LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-02-2018, 06:26 AM   #1
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Rep: Reputation: Disabled
Connect to ports Failed ?


Hi

i just installed several application via yum, such as vnc,xrdp
and did opened the certain port needed by the application via iptables


And to be honest im still learning how things working in linux so i don't have any clue why this happen ,

but basically i cant connect remotely to this port although it stated open and ready to receive connections

here is what netstat print

https://www.linuxquestions.org/quest...1&d=1514895706

Can any some one point me whats wrong?

here is my command during instalation
Code:
[root@server ~]# yum install xrdp tigervnc-server
[root@server ~]# service vncserver start
[root@server ~]# service xrdp start
[root@server ~]# chkconfig xrdp on
[root@server ~]# chkconfig vncserver on
Code:
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
service iptables save
service iptables restart
Attached Thumbnails
Click image for larger version

Name:	netstat.jpg
Views:	51
Size:	148.3 KB
ID:	26659  
 
Old 01-02-2018, 07:12 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Why do you open tcp port 3389 while Xvnc is listening on tcp port 5801, 5901 & 6001 (as seen from your netstat output)?

edit
Oh I see, you plan on using xrdp protocol over vnc
Did you check it's a firewall issue with flushing temporarly iptables rules? Maybe you need to start xrdp-sesman as well (not sure)

Last edited by keefaz; 01-02-2018 at 07:31 AM.
 
Old 01-02-2018, 08:27 AM   #3
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by keefaz View Post
Why do you open tcp port 3389 while Xvnc is listening on tcp port 5801, 5901 & 6001 (as seen from your netstat output)?

edit
Oh I see, you plan on using xrdp protocol over vnc
Did you check it's a firewall issue with flushing temporarly iptables rules? Maybe you need to start xrdp-sesman as well (not sure)
well its not just remote desktop option ,webmin also not working (port 10000)
and yeah, i did that. also flushing the iptables just like you recommend, starting the service ( xrdp,sessman) but still i cant connect to all this port aside from ssh and apache

like i mention above, im new to linux os so i dont have any clue what causing this but im suspecting its on firewall?
 
Old 01-02-2018, 11:25 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
No, if nothing is filtered, nothing prevents remote hosts to connect to servers at this level

I note from your netstat output that the programs you mention that work listen on IP v4 & v6 traffic while the programs that don't work only listen on IP v4

Do you connect to server using a IP v6 network? If yes, that would explain things. In this case just configure servers so they listen also on IP v6
 
Old 01-02-2018, 05:13 PM   #5
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Can you post the output of
Code:
$ iptables -L
. And, rather than taking photos of your monitor, could you please save the output to a file and just post it inside code tags? Are you allowing servers to run on all ports in question in the FW?

You might also want NEW,RELATED,ESTABLISHED in the new rule. And, you might need a rule in the OUTPUT table as well.

I'm not exactly sure how that works with just NEW but nothing else, but I think it might pass on all other traffic on the port, which might eventually be dropped or rejected.
 
1 members found this post helpful.
Old 01-06-2018, 09:48 AM   #6
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
Can you post the output of
Code:
$ iptables -L
. And, rather than taking photos of your monitor, could you please save the output to a file and just post it inside code tags? Are you allowing servers to run on all ports in question in the FW?

You might also want NEW,RELATED,ESTABLISHED in the new rule. And, you might need a rule in the OUTPUT table as well.

I'm not exactly sure how that works with just NEW but nothing else, but I think it might pass on all other traffic on the port, which might eventually be dropped or rejected.
Hi AM

yes, i believed i can do that..and really sorry for that

Quote:
You have new mail in /var/spool/mail/root
[root@rms ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@rms ~]#
 
Old 01-06-2018, 01:27 PM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Any error on client side? Network configuration for client is ok?
When you connect via ssh, netstat from server shows client IP as IP v4 or IP v6?
 
1 members found this post helpful.
Old 01-06-2018, 04:30 PM   #8
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by keefaz View Post
Any error on client side? Network configuration for client is ok?
When you connect via ssh, netstat from server shows client IP as IP v4 or IP v6?

Hi keefaz...


Umm, what is the actual command for this? and sorry for late replying.. to be honest ,you made your point there regarding the ip V6
but i wasn't unsure from the client side, but i think there is no problem i do use ip v4 for my connection (sory cannot use code tags and using screenshot Instead)

it using ipv4 right? and also im using my android Phone(which also failed to connect) , i believe most of Gsm Provider also using only ipv4 right?

And for the active connection on the server ,heres is the result
Code:
[root@rms ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      2454/snmpd
tcp        0      0 0.0.0.0:5801                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2641/mysqld
tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2136/portmap
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      3020/perl
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 127.0.0.1:3350              0.0.0.0:*                   LISTEN      2696/xrdp-sesman
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2484/sshd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2497/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2718/sendmail
tcp        0      0 0.0.0.0:665                 0.0.0.0:*                   LISTEN      2179/rpc.statd
tcp        0      0 0.0.0.0:3389                0.0.0.0:*                   LISTEN      2692/xrdp
tcp        0   2040 172.16.2.195:22             my ip address:50764       ESTABLISHED 8000/sshd
tcp        0      0 :::80                       :::*                        LISTEN      2755/httpd
tcp        0      0 :::6001                     :::*                        LISTEN      2847/Xvnc
tcp        0      0 :::22                       :::*                        LISTEN      2484/sshd
tcp        0      0 :::443                      :::*                        LISTEN      2755/httpd
tcp        0      0 ::ffff:127.0.0.1:35383      ::ffff:127.0.0.1:25         TIME_WAIT   -
tcp        0      0 ::ffff:127.0.0.1:35384      ::ffff:127.0.0.1:25         TIME_WAIT   -
[root@rms ~]#
 
Old 01-06-2018, 04:40 PM   #9
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
You have multiple local networks? (172.16.2 and 192.168.100)
 
1 members found this post helpful.
Old 01-06-2018, 05:10 PM   #10
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
For the technical detail i haven't ask the server admin, but its possible

do you think that's the problem?
 
Old 01-06-2018, 05:18 PM   #11
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Your posted image shows client configuration to connect on a network with address 192.168.100 while the server seems to be on network with address 172.16.2...

edit
But I see DHCP enabled, so maybe these client addresses are just Windows default addresses
(I don't know well Windows, sorry)

Do you have telnet in Windows? If yes try open a dos terminal and:
Code:
telnet 172.16.2.195 3389
See if it shows any output

Last edited by keefaz; 01-06-2018 at 05:25 PM.
 
Old 01-07-2018, 05:14 AM   #12
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by keefaz View Post
Your posted image shows client configuration to connect on a network with address 192.168.100 while the server seems to be on network with address 172.16.2...

edit
But I see DHCP enabled, so maybe these client addresses are just Windows default addresses
(I don't know well Windows, sorry)

Do you have telnet in Windows? If yes try open a dos terminal and:
Code:
telnet 172.16.2.195 3389
See if it shows any output
But keefaz my home connection or Net connection from GSM Provider isn't part of my server network ,i mean isn't 172.16.xxx or 192.168.xxx is an internal private ip address? as for 192.168 (my ip) ,it assigned by my router and on the netstat output. it wasn't 192.168.xxx but my real public ip

sorry if i make confusion

Code:
[root@rms ~]# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      2454/snmpd
tcp        0      0 0.0.0.0:5801                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2641/mysqld
tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2136/portmap
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      3020/perl
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      2847/Xvnc
tcp        0      0 127.0.0.1:3350              0.0.0.0:*                   LISTEN      2696/xrdp-sesman
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2484/sshd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2497/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2718/sendmail
tcp        0      0 0.0.0.0:665                 0.0.0.0:*                   LISTEN      2179/rpc.statd
tcp        0      0 0.0.0.0:3389                0.0.0.0:*                   LISTEN      2692/xrdp
tcp        0   2040 172.16.2.195:22             202.167.44x.xxx:50764       ESTABLISHED 8000/sshd
tcp        0      0 :::80                       :::*                        LISTEN      2755/httpd
tcp        0      0 :::6001                     :::*                        LISTEN      2847/Xvnc
tcp        0      0 :::22                       :::*                        LISTEN      2484/sshd
tcp        0      0 :::443                      :::*                        LISTEN      2755/httpd
tcp        0      0 ::ffff:127.0.0.1:35383      ::ffff:127.0.0.1:25         TIME_WAIT   -
tcp        0      0 ::ffff:127.0.0.1:35384      ::ffff:127.0.0.1:25         TIME_WAIT   -
[root@rms ~]#
but anyway Here the output telnet from my Home Desktop
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\George B>telnet 172.16.2.195 3389
Connecting To 172.16.2.195...Could not open connection to the host, on port 3389
: Connect failed

C:\Users\George B>
But From server side maybe make sense if the telnet executed from my server ? and here's the out put

Code:
[root@rms ~]# telnet 172.16.2.195 3389
Trying 172.16.2.195...
Connected to 172.16.2.195 (172.16.2.195).
Escape character is '^]'.
it does connected to the specific port

Last edited by jojolendir; 01-07-2018 at 05:35 AM.
 
Old 01-07-2018, 05:23 AM   #13
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
Ah I didn't realize you want to connect from outside the local network...

How the external connections are routed to the server? With a router?
If yes, is tcp port 3389 forwarded to the server in the router?
 
1 members found this post helpful.
Old 01-07-2018, 06:11 AM   #14
jojolendir
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Regarding Forwarded port, to be honest i have no idea

(from my isp line >> OpenWrt Luci default configuration >> Desktop or any device ).

i just know it work i mean, it didn't have any problem connecting to other server aside this one

This is really make me curious to find out whats is the culprit especially when you mention about 172.16

Code:
tcp        0   2040 172.16.2.195:22             202.167.44x.xxx:50764       ESTABLISHED 8000/sshd
isnt 172.16.2.195:22 one should also my real public server ip address?
 
Old 01-07-2018, 10:53 AM   #15
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,230

Rep: Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724Reputation: 724
No,172.16.2.xxx is ip range reserved for local network
https://en.wikipedia.org/wiki/Private_network

I think it could be a routing issue here (tcp port 3389 not routed to local server)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh as socks proxy - channel 5: open failed: connect failed: Connection refused marchelloUA Linux - Security 0 01-16-2016 04:46 PM
Two network ports on same subnet failed thirun Linux - Networking 2 10-06-2014 11:29 PM
Bind9: NDC command failed : rndc: connect failed: connection refused Boudewijn Linux - Networking 19 01-02-2014 07:19 AM
ssh -L '>channel 3: open failed: connect failed:' Luke771 Linux - Networking 14 01-24-2012 03:14 AM
online_update failed - ERROR(Media:connection failed)[Connect failed] rover SUSE / openSUSE 8 02-22-2005 07:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration