Openning a port...doesn't work?!
Hello All,
I'm trying to open a port: 4900. I have edited my /etc/services file by adding these two entries: MyApp 4900/tcp MyApp 4900/udp I also have an application up and running that listens on this port. When I check it with nmap: # nmap -sS localhost I don't see the port listed as open....???? Am I missing a step? Any thoughts? |
Do you see the port in use when you run:
netstat -nlp Do you have a firewall running? iptables -nL |
netstat -nlp | grep 4900
tcp 0 0 :::4900 :::* LISTEN 6562/java >>>> iptables -nL | grep 4900 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4900 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports x,x,x,x,x,x,x,4900 So I assume this part looks good...is it? |
It should be so long as there are no other rules blocking it.
|
What "other" rules would there be?
If I have checked with netstat that the port is open and listening; and if I have checked the rules of the firewall(kernel)....what other rules or configs would I need to check in order to open that port? Question 2 is...the check that I did with nmap, is that the right way to check the status of your ports to the outside world? |
There may be other iptables rules.
nmap should be fine although results can sometimes be deceiving across some WANs and just because something is listening on a loopback address doesn't mean to say it is listening on specific network adresses.. |
How do I find out if there are other iptable rules AND how do I find out if there are "other" types of rules?
What other rules could overrule what is set by the services file and the firewall settings? |
By the way, I'm running nmap locally (obviously cause I'm using localhost as a parameter) and I only have one NIC.
|
So, any thoughts why this is not working?
Anybody?? |
Just test your net app without firewall :
iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -F iptables -X Then try nmap localhost |
Try the following Nmap command:
># nmap -sS -p 4900 ip_address I don't think 4900 is a port that's scanned by nmap automatically so you may have to specify it. Also the IP address should be the address that other computers will use to contact you. |
All times are GMT -5. The time now is 09:15 PM. |