Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to open port in linux
Top Forums UNIX for Advanced & Expert Users how to open port in linux Post 302558209 by justbow on Friday 23rd of September 2011 05:28:34 AM
Old 09-23-2011
how to open port in linux
hi experts,

I'm using Linux Centos kernel 2.6
Here is the print out of some my port :

Code:
tcp        0      0 127.0.0.1:10080             0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:10081             0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:10082             0.0.0.0:*                   LISTEN      
tcp        0      0 ::1:10080                   :::*                        LISTEN      
tcp        0      0 ::1:10081                   :::*                        LISTEN      
tcp        0      0 ::1:10082                   :::*                        LISTEN

Actually i want the port can be access from the other machine. I try to configure the iptables below : but still have failed when implemented :

Code:
[root@localhost ~]# cat /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10079 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10081 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10082 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10083 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10084 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10089 -j ACCEPT

[root@localhost ~]# /etc/init.d/iptables restart
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: mangle filter nat [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed
[FAILED]

I'm trying to access the port from other machine still failed.

Code:
[~]$ telnet 74.82.162.xx 10080
Trying 74.82.162.xx...

telnet: Unable to connect to remote host: Connection timed out

Anybody can help me?
Thanks.
Last edited by pludi; 09-23-2011 at 07:00 AM..
 

10 More Discussions You Might Find Interesting

1. Solaris

Solaris 8 to many open port

hi all, My OS is solaris 8 with core system installation only. so far everything works fine. by i do some testing from my xp pc as client to nmap and scan opening port to my solaris. the result as below: Initiating SYN Stealth Scan against 10.10.10.10 at 16:25 Discovered open port 21/tcp on... (3 Replies)
Discussion started by: hezry79
3 Replies

2. Linux

open port

How can I open a port on linux machine ??? (5 Replies)
Discussion started by: mm00123
5 Replies

3. AIX

How to open a port in AIX

Hi Guys, i am trying to open a port in AIX. but i am not able to get the command for this. AIX is not having the iptables file present. So please any body can tell me how to open a port in AIX... Thanks sanju (2 Replies)
Discussion started by: sanju_d1231
2 Replies

4. IP Networking

Unknown open port: "6881/tcp open bittorrent-tracker" found with nmap

Hi. I ran nmap on my server, and I get the following: Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-19 16:33 EDT Interesting ports on -------- (-----): Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 6881/tcp open bittorrent-tracker The... (0 Replies)
Discussion started by: Rledley
0 Replies

5. Solaris

how to open specific port

Dear members, My release is open Solaris b103 1- How to know the opening port in my system 2- How to open a specific port like port number 53 3- How to closed the specific port like port number 53 Your feedback highly appreciated (10 Replies)
Discussion started by: dellroxy
10 Replies

6. UNIX for Dummies Questions & Answers

Linux - How to Open a Port

Hi, I would like to open a specific port for use with a bespoke application. Before everyone points me to other threads - I read a few but couldn't find any specific to my problem. Iptables / firewall is disabled SELinux is also disabled I would just like to assign this port to this... (0 Replies)
Discussion started by: mcclunyboy
0 Replies

7. Red Hat

Open port with iptables

Hi, What iptables command do I need to run in order to open up the following port for incomming traffic on the following server: # telnet 127.0.0.1 1521 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection... (3 Replies)
Discussion started by: Duffs22
3 Replies

8. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

9. Solaris

Solaris 10: How to just open a port - nothing else

Hi there, I tried just open a port but I failed ;-( # telnet localhost 9876 That should work so I did ... # vi /etc/services myport 9876/tcp # my port # svcadm restart inetd -> New pid, see ps - ef | grep inet # netstat -an | grep 9876 No port 9876 is waiting ;( #... (4 Replies)
Discussion started by: System
4 Replies

10. UNIX for Beginners Questions & Answers

Script for port is open or not

I need a script on which if i will pass the port number and the host name as external parameter then it should respond me if the port is open or not thread moved (0 Replies)
Discussion started by: patitapaban
0 Replies

LEARN ABOUT DEBIAN

ufw-framework

UFW 
FRAMEWORK(8)						   October 2011 						  UFW FRAMEWORK(8)

NAME

       ufw-framework - using the ufw framework

DESCRIPTION

       ufw provides both a command line interface and a framework for managing a netfilter firewall. While the ufw command provides an easy to use
       interface for managing a firewall, the ufw framework provides the administrator methods to customize default behavior  and  add	rules  not
       supported by the command line tool. In this way, ufw can take full advantage of Linux netfilter's power and flexibility.

