Login or Register to Ask a Question and Join Our Community


Solaris

Open port in Solaris 8 (not accessible from outside)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Open port in Solaris 8 (not accessible from outside)
# 1  
Old 10-01-2009
Question Open port in Solaris 8 (not accessible from outside)
Hello guys,

I've recentrly installed a Tomcat server in our Solaris 8 servers, and while it's properly configured and running already, I can't access the port from outside the network segment the server is on.

I.e., we have 4 servers in the same segment (consecutive IP addresses), and if I try to connect to my Tomcat server from a browser inside any of this servers using http://xxx.xxx.xxx.xxx: port/tomcat-webapp it will successfully establish a connection and display the app. However, if I do it from an off-segment machine, it won't establish the connection.

I ran nmap from my local machine to scan said server, and the ports I'm interested in opening are shown as "filtered". The other thing is, if I try to connect to a port on that same server with no listening daemon, the browser will almost-instatly spit out the connection error, as it won't actually connect (stays at "connecting..." status). However, on the aforementioned port (7080) it will say "Connecting..." then "Waiting for xxx.xxx.xxx.xxx..."...and it stays there for some time until it breaks.

So, I'm guessing that the port is actually opened and ready for service, but somehow it's being filtered/restricted from access outside the segment.

Any ideas on how can I find what's the problem? Unfortunately, the previous sysadmin didn't leave any docs about this (I know...), so I have no idea if theres a firewall up or not. I tried running the "iptables" command, and it says it doesn't exist, so I'm guessing this is not the firewall that's blocking the port.

What other tools/commands/config files should I check out to trace the offending program and "unfilter" the port?

Thanks a lot!
Last edited by Acapulco; 10-01-2009 at 03:29 PM..
# 2  
Old 10-01-2009
you most likely will need to talk to your net admin(s) about this. if you have security officers, they will need to address this as its most likely the port (i'm guessing 8080 here) that is being blocked. i doubt its a vlan issue especially if you can remotely connect to the device
# 3  
Old 10-01-2009
Hey pupp, thanks for responding!

Uhmm..you see, the problem is...I'm everything...sysadmin, netadmin aaaand....dba.... I know...but we have to get by as it is.

This being said, I have no idea how/why is the port blocked and how to unblock it, so if you have any pointers on where to start looking, it would be of great help. Also, I know some ports are open, and what I did was move my tomcat server to listen to the port 80 and it's working now, but I can't let it stay there.

Could you point me in the right direction please? I checked the inetd.conf, the /etc/services and as far as I know there's no firewall, at least none that I know of.

Where can I start to sort this out?

Thanks again!
# 4  
Old 10-02-2009
not a host level firewall but rather a network layer firewall. some firewall is sitting between your two network segments and analyzing traffic. its blocking port 8080 (or whatever you have tomcat listening on) and allowing 80. why not keep it at 80?

also, from the external segment, run a traceroute to the tomcat server ip and post the output.
Last edited by pupp; 10-02-2009 at 12:54 AM..
# 5  
Old 10-02-2009
Hi pupp,

Ok, so, how could I check if there's a network-layer firewall?

Here's the traceroute...it's in Spanish, where it says "Tiempo de espera agotado para esta solicitud" basically means a timeout happened, so as you can see, I can only trace the connection up to a certain point, but it's probably because of the network settings of the company I work for, 'cause doing a traceroute to Google yields almost the same results (i.e. timeout after 7 hops).

Anyway, here's the traceroute in case it helps:


Code:
C:\Documents and Settings\Administrador>tracert 200.xxx.xxx.xxx

Traza a la dirección xxxxxxxxxxxxxxxxxxxxxx [200.xxx.xxx.xxx]
sobre un máximo de 30 saltos:

