localhost port 80 not available

geletine · 06-11-2006, 11:43 AM

i have included them in my iptables script as

Code:

#!/bin/sh

IPT="/usr/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p udp --dport 80 -j ACCEPT

/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

echo "So let it be written. So let it be done.

the scripts works, but does not open port 80.

acid_kewpie · 06-11-2006, 02:00 PM

what makes you think that it's not open? you've not even mentioned anything about anythign listening on that port.

geletine · 06-11-2006, 03:36 PM

I am wanting to use exit 66 jukebox to stream audio on my network , when i run the app, it says port 80 is not being used, try another, it works fine on port 4773, but the other boxes on the network cannot access it, thereby i am inclined to get it working on port 80 after all i have no running port 80 being used according to nmap.

Code:

 nmap -sT -O localhost

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-06-11 21:32 BST
Interesting ports on allix.allix (127.0.0.1):
(The 1670 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
37/tcp   open  time
113/tcp  open  auth
631/tcp  open  ipp
6000/tcp open  X11
No exact OS matches for host (If you know what OS is running on it, see http://w    ww.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.03%P=x86_64-slackware-linux-gnu%D=6/11%Tm=448C7DF9%O=37%C=1)
TSeq(Class=RI%gcd=1%SI=1F13DD%IPID=Z%TS=U)
TSeq(Class=RI%gcd=1%SI=1F13DC%IPID=Z%TS=U)
T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=N)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Nmap finished: 1 IP address (1 host up) scanned in 9.638 seconds

Habu · 06-11-2006, 06:58 PM

Look at the nmap output, it says ports other than the ones listed are closed. This is correct, because i assume you have nothing listening on that port. If the firewall were blocking the port, nmap would say it's "filtered". But then again, running nmap against localhost wouldn't return accurate results, because the firewall often isn't configured to block connections from localhost. That's probably why all the ports are shown as closed and not filtered.
Now for that streaming app, are you running it as root? Have you tried doing so? Because i think only root is allowed to listen on ports below 1024. A quick (but lousy) fix would be to use iptables to redirect all connections to the machine on port 80 to port 4773. Then you'd be able to run the app as a non-privileged user.
You say it works fine on port 4773, but other machines can't access it, why is this so? I'd guess because you didn't open port 4773 in the firewall? Perhaps that would be a better solution, open that port and configure your clients to use that port.

geletine · 06-12-2006, 06:03 AM

thanks for that, i don;t run the streaming app as root, regarding your last point

if i added to iptables the following.

$IPT -A INPUT -p tcp --dport 4773 -j ACCEPT
$IPT -A INPUT -p udp --dport 4773 -j ACCEPT

would that open the ports for the other clients on the same network? or do i need to add something else ?

thanks

Habu · 06-12-2006, 06:14 AM

That should be all, you shouldn't need to configure the clients, they'd be able to open connections to any port (unless there are restrictions in place). So in your clients you'd just have to type in http://server_add:4773 in the web browser to access the app.

geletine · 06-12-2006, 06:37 AM

thanks that works

unfortunately i did not read the app specifications properly, the music is still played on the server, the clients pick a song from a list and the server plays it, very much like a jukebox.
Its a java app so i could not run it from root if i wanted port 80...

there seems to be a request for streaming audio
http://developer.berlios.de/feature/?group_id=4414

I look for another app ...

Habu · 06-12-2006, 07:52 AM

You could look into shoutcast, i believe it does what you're looking for.

geletine · 06-12-2006, 08:20 AM

icecast http://www.icecast.org/
and
muse http://muse.dyne.org/

does the work nicely