how to open port

amartlk · 04-29-2011, 07:12 AM

pls reply

savona · 04-29-2011, 08:09 AM

Well looking at the output of your command this shows me that the port is open:

Code:

0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:xmpp-client

Are you sure the traffic is coming in on eth1? Lets try to simplify it for a test.

run the following commands.

Code:

iptables -D INPUT 5
iptables -I INPUT -p tcp --dport 5222 -j ACCEPT
service iptables save

Then try it. What we are doing is allowing traffic on both interfaces not just eth1.

amartlk · 04-29-2011, 11:44 PM

still the problem is there , i also addedd make acl of this port in squid and allow http_access but yet the problem is not solved
Regards
Amar

amartlk · 04-30-2011, 02:23 AM

anyone reply pls

amartlk · 05-02-2011, 02:02 AM

hi

still not reply pls anyone look into same and pls guide me for this

Amar

savona · 05-02-2011, 07:27 AM

OK, so what interface is connected to the internet? Is there a firewall or other device between this interface and the internet?

amartlk · 05-03-2011, 12:10 AM

i have 2 land card eth0 connected to local lan and eth1 conneted connected to internet and there is only iptables firewall between server and internet

Amar

savona · 05-03-2011, 08:38 AM

Quote:

Originally Posted by amartlk

i have 2 land card eth0 connected to local lan and eth1 conneted connected to internet and there is only iptables firewall between server and internet

Amar

So the server is connected directly to what? A cable modem?

Why are you mentioning squid?

I am not sure if English is your first language, but you have to try to be more clear about your configuration.

amartlk · 05-04-2011, 02:22 AM

the server is connected directly to A cable modem

AmaR

savona · 05-04-2011, 06:49 AM

Ok can you post the output of the following commands:

1) ifconfig -a

2) route -n

3) iptables -L -vn

amartlk · 05-04-2011, 09:28 AM

#ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:14:85:96:1C:A7
inet addr:172.xx.x.xx Bcast:ip add Mask:255.255.255.0
inet6 addr: fe80::214:85ff:fe96:1ca7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7112482 errors:0 dropped:29 overruns:0 frame:0
TX packets:9584178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1285102927 (1.1 GiB) TX bytes:214755104 (204.8 MiB)
Interrupt:193 Base address:0x6000

eth1 Link encap:Ethernet HWaddr 00:08:A1:7B:A0:F9
inet addr:ip address Bcast:ip address Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:fe7b:a0f9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6823279 errors:0 dropped:0 overruns:0 frame:0
TX packets:6689436 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1841316309 (1.7 GiB) TX bytes:1197242546 (1.1 GiB)
Interrupt:185 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:117754 errors:0 dropped:0 overruns:0 frame:0
TX packets:117754 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:57546180 (54.8 MiB) TX bytes:57546180 (54.8 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

#route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ip address 0.0.0.0 255.255.255.0 U 0 0 0 eth1
ip address 0.0.0.0 255.255.255.0 U 0 0 0 eth0
ip address 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 ip address 0.0.0.0 UG 0 0 0 eth1

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ipaddress 0.0.0.0 255.255.255.0 U 0 0 0 eth1
ap address 0.0.0.0 255.255.255.0 U 0 0 0 eth0
ip address 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 ip address 0.0.0.0 UG 0 0 0 eth1
[root@venus ~]# iptables -I INPUT -p tcp --dport 5222 -j ACCEPT
You have new mail in /var/spool/mail/root
[root@venus ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@venus ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat mangle [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

# iptables -L -vn

Chain INPUT (policy ACCEPT 87 packets, 8044 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
81 17209 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
29 13737 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:3128
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:3128 state RELATED,ESTABLISHED
32 7870 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

Chain FORWARD (policy ACCEPT 2 packets, 92 bytes)
pkts bytes target prot opt in out source destination
2 92 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
2 123 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
2 123 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 100 packets, 15658 bytes)
pkts bytes target prot opt in out source destination
69 13430 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
46 15733 ACCEPT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

Amar

savona · 05-04-2011, 09:44 AM

Quote:

