Hi
I am having a strange problem while trying to run cadence virtuoso software in Linux redhat 5.9. Cadence virtuoso takes license from server using tcp 60066 port. However, something strange is happening when software wants to get license using tcp port. To solve the problem, I have to go to system>Administration>Security level and Firewall settings and delete the previously entered 60066 tcp port setting. If I don’t do it then I get licensing errors. Furthermore, while running cadence, I have to delete and add 60066 tcp port every 20-25 minutes otherwise the software fails to get the license. Sometime software completely crashes because of not getting license.
I ran the iptables -L command to see what is happening with data packets. However, i am not able to understand the results. Can somebody suggest what is the problem.
CASE WITH LICENSING ISSUE
[root@mypca ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Linox-INTERNET-INPUT-HOOK all -- anywhere anywhere
CHECKS all -- anywhere anywhere
ICMP_CHECKS all -- anywhere anywhere
Linox-INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
Linox-INTERNET-OUTPUT-HOOK all -- anywhere anywhere
ICMP_CHECKS all -- anywhere anywhere
Linox-OUTPUT all -- anywhere anywhere
Chain CHECKS (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0 limit: avg 1/hour burst 1 LOG level debug prefix `TCP port 0 OS fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
LOG udp -- anywhere anywhere udp dpt:0 limit: avg 1/hour burst 1 LOG level debug prefix `UDP port 0 OS fingerprint: '
DROP udp -- anywhere anywhere udp dpt:0
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS-PSH scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS-ALL scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 2/min burst 5 LOG level debug prefix `Stealth FIN scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 2/min burst 5 LOG level debug prefix `Stealth SYN/RST scan: '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 2/min burst 5 LOG level debug prefix `Stealth SYN/FIN scan(?): '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 2/min burst 5 LOG level debug prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp option=64 limit: avg 2/min burst 1 LOG level debug prefix `Bad TCP flag(64): '
DROP tcp -- anywhere anywhere tcp option=64
LOG tcp -- anywhere anywhere tcp option=128 limit: avg 2/min burst 1 LOG level debug prefix `Bad TCP flag(128): '
DROP tcp -- anywhere anywhere tcp option=128
Chain ICMP_CHECKS (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp parameter-problem limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5
DROP icmp -- anywhere anywhere
Chain Linox-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- 127.0.0.0/8 anywhere
DROP all -- anywhere 127.0.0.0/8
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain Linox-INTERNET (0 references)
target prot opt source destination
Chain Linox-INTERNET-INPUT-HOOK (1 references)
target prot opt source destination
Chain Linox-INTERNET-OUTPUT-HOOK (1 references)
target prot opt source destination
Chain Linox-OUTPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:esro-gen
ACCEPT tcp -- anywhere anywhere tcp dpt
mginitialrefs
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpts:29746:29747
ACCEPT tcp -- anywhere anywhere tcp dpt:950
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
CASE WITHOUT LICENSING ISSUE:
[root@mypca ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:60066
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
regards