OVERVIEW

       The framework provides boot time initialization, rules files for adding custom rules, a method for loading netfilter modules, configuration
       of kernel parameters and configuration of IPv6. The framework consists of the following files:

       /lib/ufw/ufw-init
	      initialization script

       /etc/ufw/before[6].rules
	      rules file containing rules evaluated before UI added rules

       /lib/ufw/user[6].rules
	      rules file containing UI added rules (managed with the ufw command)

       /etc/ufw/after[6].rules
	      rules file containing rules evaluated after UI added rules

       /etc/default/ufw
	      high level configuration

       /etc/ufw/sysctl.conf
	      kernel network tunables

       /etc/ufw/ufw.conf
	      additional high level configuration

BOOT INITIALIZATION

       ufw is started on boot with /lib/ufw/ufw-init. This script is a standard SysV style initscript used by the ufw command and  should  not	be
       modified. It supports the following arguments:

       start: loads the firewall

       stop:  unloads the firewall

       restart:
	      reloads the firewall

       force-reload:
	      same as restart

       status:
	      basic status of the firewall

       force-stop:
	      same as stop, except does not check if the firewall is already loaded

       flush-all:
	      flushes the built-in chains, deletes all non-built-in chains and resets the policy to ACCEPT

       ufw  uses  many user-defined chains in addition to the built-in iptables chains. If MANAGE_BUILTINS in /etc/default/ufw is set to 'yes', on
       stop and reload the built-in chains are flushed. If it is set to 'no', on stop and reload the ufw secondary chains are removed and the  ufw
       primary	chains are flushed. In addition to flushing the ufw specific chains, it keeps the primary chains in the same order with respect to
       any other user-defined chains that may have been added. This allows for ufw to interoperate with other software that may manage	their  own
       firewall rules.

       To ensure your firewall is loading on boot, you must integrate this script into the boot process. Consult your distribution's documentation
       for the proper way to modify your boot process if ufw is not already integrated.

RULES FILES

       ufw  is	in  part  a  front-end	for  iptables-restore,	with  its  rules  saved   in   /etc/ufw/before.rules,	/etc/ufw/after.rules   and
       /lib/ufw/user.rules.  Administrators  can  customize  before.rules  and	after.rules as desired using the standard iptables-restore syntax.
       Rules are evaluated as follows: before.rules first, user.rules next, and after.rules last. IPv6 rules are evaluated in the same	way,  with
       the  rules files named before6.rules, user6.rules and after6.rules. Please note that ufw status only shows rules added with ufw and not the
       rules found in the /etc/ufw rules files.

       Important: ufw only uses the *filter table by default. You may add any other tables such as *nat, *raw and *mangle as desired. For each ta-
       ble a corresponding COMMIT statement is required.

       After  modifying  any  of these files, you must reload ufw for the rules to take effect.  See the EXAMPLES section for common uses of these
       rules files.

MODULES

       Netfilter has many different connection tracking modules. These modules are aware of the underlying protocol and allow the administrator to
       simplify  his  or  her rule sets. You can adjust which netfilter modules to load by adjusting IPT_MODULES in /etc/default/ufw. Some popular
       modules to load are:

	 nf_conntrack_ftp
	 nf_nat_ftp
	 nf_conntrack_irc
	 nf_nat_irc
	 nf_conntrack_netbios_ns
	 nf_conntrack_pptp
	 nf_conntrack_tftp
	 nf_nat_tftp

KERNEL PARAMETERS

       ufw will read in /etc/ufw/sysctl.conf on boot when  enabled.   Please  note  that  /etc/ufw/sysctl.conf	overrides  values  in  the  system
       systcl.conf (usually /etc/sysctl.conf). Administrators can change the file used by modifying /etc/default/ufw.

IPV6
       IPv6  is  enabled by default. When disabled, all incoming, outgoing and forwarded packets are dropped, with the exception of traffic on the
       loopback interface.  To adjust this behavior, set IPV6 to 'yes' in /etc/default/ufw. See the ufw manual page for details.

EXAMPLES

       As mentioned, ufw loads its rules files into the kernel by using the iptables-restore and ip6tables-restore commands. Users wanting to  add
       rules  to  the  ufw  rules files manually must be familiar with these as well as the iptables and ip6tables commands. Below are some common
       examples of using the ufw rules files.  All examples assume IPv4 only and that DEFAULT_FORWARD_POLICY in /etc/default/ufw is set to DROP.

   IP Masquerading
       To allow IP masquerading for computers from the 10.0.0.0/8 network to share the single IP address on eth0:

       Edit /etc/ufw/sysctl.conf to have:
	       net.ipv4.ip_forward=1

       Add to the end of /etc/ufw/before.rules, after the *filter section:
	       *nat
	       :POSTROUTING ACCEPT [0:0]
	       -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
	       COMMIT

       If your firewall is using IPv6 tunnels or 6to4 and is also doing NAT, then you should not usually masquerade protocol '41' (ipv6)  packets.
       For example, instead of the above, /etc/ufw/before.rules can be adjusted to have:
	       *nat
	       :POSTROUTING ACCEPT [0:0]
	       -A POSTROUTING -s 10.0.0.0/8 --protocol ! 41 -o eth0 -j MASQUERADE
	       COMMIT

   Port Redirections
       To forward tcp port 80 on eth0 to go to the webserver at 10.0.0.2:

       Edit /etc/ufw/sysctl.conf to have:
	       net.ipv4.ip_forward=1

       Add to the *filter section of /etc/ufw/before.rules:
	       -A ufw-before-forward -m state --state RELATED,ESTABLISHED 
		 -j ACCEPT
	       -A ufw-before-forward -m state --state NEW -i eth0 
		 -d 10.0.0.2 -p tcp --dport 80 -j ACCEPT

       Add to the end of /etc/ufw/before.rules, after the *filter section:
	       *nat
	       :PREROUTING ACCEPT [0:0]
	       -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT 
		 --to-destination 10.0.0.2:80
	       COMMIT

   Egress filtering
       To block RFC1918 addresses going out of eth0:

       Add in the *filter section of /etc/ufw/before.rules:
	       -A ufw-before-forward -o eth0 -d 10.0.0.0/8 -j REJECT
	       -A ufw-before-forward -o eth0 -d 172.16.0.0/12 -j REJECT
	       -A ufw-before-forward -o eth0 -d 192.168.0.0/16 -j REJECT

   Full example
       This  example combines the other examples and demonstrates a simple routing firewall. Warning: this setup is only an example to demonstrate
       the functionality of the ufw framework in a concise and simple manner and should not be used in production without understanding what  each
       part does and does not do. Your firewall will undoubtedly want to be less open.

       This  router/firewall has two interfaces: eth0 (Internet facing) and eth1 (internal LAN). Internal clients have addresses on the 10.0.0.0/8
       network and should be able to connect to anywhere on the Internet. Connections to  port	80  from  the  Internet  should  be  forwarded	to
       10.0.0.2.  Access  to  ssh  port  22  from the administrative workstation (10.0.0.100) to this machine should be allowed. Also make sure no
       internal traffic goes to the Internet.

       Edit /etc/ufw/sysctl.conf to have:
		net.ipv4.ip_forward=1

       Add to the *filter section of /etc/ufw/before.rules:
	       -A ufw-before-forward -m state --state RELATED,ESTABLISHED 
		 -j ACCEPT

	       -A ufw-before-forward -i eth1 -s 10.0.0.0/8 -o eth0 -m state 
		 --state NEW -j ACCEPT

	       -A ufw-before-forward -m state --state NEW -i eth0 
		 -d 10.0.0.2 -p tcp --dport 80 -j ACCEPT

	       -A ufw-before-forward -o eth0 -d 10.0.0.0/8 -j REJECT
	       -A ufw-before-forward -o eth0 -d 172.16.0.0/12 -j REJECT
	       -A ufw-before-forward -o eth0 -d 192.168.0.0/16 -j REJECT

       Add to the end of /etc/ufw/before.rules, after the *filter section:
	       *nat
	       :PREROUTING ACCEPT [0:0]
	       :POSTROUTING ACCEPT [0:0]
	       -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT 
		 --to-destination 10.0.0.2:80
	       -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
	       COMMIT

       For allowing ssh on eth1 from 10.0.0.100, use the ufw command:
	       # ufw allow in on eth1 from 10.0.0.100 to any port 22 proto tcp

SEE ALSO

       ufw(8), iptables(8), ip6tables(8), iptables-restore(8), ip6tables-restore(8), sysctl(8), sysctl.conf(5)

AUTHOR

       ufw is Copyright 2008-2011, Canonical Ltd.

       ufw and this manual page was originally written by Jamie Strandboge <jamie@canonical.com>

October 2011															  UFW FRAMEWORK(8)
All times are GMT -4. The time now is 07:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy