Unable to open a port

anwar5006 · 10-22-2012, 11:10 PM

I have installed oracle weblogic Admini server in machine 1 and managed server in machine 2.

I need to open a port - 5556 on both machine 1 and machine 2.

i have added port no. 5556 on /etc/sysconfig/iptables using the command

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5556 -j ACCEPT

but when i telnet ip and port no. from machine2 to machine1 or machine1 to machine2

i get the following output . .

Telnet from machine1 to machine 2 :-

[root@machine1 sysconfig]# telnet 20.42.15.184 5556
Trying 20.42.15.184...
telnet: connect to address 20.42.15.184: No route to host
telnet: Unable to connect to remote host: No route to host
[root@machine1 sysconfig]#

Telnet machine2 to machine1:-

[root@machine2 wmeadmin]# telnet 20.42.15.199 5556
Trying 20.42.15.199...
telnet: connect to address 20.42.15.199: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@machine2 wmeadmin]#

Kindly guide me . .

chrism01 · 10-22-2012, 11:30 PM

Start with checking the firewalls

Code:

cat /etc/sysconfig/iptables

on both.
Did you restart iptables after adding that rule?
Also check /etc/hosts.allow, /etc/hosts.deny

anwar5006 · 10-23-2012, 02:46 AM

Am getting this output when restart iptable on Machine1

[root@machine1 etc]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 7 failed
[FAILED]
[root@machine1 etc]#

For Machine2 it is successful

[root@CSCWMEALD184V wmeadmin]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]ntrack_ftp
[root@CSCWMEALD184V wmeadmin]#

[root@CSCWMEALD199V etc]# more hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#

[root@CSCWMEALD199V etc]# more hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!

[root@CSCWMEALD199V etc]#

chrism01 · 10-23-2012, 04:49 AM

Well obviously you need to fix machine 1 iptables

anwar5006 · 10-23-2012, 08:40 AM

can anyone tell me how to do it ?

TB0ne · 10-23-2012, 09:23 AM

Quote:

Originally Posted by anwar5006

can anyone tell me how to do it ?

Well, you obviously KNOW how to modify iptables, since in your VERY FIRST POST you told us you modified the iptables rules, by editing "/etc/sysconfig/iptables".

Try doing that...and, since you got an error on line 7, pay particular attention to that line.

anwar5006 · 10-24-2012, 05:14 AM

Well . . i checked port on machine 2 whethere it is opened or not.

I executed the command - nmap -P0 -T4 hostname -p 5556

[root@machine2 sysconfig]# nmap -P0 -T4 machine2 -p 5556

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-10-24 11:13 BST
Interesting ports on machuine2 (20.42.15.184):
PORT STATE SERVICE
5556/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 0.033 seconds
[root@machine2 sysconfig]#

I observed that Port is Open on machine2, but machine1 is unable to communicate to it . .

anwar5006 · 10-24-2012, 05:15 AM

Can any expert tell . . how can i make it communicate . . ?

TB0ne · 10-24-2012, 09:17 AM

Quote:

Originally Posted by anwar5006

Can any expert tell . . how can i make it communicate . . ?

Don't bump your own thread...and did you do as was suggested? That is, look in the file you made changes to (the one YOU mentioned), and pay attention to the line you posted the error about (line 7)?

Running nmap without doing ANYTHING to the iptables rules is fairly pointless. And have you completely gone through the installation documents, that walk you through the installation?
http://docs.oracle.com/cd/E23943_01/manage.htm

anwar5006 · 10-25-2012, 04:25 AM

I am not dumping the thread . .

The reason for executing nmap is to identify whether port 5556 is opened on not. Iptable error message was throwing on machine 1 and i executed nmap command on machine 2 - where i wanted to open the port. nmap cmd is to identify whether port is opened or not.

issue - i was unable to telnet machine2_ip port_no - from machine1.

Temoparary solution :-

- we can off iptable = using the cmd services iptables stop

I know this not a good practice to off iptable, but my goal was to communicate port between two machine for oracle weblogic. I did.

Thanks guys for ur reply.

TB0ne · 10-25-2012, 09:22 AM

Quote:

Originally Posted by anwar5006

I am not dumping the thread . .

Yes, you did...and it's called "bumping". You posted ONE MINUTE after your other post, with no new information, and a further request for help.

Quote:

The reason for executing nmap is to identify whether port 5556 is opened on not. Iptable error message was throwing on machine 1 and i executed nmap command on machine 2 - where i wanted to open the port. nmap cmd is to identify whether port is opened or not.

issue - i was unable to telnet machine2_ip port_no - from machine1.

Temoparary solution :-
- we can off iptable = using the cmd services iptables stop
I know this not a good practice to off iptable, but my goal was to communicate port between two machine for oracle weblogic. I did.
Thanks guys for ur reply.

Spell out your words. And yes, we realize why you did nmap, but until you modify the iptables rules (as you did in your very first post), you'll have a problem. Not sure why you could do it on one machine, but can't do it on another, but turning off iptables is an extreme solution.