The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
problem opening TCP ports problem opening TCP ports
Google UNIX.COM
Forums Portal Register Rules & FAQ Members List Arcade Search Today's Posts Mark Forums Read


IP Networking Questions involving TCP/IP, Routers, Hubs, Network protocols, etc go here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Opening TCP ports thehaapyappy UNIX for Dummies Questions & Answers 2 04-29-2008 07:52 AM
Opening ports raskita AIX 1 07-30-2007 05:18 AM
Problem Opening X-Clients in Solaris mahatma UNIX for Advanced & Expert Users 2 03-12-2006 10:08 PM
Problem opening port 9998 erica057 AIX 3 09-21-2005 02:27 AM
opening ports dryheat Security 9 03-21-2002 02:20 PM

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-29-2008
Registered User
  

Join Date: Apr 2008
Posts: 28
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
Unhappy problem opening TCP ports
Please can somebody help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
to open the ports but haven't been successful. I was told to make sure that your server TCP ports: 999, 1982, 1983 are fully open inbound and outbound and that destination IP address for those ports is 72.232.181.106.
I've been trying for ages to get these ports open, but haven't had any luck.
This is the first time I've ever used a dedicated server and I am very new to all of this so I in advance for lack of knowledge

Thanks
Reply With Quote
Forum Sponsor
  #2 (permalink)  
Old 04-29-2008
Registered User
  

Join Date: Mar 2006
Location: Ahmedabad
Posts: 112
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
man iptables
There is difference b/w -A (Append) option and -I (Insert). Probably you may have DROP/REJECT policy and you APPENDING ACCEPT policy so that ACCEPT will not considered if any DROP/REJECT will match before. Best you can do is to replace -A with -I in our posted iptables commands.
Reply With Quote
  #3 (permalink)  
Old 04-30-2008
Registered User
  

Join Date: Apr 2008
Posts: 28
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
I changed A to I, but it still doesn't seem to work. This is what I get:
Code:
Last login: Wed Apr 30 09:53:57 on console
Macintosh-2:~ lucyohara$ ssh root@213.171.206.28
root@213.171.206.28's password: 
Last login: Tue Apr 29 19:42:49 2008 from 78.146.65.6
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr 30 10:16:05 2008
*filter
:INPUT ACCEPT [112715:32372866]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [129770:72226245]
-A INPUT -i eth1 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -i eth1 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -i eth1 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Wed Apr 30 10:16:05 2008
[root@localhost ~]#
I'm trying to open the ports so that video can be streamed on the site, but the video still isn't showing at all
Reply With Quote
  #4 (permalink)  
Old 04-30-2008
Registered User
  

Join Date: Mar 2006
Location: Ahmedabad
Posts: 112
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
The netfilter user mailinglist
Please join that list from link http://www.netfilter.org/mailinglists.html#ml-user

Possibly your video application/protocol requires a netfilter helper. That protocl might NOT support NAT traversal. Usually it requires a complete network as well protocol understanding to setup a firewall.
Reply With Quote
  #5 (permalink)  
Old 04-30-2008
Registered User
  

Join Date: Apr 2008
Posts: 28
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
Thanks, I'll have a look at that
Reply With Quote
  #6 (permalink)  
Old 04-30-2008
Registered User
  

Join Date: Apr 2008
Posts: 28
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
I've been able to access the filewall file and the results by going to vi /etc/sysconfig/firewall

This will make the rules persistent across reboots. You can see the general commands to open ports up if you search for the appropriately commented areas.are:
Code:
#!/bin/sh

#fix for passive ftp connection tracking
/sbin/modprobe ip_conntrack_ftp

# Drop ICMP echo request messages sent to multicast or broadcast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# Enable TCP SYS cookie (DoS) protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

"/etc/sysconfig/firewall" 88L, 3244C
does that mean anything?
Reply With Quote
Google UNIX.COM
Reply

« can i force connecting to local web server via internet network ? | Porting DHCP from Linux to VxWorks »
Thread Tools
Display Modes
Linear Mode Linear Mode


The 50 most popular UNIX and Linux searches.
Google Search Cloud for The UNIX and Linux Forums
421 service not available, remote server has closed connection ^m automate ftp autosys awk trim bash eval bash for loop boot: cannot open kernel/sparcv9/unix command copy/move folder in unix curses.h cut command in unix daemon process export command in unix find grep find mtime find null character in a unix file glance unix grep multiple lines grep or grep recursive inaddr_any inappropriate ioctl for device lynx javascript mailx attachment mget mtime perl array length ping port remove first character from string in k shell replace space by comma , perl script scp recursive segmentation fault(coredump) sftp script snoop unix stale nfs file handle syn_sent tar exclude tar extract to folder test: argument expected unix unix .profile unix forum unix forums unix internals unix interview questions unix mtime unix simulator unix.com vi substitute while loop within while loop shell script


All times are GMT -7. The time now is 12:43 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101