How to open a port without using iptables

msteiner · 11-28-2007, 12:50 PM

Hi,
I need to open port 636 for ldaps. I am not using iptables so how do I open the port?

Thanks,

acid_kewpie · 11-28-2007, 12:58 PM

if you aren't using iptables then it's already "open"... it's iptables that would do the closing if it were.

msteiner · 11-28-2007, 01:09 PM

Thanks!

Goes to show how little I know about IP tables...I better hit the man pages.

MS

msteiner · 11-28-2007, 02:10 PM

So iptables is turned off:

[root@webmail ~]# service iptables status
Firewall is stopped.

and if I do a nmap ldaps doesn't show up:
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-11-28 15:08 EST
Interesting ports on webmail.bigrocksports.com (10.9.10.205):
(The 1647 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
389/tcp open ldap
443/tcp open https
465/tcp open smtps
982/tcp open unknown
993/tcp open imaps
995/tcp open pop3s

If the firewall was turned off, should I still see ldaps when I do a nmap?

However, when I try to telnet to the ldaps port, receive the following:

[root@webmail ~]# telnet webmail.mydomain.com 636
Trying 192.168.0.16...
telnet: connect to address 192.168.0.16: Connection refused
telnet: Unable to connect to remote host: Connection refused

Confused,
MS

nx5000 · 11-28-2007, 02:21 PM

A port is opened by an application (called a service, daemon,...)
The IP adress is used to identify your machine.
The Port on this machine identifies a running service.
So if I say I want to speak to 192.168.1.1:666 it means, to the application running on 192.168.1.1 that has opened the port 666.

Iptables is a firewall. It can blocks incoming ( and outgoing) traffic.

In your case, you have nothing running on the port you try to telnet. So you need to start ldaps..

If there is no firewall, your telnet will hit the kernel that will say the port is closed.
If there is a firewall, it will block it even before it arrives in the kernel.

Yay I've never been good for explanations..

You should read a summary about tcp/ip and ports.

acid_kewpie · 11-28-2007, 02:23 PM

there is no port until something is listening on it. you can see it says it is refused, which is the operating system saying there's nothing there, get lost. you don't have an ldaps service running... check your "ps ax", and "lsof -i" to see what is and is not listening on your server.