LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-12-2014, 04:23 AM   #1
viperpaki007
LQ Newbie
 
Registered: Feb 2014
Posts: 5

Rep: Reputation: Disabled
Strange error with tcp 60066 port and Firewall


Hi

I am having a strange problem while trying to run cadence virtuoso software in Linux redhat 5.9. Cadence virtuoso takes license from server using tcp 60066 port. However, something strange is happening when software wants to get license using tcp port. To solve the problem, I have to go to system>Administration>Security level and Firewall settings and delete the previously entered 60066 tcp port setting. If I donít do it then I get licensing errors. Furthermore, while running cadence, I have to delete and add 60066 tcp port every 20-25 minutes otherwise the software fails to get the license. Sometime software completely crashes because of not getting license.


I ran the iptables -L command to see what is happening with data packets. However, i am not able to understand the results. Can somebody suggest what is the problem.



CASE WITH LICENSING ISSUE

[root@mypca ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Linox-INTERNET-INPUT-HOOK all -- anywhere anywhere
CHECKS all -- anywhere anywhere
ICMP_CHECKS all -- anywhere anywhere
Linox-INPUT all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
Linox-INTERNET-OUTPUT-HOOK all -- anywhere anywhere
ICMP_CHECKS all -- anywhere anywhere
Linox-OUTPUT all -- anywhere anywhere

Chain CHECKS (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0 limit: avg 1/hour burst 1 LOG level debug prefix `TCP port 0 OS fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
LOG udp -- anywhere anywhere udp dpt:0 limit: avg 1/hour burst 1 LOG level debug prefix `UDP port 0 OS fingerprint: '
DROP udp -- anywhere anywhere udp dpt:0
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS-PSH scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 2/min burst 5 LOG level debug prefix `Stealth XMAS-ALL scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 2/min burst 5 LOG level debug prefix `Stealth FIN scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 2/min burst 5 LOG level debug prefix `Stealth SYN/RST scan: '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 2/min burst 5 LOG level debug prefix `Stealth SYN/FIN scan(?): '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 2/min burst 5 LOG level debug prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp option=64 limit: avg 2/min burst 1 LOG level debug prefix `Bad TCP flag(64): '
DROP tcp -- anywhere anywhere tcp option=64
LOG tcp -- anywhere anywhere tcp option=128 limit: avg 2/min burst 1 LOG level debug prefix `Bad TCP flag(128): '
DROP tcp -- anywhere anywhere tcp option=128

Chain ICMP_CHECKS (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp source-quench limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp time-exceeded limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp parameter-problem limit: avg 10/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 5/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-reply limit: avg 5/sec burst 5
DROP icmp -- anywhere anywhere

Chain Linox-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- 127.0.0.0/8 anywhere
DROP all -- anywhere 127.0.0.0/8
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain Linox-INTERNET (0 references)
target prot opt source destination

Chain Linox-INTERNET-INPUT-HOOK (1 references)
target prot opt source destination

Chain Linox-INTERNET-OUTPUT-HOOK (1 references)
target prot opt source destination

Chain Linox-OUTPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:esro-gen
ACCEPT tcp -- anywhere anywhere tcp dptmginitialrefs
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpts:29746:29747
ACCEPT tcp -- anywhere anywhere tcp dpt:950
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited




CASE WITHOUT LICENSING ISSUE:

[root@mypca ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:60066
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited


regards
 
Old 02-13-2014, 03:17 AM   #2
viperpaki007
LQ Newbie
 
Registered: Feb 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Can somebody please help
 
Old 02-13-2014, 07:31 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
I think more information is needed... What distribution are you using? It almost sounds like the firewall is being altered after you have it set up.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
slow tcp on 100mbps wan, strange tcp window behaviour on ubuntu 9.10 cputoaster Linux - Networking 2 03-10-2010 12:43 AM
slow tcp wan, strange tcp window behaviour on ubuntu 9.10 cputoaster Linux - Networking 0 03-09-2010 04:39 AM
TCP port shows as closed, but no firewall jnojr Linux - Newbie 3 02-18-2010 07:16 PM
adsl+iptables+port forward+"-m tcp" strange problem icry0000 Linux - Networking 3 07-31-2005 09:31 PM
close port 6000/tcp 515/tcp SchwipSchwap Linux - Newbie 1 09-12-2002 08:24 AM


All times are GMT -5. The time now is 10:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration