LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-31-2006, 08:28 AM   #1
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Rep: Reputation: 15
Firewall Blocking Music Sharing


Hey, I've just installed Banshee to share music to my mac, it works fine when the firewall is off, but when I turn it on it the mac still detects the libary, but it will not allow me to view it and just says i need to allow port 3689 on the other machine, which according to nmap, it is already open

suse:~ # nmap localhost

Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-05-31 13:26 BST
Interesting ports on localhost (127.0.0.1):
(The 1661 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
3689/tcp open rendezvous
5800/tcp open vnc-http
5801/tcp open vnc-http-1
5900/tcp open vnc
5901/tcp open vnc-1

Nmap finished: 1 IP address (1 host up) scanned in 0.240 seconds
 
Old 05-31-2006, 09:12 AM   #2
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
what about UDP?

what does
Code:
iptables -L
show?
 
Old 05-31-2006, 09:37 AM   #3
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
\suse:~ # \iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
suse:~ #
 
Old 06-04-2006, 10:53 AM   #4
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
Bump, please help
 
Old 06-04-2006, 03:02 PM   #5
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slack 10.2 kde 3.4.2 kernel 2.6.15
Posts: 452

Rep: Reputation: 30
how are the two machines connected,via a router ?
 
Old 06-04-2006, 05:05 PM   #6
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
Yea a router, but I dont think it has anything to do with that as it works when the linux machines firewall is turned off.
 
Old 06-04-2006, 05:22 PM   #7
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slack 10.2 kde 3.4.2 kernel 2.6.15
Posts: 452

Rep: Reputation: 30
which firewall are you turning on and off.
Iptables?

I would say that you to look at the firewall rules when it is on and see if there is anything there that would block the port in question if you havn't already done so.
 
Old 06-04-2006, 05:43 PM   #8
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
I'm just going through yast and turning it off, i've got all internet traffic allowed
 
Old 06-04-2006, 05:53 PM   #9
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slack 10.2 kde 3.4.2 kernel 2.6.15
Posts: 452

Rep: Reputation: 30
can you do iptables -L when the firewall is turned on and post ?
 
Old 06-04-2006, 06:14 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by Josh100
which according to nmap, it is already open

suse:~ # nmap localhost
That proves nothing - to determine whether the firewall is doing its
job or not you'[ll have to run nmap from a REMOTE machine. The
local traffic will go unaffected by iptables.


Cheers,
Tink
 
Old 06-04-2006, 08:00 PM   #11
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-06-05 00:58 BST
Interesting ports on 192.168.1.65:
(The 1667 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
113/tcp closed auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5801/tcp open vnc-http-1
5901/tcp open vnc-1
MAC Address: 00:0D:87:18:47:97 (Elitegroup Computer System Co. (ECS))

Nmap finished: 1 IP address (1 host up) scanned in 33.006 seconds
iMac:/usr root#

Heres an external one, it doesn't seem to be allowing it, anyone know how I can allow the port?
 
Old 06-04-2006, 08:13 PM   #12
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Now what did iptables -L say at the time that was taken? :}

The thing with ports is that it iptables ISN'T blocking one there
STILL needs to be a process listening on it to get any response.

There's no such thing as an OPEN port as such.


Cheers,
Tink
 
Old 06-05-2006, 07:13 AM   #13
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
I see, so how do I fix this?
 
Old 06-06-2006, 07:53 AM   #14
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slack 10.2 kde 3.4.2 kernel 2.6.15
Posts: 452

Rep: Reputation: 30
Quote:
Originally Posted by Tinkster
Now what did iptables -L say at the time that was taken? :}


Cheers,
Tink
We still need to see the ruleset when iptables is turned on with
Quote:
Originally Posted by josh100
\suse:~ # \iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
suse:~ #
was the firewall off or on when the above command was run?
 
Old 06-06-2006, 04:03 PM   #15
Josh100
Member
 
Registered: Feb 2006
Distribution: Mandriva, Suse 10.2
Posts: 39

Original Poster
Rep: Reputation: 15
Code:
suse:~ # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED LOG level warning tcp-options ip-options prefix `SFW2-IN-ACC-RELATED '
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED
input_ext  all  --  anywhere             anywhere
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level warning t                                              cp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level warning t                                              cp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,E                                              STABLISHED
LOG        all  --  anywhere             anywhere            LOG level warning t                                              cp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (2 references)
target     prot opt source               destination
LOG        udp  --  anywhere             anywhere            PKTTYPE = broadcast                                               udp dpt:netbios-ns LOG level warning tcp-options ip-options prefix `SFW2-ACC-BC                                              ASTe '
ACCEPT     udp  --  anywhere             anywhere            PKTTYPE = broadcast                                               udp dpt:netbios-ns
LOG        udp  --  anywhere             anywhere            PKTTYPE = broadcast                                               udp dpt:netbios-dgm LOG level warning tcp-options ip-options prefix `SFW2-ACC-B                                              CASTe '
ACCEPT     udp  --  anywhere             anywhere            PKTTYPE = broadcast                                               udp dpt:netbios-dgm
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast                                              
LOG        icmp --  anywhere             anywhere            icmp source-quench                                               LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-SOURCEQUENCH '
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench
LOG        icmp --  anywhere             anywhere            icmp echo-request L                                              OG level warning tcp-options ip-options prefix `SFW2-INext-ACC-PING '
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp echo-reply LOG level warning tcp-options ip-options prefix `SFW2-INe                                              xt-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp echo-reply
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp destination-unreachable LOG level warning tcp-options ip-options pre                                              fix `SFW2-INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp destination-unreachable
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp time-exceeded LOG level warning tcp-options ip-options prefix `SFW2-                                              INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp time-exceeded
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp parameter-problem LOG level warning tcp-options ip-options prefix `S                                              FW2-INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp parameter-problem
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp timestamp-reply LOG level warning tcp-options ip-options prefix `SFW                                              2-INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp timestamp-reply
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp address-mask-reply LOG level warning tcp-options ip-options prefix `                                              SFW2-INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp address-mask-reply
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp protocol-unreachable LOG level warning tcp-options ip-options prefix                                               `SFW2-INext-ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp protocol-unreachable
LOG        icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INext                                              -ACC-ICMP '
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTAB                                              LISHED icmp redirect
LOG        tcp  --  anywhere             anywhere            tcp dpt:5801 LOG le                                              vel warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5801
LOG        tcp  --  anywhere             anywhere            tcp dpt:5901 LOG le                                              vel warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5901
LOG        tcp  --  anywhere             anywhere            tcp dpt:http LOG le                                              vel warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
LOG        tcp  --  anywhere             anywhere            tcp dpt:microsoft-d                                              s LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-d                                              s
LOG        tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn                                               LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn                                              
LOG        tcp  --  anywhere             anywhere            tcp dpt:ssh LOG lev                                              el warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
LOG        udp  --  anywhere             anywhere            udp dpt:netbios-dgm                                               LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-UDP '
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-dgm                                              
LOG        udp  --  anywhere             anywhere            udp dpt:netbios-ns                                               LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-UDP '
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-ns
reject_func  tcp  --  anywhere             anywhere            tcp dpt:ident sta                                              te NEW
LOG        all  --  anywhere             anywhere            PKTTYPE = multicast                                               LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP       all  --  anywhere             anywhere            PKTTYPE = multicast                                              
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,R                                              ST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFL                                              T '
LOG        icmp --  anywhere             anywhere            LOG level warning t                                              cp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        udp  --  anywhere             anywhere            LOG level warning t                                              cp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        all  --  anywhere             anywhere            state INVALID LOG l                                              evel warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all  --  anywhere             anywhere

Chain reject_func (1 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-res                                              et
REJECT     udp  --  anywhere             anywhere            reject-with icmp-po                                              rt-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-pr                                              oto-unreachable
suse:~ #
Sorry that was without the firewall
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Phantom firewall blocking packets kwc5811 Linux - Security 5 10-04-2005 04:53 PM
firewall blocking internet k4zau Linux - Networking 1 09-24-2004 03:18 PM
firewall traffic blocking help jaylee Linux - Security 8 06-30-2003 11:44 AM
Firewall not blocking ports... bfloeagle Linux - Security 9 05-20-2003 03:53 PM
music sharing esteeven Linux - General 6 04-24-2002 07:59 PM


All times are GMT -5. The time now is 09:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration