LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to open ports using iptables (http://www.linuxquestions.org/questions/linux-security-4/how-to-open-ports-using-iptables-466057/)

neelay1 07-20-2006 07:52 PM

how to open ports using iptables
 
Hi all,
I'm trying to open port 8008 so that it's accessible via telnet.
I added rules to do so, but it just doesn't seem to be working.
Here's the output of "iptables --list -n" :
[root@A2 root]# iptables --list -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Here's the output of "nmap -sT -O localhost" (note that port 8008 doesnot seem to be open):
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2006-07-20 17:51 PDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 73.049 days (since Mon May 8 16:40:59 2006)

Nmap run completed -- 1 IP address (1 host up) scanned in 5.361 seconds

...and finally, the telnet fails-
[root@A2 root]# telnet localhost 8008
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

What am I doing wrong here?
Any help will be highly appreciated.

Thanks,
Neelay.

prozac 07-21-2006 12:30 AM

with all the policies (INPUT, FORWARD, OUTPUT) as ACCEPT, you donot need all those rules, everything is accepted.

b0uncer 07-21-2006 02:14 AM

Like prozac said, if your default POLICY is set to ACCEPT and no rule is blocking the port (i.e. no rules specified for the port) then it's open by default. In addition to this, if you want a telnet service working (people can telnet from their computers to your computer), you must have a telnet service running (daemon?)

If no telnet service is running, then obviously telnet won't work. Ports aren't actually open by themselves; there has to be a program of some kind behind that's listening the port. So make sure that you also run telnet service.

Vgui 07-25-2006 06:49 PM

Just in case you need it in the future, I use this for opening a port:
Code:

iptables -I INPUT -p tcp --dport $1 -j ACCEPT
Where $i is the port number you wish to open.

Like the others said, it sounds to me like telnet is not even running, and the connection refused is because there isn't actually a service to connect to.

Try:
Code:

ps -ef | grep -i telnet
Or some variety of that, and see if there are any results.

Matir 07-25-2006 07:50 PM

As stated above: do you have telnet running on port 8008?


All times are GMT -5. The time now is 04:41 AM.