LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Questions about open ports on RH Linux server (https://www.linuxquestions.org/questions/linux-newbie-8/questions-about-open-ports-on-rh-linux-server-668948/)

xmdms 09-10-2008 10:48 AM

Questions about open ports on RH Linux server
 
I am running RHAS 4.0 with Firewall disabled. My question is, if I have an application required to use certain port for the listener, would I have to open that port or the port will open it and listen to it as I run the application??? I can specify which port to use within the application. Of course, the corp. firewall will be open on the public IP address and then NAT to this Linux server.


Any ideas? Please advice.

Thank you in advance.

J

w3bd3vil 09-10-2008 05:00 PM

You shouldn't need to do anything if all your traffic is NAT'ed properly to the server.

sundialsvcs 09-11-2008 12:00 AM

It depends upon who you intend ... and who you intend to allow or disallow ... to "reach" that port.

If the traffic is to come in from the Internet, then your router must be told to offer a particular open-port to the Internet, and to direct all traffic from that port to "a particular port on a particular (inward-side) computer." Then, that computer must be prepared ... by firewalls and such ... to accept the connection.

If traffic is not to come from the Internet, then your router should receive no such instruction. It won't allow inbound, unsolicited connection requests to come in from the Internet to anyone at all. It is therefore "your first-line gatekeeper."

Nevertheless, on your internal network, any computer that is offering services to the internal net must have firewall-rules that permit the necessary connections to be made. Those rules should prohibit any connections (e.g. from the router) that should not be made.

xmdms 09-11-2008 09:54 AM

Quote:

Originally Posted by sundialsvcs (Post 3276658)
It depends upon who you intend ... and who you intend to allow or disallow ... to "reach" that port.

If the traffic is to come in from the Internet, then your router must be told to offer a particular open-port to the Internet, and to direct all traffic from that port to "a particular port on a particular (inward-side) computer." Then, that computer must be prepared ... by firewalls and such ... to accept the connection.

If traffic is not to come from the Internet, then your router should receive no such instruction. It won't allow inbound, unsolicited connection requests to come in from the Internet to anyone at all. It is therefore "your first-line gatekeeper."

Nevertheless, on your internal network, any computer that is offering services to the internal net must have firewall-rules that permit the necessary connections to be made. Those rules should prohibit any connections (e.g. from the router) that should not be made.

Okay, I would like to understand more on this topic. Since I am not using the firewall functionality on the Linux server and my corporate firewall is modified to allow xxx.xx.xx:xxxx to get through and access the server. Yes, the connection is made from the WWW through the firewall with desinated port xxxx - Now, do I need to do anything from the server stand-point to answer on that particular port?? For an example: I would like to use port 9501 for an example, so the IP address should be xxx.xx.xxx:9501

The command that I used to see if anything running on that port is:
netstat -nap | grep 9501
And it came back with nothing. However, when I tried to talk to the port 9501 (command that I used, nc 9501) and it came back with "no port[s] to connect to". So, I typed service iptables status and it came back with "Firewall is stopped.".

I don't really understand if I can or can't use this port or when can I use this point.

Please help!!

Thanks,

j




Thanks!!

chrism01 09-11-2008 07:45 PM

Is your piece of SW up and running on that port? Use netstat cmd to check.

xmdms 09-12-2008 06:13 AM

Quote:

Originally Posted by chrism01 (Post 3277751)
Is your piece of SW up and running on that port? Use netstat cmd to check.

No, I haven't tried it...I would like to know if I need to do anything at the OS level first before telling my application to use certain port.

Thanks,

chrism01 09-12-2008 06:58 AM

The easiest way is to startup your app and see if it runs. Check its using the port you expect with the netstat cmd.
Then try to talk to it from outside. You can also use nmap to check if its visible.
If not, run the cmd
iptables -L
as root and post the results.


All times are GMT -5. The time now is 04:02 AM.