who to open ports

piva.francesco · 04-03-2005, 12:29 PM

i have two questions:
1) first of all who do you see which ports are opened on your machine.
2) and secondly, how do we open them?
i've read some stuff on the internet and the man of iptables, but i didn't completed the operation.
i'd like to open my 6881 port on my nat. i'm connecting to the internet through a router. i'm using slackware 10.1, if someone could help me that would be great. thanks

see you all.

Capt_Caveman · 04-03-2005, 02:30 PM

i have two questions:
1) first of all who do you see which ports are opened on your machine.
You can see all the services that are running and what ports they're using with netstat -pantu. To get a good idea of what ports are open to a remote host on the internet, either perform an nmap scan from another remote host or use a free online scanning service like sygate SOS or www.grc.com. Scanning yourself with nmap isn't a very good way to do it.

2) and secondly, how do we open them?
i've read some stuff on the internet and the man of iptables, but i didn't completed the operation.
i'd like to open my 6881 port on my nat. i'm connecting to the internet through a router. i'm using slackware 10.1, if someone could help me that would be great.
How is the NAT being done, by the router or on the Slackware system?

piva.francesco · 04-04-2005, 08:59 AM

Quote:

Originally posted by Capt_Caveman
How is the NAT being done, by the router or on the Slackware system?

well i've opened the ports on my router, but it seems that they are not yet opened on my slack machine. is that the answer you wanted?
thanks for answering at my first question.
see you

Capt_Caveman · 04-04-2005, 09:25 AM

As root try running:
iptables -I INPUT -p tcp --dport 6881 -j ACCEPT
iptables -I INPUT -p udp --dport 6881 -j ACCEPT

If that still doesn't work, try scanning your system with nmap from another machine outside the router or go to a site that offers a free scanning service. Sygate SOS and www.grc.com are 2 off the top of my head.

piva.francesco · 04-04-2005, 09:38 AM

well as you understood i want to open my 6881 port in order to use azureus and make my torrents work fully. i've done what you told me but still it doesn't work when i test the port 6881 in azureus it give me the same error : NAT error.
maybe you have another solution. i've tryied
nmap localhost
and the port 6881 still doesn't appear as open.
any clue?
thanks for answering so quickly!
see you.

piva.francesco · 04-04-2005, 03:15 PM

anyone can help me please? thanks...

Capt_Caveman · 04-04-2005, 05:44 PM

There are really 3 critical areas that normally cause problems:

1. Router. make sure that you've enabled the port forwarding function properly. If you give us more info on what brand and model of router you have, we can provide more precise details.

2. Firewall on your linux client. For testing purposes, just temporily disable the firewall that way you can rule it out as the cause of problem. As root do:
/etc/init.d/iptables stop
-or alternatively-
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

3. The Azureus client. Make sure azureus is running. Check the output of 'netstat -pantu' and make sure there is an azureus entry (should see a process named java listening on azureus ports.

piva.francesco · 04-06-2005, 10:07 AM

Quote:

1. Router. make sure that you've enabled the port forwarding function properly. If you give us more info on what brand and model of router you have, we can provide more precise details.

i have checked my routers fowarding function and it is working properly. Althought my router is a NETOPIA Cayman 3000.

Quote:

2. Firewall on your linux client. For testing purposes, just temporily disable the firewall that way you can rule it out as the cause of problem. As root do:
/etc/init.d/iptables stop
-or alternatively-
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

i have done the three iptables ecc... and nothing changed, ( i don't have any /etc/init.d/iptables stop file)
in any case, i have never installed a firewall on my linux, unless there is one integrated in it.

Quote:

3. The Azureus client. Make sure azureus is running. Check the output of 'netstat -pantu' and make sure there is an azureus entry (should see a process named java listening on azureus ports.

and finally when i'm downloading with my azureus when i do the 'netstat -pantu' it gives me this:

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6880 0.0.0.0:* LISTEN 4427/java
tcp 0 0 0.0.0.0:6881 0.0.0.0:* LISTEN 4427/java
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:64436 0.0.0.0:* LISTEN 4246/wish
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6969 0.0.0.0:* LISTEN 4427/java
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 9772 192.168.1.12:33177 67.***.59.***:17178 ESTABLISHED 4427/java
tcp 0 1 *.*.1.12:33236 67.114.59.*:17178 LAST_ACK -
tcp 0 0 *.*.1.12:33253 82.183.*.43:49152 ESTABLISHED 4427/java
tcp 0 0 *.168.1.12:33235 *.237.100.*:9306 ESTABLISHED 4427/java
tcp 0 1 *.*.1.12:33267 83.*.65.8:80 SYN_SENT 4427/java
tcp 0 0 *.*.1.12:33174 82.66.*.18:6885 ESTABLISHED 4427/java
tcp 0 0 *.*.1.12:33189 130.*.195.83:43618 ESTABLISHED 4427/java
tcp 0 0 *.*.1.12:32975 207.*.107.145:1863 ESTABLISHED 4246/wish
tcp 0 1 *.*.1.12:33266 213.67.*.113:6888 SYN_SENT 4427/java
tcp 0 0 *.*.1.12:33247 *.*.1.1:80 ESTABLISHED 4386/firefox-bin
tcp 0 0 *.*.1.12:33251 *.*.1.1:80 ESTABLISHED 4386/firefox-bin
udp 0 0 0.0.0.0:512 0.0.0.0:* -
udp 0 0 0.0.0.0:37 0.0.0.0:* -
udp 0 0 *.*.1.12:8008 0.0.0.0:* 4427/java
udp 0 0 0.0.0.0:1900 0.0.0.0:* 4427/java
bash-3.00$

i have added the * in order to not diffuse any info.
okay. i haven't understood the last step can you please explicit what you mean?
have i gave you enogh information so that you could help me please?

thanks for answering.

please help me... :'(

piva.francesco · 04-07-2005, 02:22 PM

can someone please help me please?
i really need to know something more on that.

thanks for answering, once again.

Capt_Caveman · 04-07-2005, 04:03 PM

Looking at the output you posted, everything on the linux box looks functional and should work properly.

If you nmap the actual IP address of the linux box (not 127.0.0.1 or localhost) do you see port 6881 open?

piva.francesco · 04-08-2005, 07:54 AM

when i nmap my machine this is what i see

Quote:

bash-3.00$ nmap myip -P0

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-04-08 14:50 CEST
Interesting ports on myip (myip ):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
1024/tcp filtered kdm
2301/tcp filtered compaqdiag
2307/tcp filtered pehelp
6969/tcp filtered acmsoda
8000/tcp filtered http-alt

Nmap run completed -- 1 IP address (1 host up) scanned in 4.560 seconds
bash-3.00$

allright, any idea? because still my torrents doesn't seem to work properly...
thanks once again.

krinux · 04-08-2005, 10:01 AM

Hi friend,

Please try this link and read last part. May be little bit help you
http://btfaq.com/serve/cache/25.html

piva.francesco · 04-08-2005, 03:29 PM

thanks alot my brother, but still the error is still there.
i've done both of the bashes and my azureus still give me NAT error on the test of the port 6881.
also i've checked with nmap localhost which of my ports where open. but still there are always the same. you can see it in the upper posts.
well please again and again, i'd like to have an answer for this problem.

thanks so much.

zenscope · 05-01-2005, 05:47 PM

In KDE do the following:

on the 'start' menu,
click system settings
click security level
give root pwd when prompted
in the "other ports" text box add: 6881:tcp
click ok
run iptables -L to verify
this line will be added: ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:6881
run azureus port test again to complete verification
done

z