Originally Posted by amartlk

#ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:14:85:96:1C:A7
inet addr:172.xx.x.xx Bcast:ip add Mask:255.255.255.0
inet6 addr: fe80::214:85ff:fe96:1ca7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7112482 errors:0 dropped:29 overruns:0 frame:0
TX packets:9584178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1285102927 (1.1 GiB) TX bytes:214755104 (204.8 MiB)
Interrupt:193 Base address:0x6000

eth1 Link encap:Ethernet HWaddr 00:08:A1:7B:A0:F9
inet addr:ip address Bcast:ip address Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:fe7b:a0f9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6823279 errors:0 dropped:0 overruns:0 frame:0
TX packets:6689436 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1841316309 (1.7 GiB) TX bytes:1197242546 (1.1 GiB)
Interrupt:185 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:117754 errors:0 dropped:0 overruns:0 frame:0
TX packets:117754 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:57546180 (54.8 MiB) TX bytes:57546180 (54.8 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

#route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ip address 0.0.0.0 255.255.255.0 U 0 0 0 eth1
ip address 0.0.0.0 255.255.255.0 U 0 0 0 eth0
ip address 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 ip address 0.0.0.0 UG 0 0 0 eth1

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ipaddress 0.0.0.0 255.255.255.0 U 0 0 0 eth1
ap address 0.0.0.0 255.255.255.0 U 0 0 0 eth0
ip address 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 ip address 0.0.0.0 UG 0 0 0 eth1
[root@venus ~]# iptables -I INPUT -p tcp --dport 5222 -j ACCEPT
You have new mail in /var/spool/mail/root
[root@venus ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@venus ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat mangle [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

# iptables -L -vn

Chain INPUT (policy ACCEPT 87 packets, 8044 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
81 17209 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
29 13737 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:3128
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:3128 state RELATED,ESTABLISHED
32 7870 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

Chain FORWARD (policy ACCEPT 2 packets, 92 bytes)
pkts bytes target prot opt in out source destination
2 92 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
2 123 LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
2 123 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 100 packets, 15658 bytes)
pkts bytes target prot opt in out source destination
69 13430 LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
46 15733 ACCEPT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

Amar

I do not understand any of your posted examples. Are you replacing the ip addresses with 0.0.0.0 or is this really what you see?

If eth0 is your local lan why are you blocking a 172 reserved ip space with x's?

Your current iptables config will accept all incoming traffic as you have no reject/deny statements anywhere in the INPUT chain.

I can not help you will all these 0's which make it virtually impossible for me to find a problem. if you want try posting again and maybe change the first three digits of your ip range to 999 or something.

amartlk · 05-05-2011, 07:54 AM

hi

pls find the output

# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:14:85:96:1C:A7
inet addr:192.15.10.24 Bcast:192.15.10.255 Mask:255.255.255.0
inet6 addr: fe80::214:85ff:fe96:1ca7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7112482 errors:0 dropped:29 overruns:0 frame:0
TX packets:9584178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1285102927 (1.1 GiB) TX bytes:214755104 (204.8 MiB)
Interrupt:193 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:117754 errors:0 dropped:0 overruns:0 frame:0
TX packets:117754 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:57546180 (54.8 MiB) TX bytes:57546180 (54.8 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
222.52.74.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.15.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 222.52.74.1 0.0.0.0 UG 0 0 0 eth1

# iptables -L -vn
Chain INPUT (policy ACCEPT 193K packets, 58M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
781K 131M LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
688K 120M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:3128
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp spt:3128 state RELATED,ESTABLISHED
805K 802M ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

Chain FORWARD (policy ACCEPT 266K packets, 178M bytes)
pkts bytes target prot opt in out source destination
258K 178M LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
264K 71M LOG all -- eth0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_IN:'
264K 71M ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1112K packets, 917M bytes)
pkts bytes target prot opt in out source destination
998K 883M LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'
832K 137M ACCEPT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp spt:80

eth1 Link encap:Ethernet HWaddr 00:08:A1:7B:A0:F9
inet addr:222.52.74.13 Bcast:222.52.74.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:fe7b:a0f9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6823279 errors:0 dropped:0 overruns:0 frame:0
TX packets:6689436 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1841316309 (1.7 GiB) TX bytes:1197242546 (1.1 GiB)
Interrupt:185 Base address:0x2000