LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-28-2011, 08:32 PM   #1
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Rep: Reputation: 74
Opening a port for a server


I am trying to run a minecraft server from my slackware machine, but i am having an issue. The port for minecraft (25565) is open on my router, but it is reported as closed by all the open port check tools. I noticed that the same was happening for my VNC server. the port reports itself as closed until i actually open the vnc server software. for example

i check the vnc port (5900) when the vnc software is not running, and it is reported as closed. nmap localhost gives the following:

Code:
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
37/tcp   open  time
113/tcp  open  auth
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
631/tcp  open  ipp
6000/tcp open  X11
when i open up the vnc software, the port is reported as open, and i now get this:
Code:
PORT     STATE SERVICE
22/tcp   open  ssh
37/tcp   open  time
113/tcp  open  auth
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
631/tcp  open  ipp
5900/tcp open  vnc
6000/tcp open  X11
this would all be fine, except for minecraft, this doesnt happen. when i open the software and when the software is closed, the port is still marked as closed by the port check tools and is not listed by localhost.

is there a way to add my port (25565) to be open the same way as vnc, or if not, is there a way to have it be continuously open?
 
Old 01-28-2011, 08:40 PM   #2
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,068

Rep: Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453Reputation: 1453
It isn't clear where you are checking for the port to be open. The router or your slackware box?
 
Old 01-28-2011, 08:52 PM   #3
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 252Reputation: 252Reputation: 252
Greetingz!

Richard Cranium has a point, you aren't specifying if you're doing an nmap scan against your server directly, or the router.

However, as I see "time" & ports 139+445 open, I'm going to assume the former. I'm sure you have port 25565 on your router forwarded to your server (if the intent is to allow clients outside your network to connect to that service). With that said, are you running iptables on the server? If so, you might have to "tweak" it's configuration a little bit.

Determine If IPtables is "At Fault"
1) Stop IPtables
/etc/init.d/iptables stop
2) Start your service, and scan for it (or attempt to connect to it)
3) If successful. Start IPtables again (can't leave yourself vulnerable for too long).
4) Analyze and change the configuration of IPtables
sudo iptables --list

Good Luck!
 
Old 01-28-2011, 08:57 PM   #4
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
i dont have iptables installed, i dont think. i never configured it or made any effort to install it.

i need the port to be open on my slackware box, as it is already open on my router. the nmap scan was against my computer.
 
Old 01-28-2011, 09:36 PM   #5
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 252Reputation: 252Reputation: 252
Okay, good. If the service starts successfully, then the only thing that would block the port would be something like iptables.
Double-check and make sure it's not running (as it comes with most Linux distributions by default).

Just "sudo iptables --list", if you get "command not found" then we can look elsewhere. However, if you get something like this, then we need to take a crack at the config;

Code:
luser@lhost$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
luser@lhost$
 
Old 01-28-2011, 09:44 PM   #6
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
i got this:

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
so i guess it is installed.
 
Old 01-28-2011, 10:13 PM   #7
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,353

Rep: Reputation: Disabled
iptables _is_ installed but slackware doesn't come with a firewall script by default. You're expected to add one yourself if needed.

According to what I've read about Minecraft you need to forward the port with both TCP and UDP. Are you doing that?

Test with

nmap -p 25565 <your external IP>

and

nmap -p 25565 -sU <your external IP>
 
Old 01-28-2011, 10:16 PM   #8
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
neither of those work. i get
Code:
Invalid target host specification: 25565
QUITTING!
EDIT: i disbaled iptables as specified here: http://www.cyberciti.biz/faq/turn-on...wall-in-linux/ my port still isnt open. how does the vnc client open the port like that?

Last edited by trademark91; 01-28-2011 at 10:28 PM.
 
Old 01-28-2011, 10:47 PM   #9
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,353

Rep: Reputation: Disabled
You don't need to disable iptables if you've never set any rules, which by your previous post you haven't.

Don't know why you get those errors.

You shouldn't have /etc/init.d/iptables on slackware so that would have given an error.

Does nmapping the local address show anything different to external?

Last edited by dive; 01-28-2011 at 10:49 PM.
 
Old 01-28-2011, 10:50 PM   #10
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
i did the second option:
Code:
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
for some reason the port is being blocked locally on the computer.
 
Old 01-29-2011, 01:03 AM   #11
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 229Reputation: 229Reputation: 229
While the program is running you should first use netstat on the local machine to see if the port is actually open.
Code:
netstat -ln |fgrep 25565
Should return something.

If it does then perhaps tcpwrappers are to blame... do /etc/hosts.deny or /etc/hosts.allow have any entries?
 
Old 01-29-2011, 09:18 AM   #12
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
I don't know what's going on, but the usual way I open a port is:

Code:
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
 
Old 01-29-2011, 09:01 PM   #13
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
Quote:
Originally Posted by mRgOBLIN View Post
While the program is running you should first use netstat on the local machine to see if the port is actually open.
Code:
netstat -ln |fgrep 25565
Should return something.

If it does then perhaps tcpwrappers are to blame... do /etc/hosts.deny or /etc/hosts.allow have any entries?
this returns

Code:
tcp        0      0 0.0.0.0:25565           0.0.0.0:*
and no, neither of those files have any entries.
 
Old 01-30-2011, 01:19 AM   #14
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 229Reputation: 229Reputation: 229
Well that means the port is open and listening on all interfaces.

what happens if you try to telnet to that port from either the local or a remote machine.

Code:
telnet hostname 25565
 
Old 01-31-2011, 02:04 PM   #15
trademark91
Member
 
Registered: Sep 2009
Distribution: Slackware -current x64
Posts: 372

Original Poster
Rep: Reputation: 74
Quote:
Originally Posted by mRgOBLIN View Post
Well that means the port is open and listening on all interfaces.

what happens if you try to telnet to that port from either the local or a remote machine.

Code:
telnet hostname 25565
i got this:
Code:
[trademark91@drain:~]$ telnet localhost 25565                                   (01-31 13:04)
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
[trademark91@drain:~]$
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
opening a port satish Linux - Security 2 11-23-2006 03:14 PM
CentOS Opening port for FTP Server Thin Linux - Distributions 3 11-16-2005 12:38 PM
Opening port 80 nmoog Linux - Newbie 4 02-01-2004 05:00 PM
opening port for a game server Ashtray Linux - Networking 8 07-16-2003 08:33 AM
How to prevent X server from opening port 6000 glock19 Linux - General 5 05-23-2002 04:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration