LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-10-2008, 11:48 AM   #1
xmdms
Member
 
Registered: Oct 2003
Posts: 134

Rep: Reputation: 15
Question Questions about open ports on RH Linux server


I am running RHAS 4.0 with Firewall disabled. My question is, if I have an application required to use certain port for the listener, would I have to open that port or the port will open it and listen to it as I run the application??? I can specify which port to use within the application. Of course, the corp. firewall will be open on the public IP address and then NAT to this Linux server.


Any ideas? Please advice.

Thank you in advance.

J
 
Old 09-10-2008, 06:00 PM   #2
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
You shouldn't need to do anything if all your traffic is NAT'ed properly to the server.
 
Old 09-11-2008, 01:00 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 7,480

Rep: Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376Reputation: 2376
It depends upon who you intend ... and who you intend to allow or disallow ... to "reach" that port.

If the traffic is to come in from the Internet, then your router must be told to offer a particular open-port to the Internet, and to direct all traffic from that port to "a particular port on a particular (inward-side) computer." Then, that computer must be prepared ... by firewalls and such ... to accept the connection.

If traffic is not to come from the Internet, then your router should receive no such instruction. It won't allow inbound, unsolicited connection requests to come in from the Internet to anyone at all. It is therefore "your first-line gatekeeper."

Nevertheless, on your internal network, any computer that is offering services to the internal net must have firewall-rules that permit the necessary connections to be made. Those rules should prohibit any connections (e.g. from the router) that should not be made.
 
Old 09-11-2008, 10:54 AM   #4
xmdms
Member
 
Registered: Oct 2003
Posts: 134

Original Poster
Rep: Reputation: 15
Question

Quote:
Originally Posted by sundialsvcs View Post
It depends upon who you intend ... and who you intend to allow or disallow ... to "reach" that port.

If the traffic is to come in from the Internet, then your router must be told to offer a particular open-port to the Internet, and to direct all traffic from that port to "a particular port on a particular (inward-side) computer." Then, that computer must be prepared ... by firewalls and such ... to accept the connection.

If traffic is not to come from the Internet, then your router should receive no such instruction. It won't allow inbound, unsolicited connection requests to come in from the Internet to anyone at all. It is therefore "your first-line gatekeeper."

Nevertheless, on your internal network, any computer that is offering services to the internal net must have firewall-rules that permit the necessary connections to be made. Those rules should prohibit any connections (e.g. from the router) that should not be made.
Okay, I would like to understand more on this topic. Since I am not using the firewall functionality on the Linux server and my corporate firewall is modified to allow xxx.xx.xx:xxxx to get through and access the server. Yes, the connection is made from the WWW through the firewall with desinated port xxxx - Now, do I need to do anything from the server stand-point to answer on that particular port?? For an example: I would like to use port 9501 for an example, so the IP address should be xxx.xx.xxx:9501

The command that I used to see if anything running on that port is:
netstat -nap | grep 9501
And it came back with nothing. However, when I tried to talk to the port 9501 (command that I used, nc 9501) and it came back with "no port[s] to connect to". So, I typed service iptables status and it came back with "Firewall is stopped.".

I don't really understand if I can or can't use this port or when can I use this point.

Please help!!

Thanks,

j




Thanks!!
 
Old 09-11-2008, 08:45 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,252

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Is your piece of SW up and running on that port? Use netstat cmd to check.
 
Old 09-12-2008, 07:13 AM   #6
xmdms
Member
 
Registered: Oct 2003
Posts: 134

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by chrism01 View Post
Is your piece of SW up and running on that port? Use netstat cmd to check.
No, I haven't tried it...I would like to know if I need to do anything at the OS level first before telling my application to use certain port.

Thanks,
 
Old 09-12-2008, 07:58 AM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,252

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
The easiest way is to startup your app and see if it runs. Check its using the port you expect with the netstat cmd.
Then try to talk to it from outside. You can also use nmap to check if its visible.
If not, run the cmd
iptables -L
as root and post the results.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 03:03 AM
X server open ports ygloo Linux - General 3 08-20-2006 04:12 AM
Check Open Ports on DHCP Server moo-cow Linux - Networking 3 07-06-2006 02:50 PM
how to open udp ports on suse enterprise server 9 swbxp Linux - Security 2 11-07-2005 03:31 PM
How to open ports 25 and port 110 on proxy server SQUID? fdavid Linux - Newbie 1 03-17-2005 12:31 AM


All times are GMT -5. The time now is 01:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration