So either you are connecting to the wrong IP address, or to the wrong port, or the server is listening on the wrong port, or is not actually running.

A common mistake is not specifying the port number when binding or connecting in network byte order...

RedPandaCurios
  • 2,264
  • 12
  • 20
7

Check at the server side that it is listening at the port 2080. First try to confirm it on the server machine by issuing telnet to that port:

telnet localhost 2080

If it is listening, it is able to respond.

Adil
  • 2,418
  • 7
  • 34
  • 38
3

1.Check your server status.

2.Check the port status.

For example 3306 netstat -nupl|grep 3306.

3.Check your firewalls. For example add 3306

vim /etc/sysconfig/iptables
# add
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
Jack Sun
  • 277
  • 1
  • 3
  • 14
1

Although it does not seem to be the case for your situation, sometimes a connection refused error can also indicate that there is an ip address conflict on your network. You can search for possible ip conflicts by running:

 arp-scan -I eth0 -l | grep <ipaddress>

and 

arping <ipaddress>

This AskUbuntu question has some more information also.

Community
  • 1
  • 1
SnapShot
  • 5,464
  • 5
  • 42
  • 40
1

I get the same problem with my work computer. The problem is that when you enter localhost it goes to proxy's address not local address you should bypass it follow this steps

Chrome => Settings => Change proxy settings => LAN Settings => check Bypass proxy server for local addresses.

İbrahim Özbölük
  • 3,162
  • 23
  • 20
  • 1
    This fixed me up. But on my version of Chrome it was called "Open your computer's proxy settings" which opened up my MacOS proxy settings. From there I added a wildcard for the TLD I was using (*.test) for my local addresses under "Bypass Proxy Settings for Hosts & Domains" – Brimby Mar 05 '21 at 00:22
1

In Ubuntu, Try sudo ufw allow <port_number> to allow firewall access to both of your server and db.

rajeeva9
  • 139
  • 12
0

From the standpoint of a Checkpoint firewall, you will see a message from the firewall if you actually choose Reject as an Action thereby exposing to a propective attacker the presence of a firewall in front of the server. The firewall will silently drop all connections that doesn't match the policy. Connection refused almost always comes from the server

Julio Nalundasan
  • 9
  • 1
0

In my case, it happens when the site is blocked in my country and I don't use VPN. For example when I try to access vimeo.com from Indonesia which is blocked.

Aminah Nuraini
  • 18,120
  • 8
  • 90
  • 108
0
  • Check if your application is bind with the port where you are sending the request
  • Check if the application is accepting connections from the host you are sending the request, maybe you forgot to allow all the incoming connections 0.0.0.0 and by default, it's only allowing connections from 127.0.0.1
Vishrant
  • 15,456
  • 11
  • 71
  • 120
0

The error simply means that the connection request went through to the other computer, but the other computer had no idea what you were talking about.

There are two main reasons why this can happen:

  1. Nothing is listening on the IP:port you are trying to connect to.
  2. The port is blocked/closed by a firewall.

Nothing is listening: Check that you are trying to connect to the right device and that the right program/process is running on that device. For example, you could use telnet to check if anything is listening on a specific port on that device.

Port is blocked: check your firewall settings to see if the port is even open on the device you are trying to reach.

H2O
  • 23
  • 5
-1

I had the same message with a totally different cause: the wsock32.dll was not found. The ::socket(PF_INET, SOCK_STREAM, 0); call kept returning an INVALID_SOCKET but the reason was that the winsock dll was not loaded.

In the end I launched Sysinternals' process monitor and noticed that it searched for the dll 'everywhere' but didn't find it.

Silent failures are great!

xtofl
  • 40,723
  • 12
  • 105
  • 192
  • 1
    INVALID_SOCKET has nothing to do with 'connection refused'. 'Silent failures' can only occur if your code is missing required error handling. – user207421 Aug 16 '17 at 10:41
  • 1
    you mean I should have had a check that the dll was loaded? you are probably right. – xtofl Aug 16 '17 at 14:02