Linux - Newbie This Linux forum is for members that are new to Linux.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#1
Member
Registered: Nov 2007
Posts: 133
Rep:
Cannot save changes to iptables
Hi all,
I am trying to open the port 1935 on my Linux machine. This is my distribution
Code:
Linux Server 2.6.18-194.8.1.v5PAE #1 SMP Thu Jul 15 02:01:47 EDT 2010 i686 i686 i386 GNU/Linux
And this is how I do it:
1)
Code:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 1935 -j ACCEPT
2)
3)
----> It will hang and stays like that forever
The problem is it will not save the changes, so when I run the nmap command, it shows that port is still closed:
Code:
[root@servername ~]# nmap -sT -p 1935 localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-08-24 22:27 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
1935/tcp closed rtmp
Nmap finished: 1 IP address (1 host up) scanned in 0.002 seconds
Can someone please help me fix this error? Thanks so much.
#2
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
Under heading number one (1) you have the command
Code:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 1935 -j ACCEPT
Can you replace it with the following and run on the command line
Code:
iptables -I INPUT -s 0/0 -d 0/0 -p tcp --dport 1935 -j ACCEPT
and test with
Code:
nc -vv ip_of_local_machine port number (1935)
Last edited by KinnowGrower; 08-24-2012 at 09:50 PM .
#3
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
Under heading number one (1) you have the command
Code:
iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 1935 -j ACCEPT
Can you replace it with the following and run on the command line
Code:
iptables -I INPUT -s 0/0 -d 0/0 -p tcp --dport 1935 -j ACCEPT
and test with
Code:
nc -vv ip_of_local_machine port number (1935)
Thanks, I ran your input command followed by the nc command, but the nc didn't work:
Code:
[root@servername~]# nc -vv 1935
-bash: nc: command not found
[root@servername ~]# /sbin/nc -vv 1935
-bash: /sbin/nc: No such file or directory
[root@servername ~]# which nc
/usr/bin/which: no nc in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
Last edited by tezarin; 08-24-2012 at 10:03 PM .
#4
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
run
Code:
telnet ipaddress 1935
or install nc
or run your nmap command
#5
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
run
Code:
telnet ipaddress 1935
or install nc
or run your nmap command
Seems like it's still closed:
Code:
[root@servername~]# nmap -sT -p 1935 localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-08-24 23:03 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
1935/tcp closed rtmp
Nmap finished: 1 IP address (1 host up) scanned in 0.002 seconds
Edit- I'm connected via puTTy to a remote server. Just installed nc and tried running that command, but it didn't work:
Code:
[root@servername~]# nc -vv -p 1935
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
Last edited by tezarin; 08-24-2012 at 10:07 PM .
#6
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
can you please run telnet?
#7
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
can you please run telnet?
Yes, sure:
Code:
[root@servername~]# telnet 1935
Trying 0.0.7.143...
telnet: connect to address 0.0.7.143: Invalid argument
I edited my previous post - installed nc, etc.
[root@servername~]# telnet localhost 1935
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Last edited by tezarin; 08-24-2012 at 10:12 PM .
#8
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
Watch out the errors in commands.
Format for nc command is
Code:
nc -vv localhost 1935
and telnet is
Code:
telnet localhost 1935
#9
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
Watch out the errors in commands.
Format for nc command is
Code:
nc -vv localhost 1935
and telnet is
Code:
telnet localhost 1935
My mistake sorry, but still doesn't work:
Code:
[root@servername~]# nc -vv localhost 1935
nc: connect to localhost port 1935 (tcp) failed: Connection refused
[root@servername ~]# telnet localhost 1935
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
When I run the input command it adds the rule, but somehow it doesn't get saved...
#10
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
Wow! have to check firewall rules. If possible paste the output of
Also in your Original post, it shows only Kernel version NOT the distribution. So also specify the GNU/Linux distro as well e.g. Fedora/Centos/Debian etc.
#11
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
Is any service is running on port 1935 now?
#12
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
Wow! have to check firewall rules. If possible paste the output of
Also in your Original post, it shows only Kernel version NOT the distribution. So also specify the GNU/Linux distro as well e.g. Fedora/Centos/Debian etc.
Thanks, sure. Here's the output of that command:
Code:
[root@servername~]# iptables -nvL
Chain INPUT (policy DROP 81 packets, 5187 bytes)
pkts bytes target prot opt in out source destination
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
3 132 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- eth5 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth5 * x.x.0.0/16 0.0.0.0/0
0 0 DROP all -- eth9 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth9 * x.x.0.0/16 0.0.0.0/0
6941 1546K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
6023 1550K ACCEPT all -- eth4 * 0.0.0.0/0 0.0.0.0/0
128 3712 ACCEPT icmp -- eth5 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT udp -- eth5 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- eth5 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
128 3712 ACCEPT icmp -- eth9 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- eth9 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- eth9 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- eth9 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
156 50737 ACCEPT udp -- eth9 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- eth9 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0 xxx.xxx.xx.xx tcp dpt:81
0 0 ACCEPT tcp -- * * 0.0.0.0/0 xx.xx.xx.2 tcp dpt:81
5 244 ACCEPT tcp -- * * 0.0.0.0/0 xxx.xx.xx.xx tcp dpt:22
1147 80796 ACCEPT tcp -- * * 0.0.0.0/0 xx.xx.xx.x tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 xx.xx.xx.xx tcp dpt:1875
0 0 ACCEPT tcp -- * * 0.0.0.0/0 xx.xx.xx.2 tcp dpt:1875
0 0 ACCEPT udp -- eth5 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth5 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
107 22391 ACCEPT udp -- eth9 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
1389 434K ACCEPT tcp -- eth9 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
Chain FORWARD (policy DROP 120 packets, 6147 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 192.168.1.x icmp type 0
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 192.168.1.x icmp type 3
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 192.168.1.x icmp type 8
0 0 ACCEPT icmp -- eth5 * 0.0.0.0/0 192.168.1.x icmp type 11
0 0 DROP icmp -- eth5 * 0.0.0.0/0 192.168.1.x
0 0 ACCEPT tcp -- eth5 * 0.0.0.0/0 192.168.1.x tcp dpt:80
0 0 ACCEPT tcp -- eth5 * 0.0.0.0/0 192.168.1.x tcp dpt:22
0 0 DROP all -- * * 192.168.1.0/24 xx.xx.xx.x
2161 850K l7-filter all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
292 19927 l7-filter all -- eth4 * 0.0.0.0/0 0.0.0.0/0
0 0 l7-filter all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 l7-filter all -- tun+ * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6986 1551K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
5795 2636K ACCEPT all -- * eth4 0.0.0.0/0 0.0.0.0/0
128 3712 ACCEPT icmp -- * eth5 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth5 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * eth5 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
128 3712 ACCEPT icmp -- * eth9 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eth9 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * eth9 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT tcp -- * eth9 x.x.0.0 0.0.0.0/0 tcp spt:81
0 0 ACCEPT tcp -- * eth5 x.x.0.0 0.0.0.0/0 tcp spt:81
4 236 ACCEPT tcp -- * eth9 x.x.xx.xx 0.0.0.0/0 tcp spt:22
957 220K ACCEPT tcp -- * eth5 xx.xx.xx.2 0.0.0.0/0 tcp spt:22
0 0 ACCEPT tcp -- * eth9 xx.xx.xx.168 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT tcp -- * eth5 xx.xx.xx.2 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT all -- * eth5 0.0.0.0/0 0.0.0.0/0
2254 916K ACCEPT all -- * eth9 0.0.0.0/0 0.0.0.0/0
Chain drop-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain l7-filter (4 references)
pkts bytes target prot opt in out source destination
2453 870K NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
And the distro is CentOS release 5.4 (Final)
#13
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
Is any service is running on port 1935 now?
netstat -npl doesn't seem to list port 1935
#14
Member
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347
Rep:
As for as I know firewall rules are ok. Is any service running on port 1935?. You can check it with
#15
Member
Registered: Nov 2007
Posts: 133
Original Poster
Rep:
Quote:
Originally Posted by
KinnowGrower
As for as I know firewall rules are ok. Is any service running on port 1935?. You can check it with
Got a long output, doesn't seem to have 1935 listed in it anywhere
All times are GMT -5. The time now is 06:26 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
