LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-20-2006, 07:52 PM   #1
neelay1
LQ Newbie
 
Registered: Dec 2004
Posts: 16

Rep: Reputation: 0
how to open ports using iptables


Hi all,
I'm trying to open port 8008 so that it's accessible via telnet.
I added rules to do so, but it just doesn't seem to be working.
Here's the output of "iptables --list -n" :
[root@A2 root]# iptables --list -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:8008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8008

Here's the output of "nmap -sT -O localhost" (note that port 8008 doesnot seem to be open):
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2006-07-20 17:51 PDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 73.049 days (since Mon May 8 16:40:59 2006)

Nmap run completed -- 1 IP address (1 host up) scanned in 5.361 seconds

...and finally, the telnet fails-
[root@A2 root]# telnet localhost 8008
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

What am I doing wrong here?
Any help will be highly appreciated.

Thanks,
Neelay.
 
Old 07-21-2006, 12:30 AM   #2
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
with all the policies (INPUT, FORWARD, OUTPUT) as ACCEPT, you donot need all those rules, everything is accepted.
 
Old 07-21-2006, 02:14 AM   #3
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Like prozac said, if your default POLICY is set to ACCEPT and no rule is blocking the port (i.e. no rules specified for the port) then it's open by default. In addition to this, if you want a telnet service working (people can telnet from their computers to your computer), you must have a telnet service running (daemon?)

If no telnet service is running, then obviously telnet won't work. Ports aren't actually open by themselves; there has to be a program of some kind behind that's listening the port. So make sure that you also run telnet service.
 
Old 07-25-2006, 06:49 PM   #4
Vgui
Member
 
Registered: Apr 2005
Location: Canada
Distribution: Slackware
Posts: 496

Rep: Reputation: 31
Just in case you need it in the future, I use this for opening a port:
Code:
iptables -I INPUT -p tcp --dport $1 -j ACCEPT
Where $i is the port number you wish to open.

Like the others said, it sounds to me like telnet is not even running, and the connection refused is because there isn't actually a service to connect to.

Try:
Code:
ps -ef | grep -i telnet
Or some variety of that, and see if there are any results.
 
Old 07-25-2006, 07:50 PM   #5
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
As stated above: do you have telnet running on port 8008?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to open ports with iptables lsimon4180 Linux - Security 7 07-07-2014 02:06 PM
Open All Ports - iptables Artik Linux - Networking 2 06-21-2005 03:17 PM
open ports with iptables? vijaysh Linux - Networking 2 12-27-2004 06:54 AM
open ports with iptables? tykkea811 Linux - Networking 2 12-12-2004 01:43 AM
Iptables: Open some ports! Abomm Linux - Networking 2 05-31-2002 01:49 AM


All times are GMT -5. The time now is 02:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration