unable to make 27000 port on listening mode

abdulmateen · 11-01-2010, 12:38 AM

i tried my best and write all the commands given below. but port 27000 is not in listening state.
Note: I spoofed MAC address (change MAC address)on this MAchine.
here is my iptables file.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-I RH-Firewall-1-INPUT -p tcp --dport 27000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 27000 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
and this is my netstat -nl result
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:711 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:705 0.0.0.0:*
udp 0 0 0.0.0.0:708 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 11779 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 8313 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 11512 /tmp/ssh-LKoyex5062/agent.5062
unix 2 [ ACC ] STREAM LISTENING 11546 /tmp/orbit-root/linc-1409-0-7c6be5b0374fa
unix 2 [ ACC ] STREAM LISTENING 11555 /tmp/orbit-root/linc-13c6-0-7c7a2e6c3edfe
unix 2 [ ACC ] STREAM LISTENING 11734 /tmp/keyring-PlSioC/socket
unix 2 [ ACC ] STREAM LISTENING 11744 /tmp/orbit-root/linc-140e-0-574f9dcbab14c
unix 2 [ ACC ] STREAM LISTENING 11764 /tmp/orbit-root/linc-1410-0-75110bb6c77d1
unix 2 [ ACC ] STREAM LISTENING 11875 /tmp/orbit-root/linc-1436-0-1489f1d4222f3
unix 2 [ ACC ] STREAM LISTENING 11915 /tmp/orbit-root/linc-143a-0-59430e305da82
unix 2 [ ACC ] STREAM LISTENING 11923 /tmp/orbit-root/linc-143e-0-59430e305e2a4
unix 2 [ ACC ] STREAM LISTENING 11950 /tmp/orbit-root/linc-143c-0-59430e307dd8b
unix 2 [ ACC ] STREAM LISTENING 11972 /tmp/orbit-root/linc-1440-0-59430e30b0b4e
unix 2 [ ACC ] STREAM LISTENING 12028 /tmp/orbit-root/linc-1449-0-3ec2cb2a3428e
unix 2 [ ACC ] STREAM LISTENING 12082 /tmp/orbit-root/linc-1444-0-534f727066d9f
unix 2 [ ACC ] STREAM LISTENING 12101 /tmp/orbit-root/linc-1453-0-534f7270eecc4
unix 2 [ ACC ] STREAM LISTENING 7904 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 12131 /tmp/orbit-root/linc-1455-0-2eb15f66522
unix 2 [ ACC ] STREAM LISTENING 12165 /tmp/orbit-root/linc-1457-0-2eb15fc085b
unix 2 [ ACC ] STREAM LISTENING 12192 /tmp/orbit-root/linc-1459-0-2eb15fd950e
unix 2 [ ACC ] STREAM LISTENING 12224 /tmp/orbit-root/linc-145b-0-7ef90f6961c20
unix 2 [ ACC ] STREAM LISTENING 13354 /tmp/orbit-root/linc-1649-0-6b128e058e2e5
unix 2 [ ACC ] STREAM LISTENING 13393 /tmp/orbit-root/linc-164b-0-40347acb4260f
unix 2 [ ACC ] STREAM LISTENING 11521 @/tmp/dbus-a22tTOqDqC
unix 2 [ ACC ] STREAM LISTENING 8380 /var/run/.iroha_unix/IROHA
unix 2 [ ACC ] STREAM LISTENING 8613 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8382 /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 10857 /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 12059 /tmp/mapping-root
unix 2 [ ACC ] STREAM LISTENING 10946 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 8536 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 11725 /tmp/.ICE-unix/5062

smoker · 11-01-2010, 01:05 AM

A port is either open or closed, it never listens. The program/server that requires port 27000 is the thing that listens, so if that's not running it won't appear in the list.

win32sux · 11-01-2010, 01:21 AM

smoker is right, and to illustrate his point:

Code:

win32sux@sandbox:~$ netstat -an --inet | grep LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:61221           0.0.0.0:*               LISTEN     
win32sux@sandbox:~$ nc -l 27000 &
[1] 1720
win32sux@sandbox:~$ netstat -an --inet | grep LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:27000           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:61221           0.0.0.0:*               LISTEN     
win32sux@sandbox:~$ kill 1720
win32sux@sandbox:~$ netstat -an --inet | grep LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:61221           0.0.0.0:*               LISTEN     
[1]+  Terminated              nc -l 27000
win32sux@sandbox:~$ netstat -an --inet | grep LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:61221           0.0.0.0:*               LISTEN     
win32sux@sandbox:~$

Notice how iptables plays absolutely no role here.