  1    27 ms     1 ms     1 ms  10.108.xxx.xxx
  2     1 ms     1 ms    <1 ms  10.190.xxx.xxx
  3     1 ms     1 ms     1 ms  10.190.xxx.xxx
  4    29 ms    18 ms    18 ms  10.111.xxx.xxx
  5    20 ms    19 ms    19 ms  10.79.xxx.xxx
  6    19 ms    19 ms    19 ms  10.79.xxx.xxx
  7    19 ms    19 ms    18 ms  10.77.xxx.xxx
  8     *        *        *     Tiempo de espera agotado para esta solicitud.
  9     *        *        *     Tiempo de espera agotado para esta solicitud.
 10     *        *        *     Tiempo de espera agotado para esta solicitud.
 11     *        *        *     Tiempo de espera agotado para esta solicitud.
 12     *        *        *     Tiempo de espera agotado para esta solicitud.
 13     *        *        *     Tiempo de espera agotado para esta solicitud.
 14     *        *        *     Tiempo de espera agotado para esta solicitud.
 15     *        *        *     Tiempo de espera agotado para esta solicitud.
 16     *        *        *     Tiempo de espera agotado para esta solicitud.
 17     *        *        *     Tiempo de espera agotado para esta solicitud.
 18     *        *        *     Tiempo de espera agotado para esta solicitud.
 19     *        *        *     Tiempo de espera agotado para esta solicitud.
 20     *        *        *     Tiempo de espera agotado para esta solicitud.
 21     *        *        *     Tiempo de espera agotado para esta solicitud.
 22     *        *        *     Tiempo de espera agotado para esta solicitud.
 23     *        *        *     Tiempo de espera agotado para esta solicitud.
 24     *        *        *     Tiempo de espera agotado para esta solicitud.
 25     *        *        *     Tiempo de espera agotado para esta solicitud.
 26     *        *        *     Tiempo de espera agotado para esta solicitud.
 27     *        *        *     Tiempo de espera agotado para esta solicitud.
 28     *        *        *     Tiempo de espera agotado para esta solicitud.
 29     *        *        *     Tiempo de espera agotado para esta solicitud.
 30     *        *        *     Tiempo de espera agotado para esta solicitud.

Traza completa.

Thanks for your help!
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Solaris 10: How to just open a port - nothing else

Hi there, I tried just open a port but I failed ;-( # telnet localhost 9876 That should work so I did ... # vi /etc/services myport 9876/tcp # my port # svcadm restart inetd -> New pid, see ps - ef | grep inet # netstat -an | grep 9876 No port 9876 is waiting ;( #... (4 Replies)
Discussion started by: System
4 Replies

2. HP-UX

How to open 443 port in HP-UX?

Hello Experts, I want to open the port 443 on my HP-UX system. can you please help ? Thanks in advance. (1 Reply)
Discussion started by: purushottamaher
1 Replies

3. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

4. Solaris

Is it possible to install Solaris softwares on Open Solaris or Open Indiana?

Hi there, I'm sorry in advance if my question seems stupid, but I can't figure out myself. I was wondering. Is it possible to install a Solaris program on an Open Solaris or Open Indiana operating system? After searching the web for a long time, it seems that Open Solaris was released by... (7 Replies)
Discussion started by: firstpost
7 Replies

5. Solaris

Open port on Solaris 10

Hi All, I am installing Infosphere (ETL tool) on solaris 10. One of the requirement is to open multiple ports for different apps that will be installed. I ran netstat -n | grep 9080 (,etc) but that did not return anything. I have attached the requirement. Can anyone guide me about how to... (3 Replies)
Discussion started by: sumeet
3 Replies

6. Solaris

Unable to open 3966 port in solaris

Unable to open 3966 port for buildforge in Solaris 10, anyone pls help me how to open the 3966 port in solaris. Thanks in Advance (1 Reply)
Discussion started by: durgaprasadr13
1 Replies

7. IP Networking

Unknown open port: "6881/tcp open bittorrent-tracker" found with nmap

Hi. I ran nmap on my server, and I get the following: Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-19 16:33 EDT Interesting ports on -------- (-----): Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 6881/tcp open bittorrent-tracker The... (0 Replies)
Discussion started by: Rledley
0 Replies

8. Linux

open port

How can I open a port on linux machine ??? (5 Replies)
Discussion started by: mm00123
5 Replies

9. Solaris

Solaris 8 to many open port

hi all, My OS is solaris 8 with core system installation only. so far everything works fine. by i do some testing from my xp pc as client to nmap and scan opening port to my solaris. the result as below: Initiating SYN Stealth Scan against 10.10.10.10 at 16:25 Discovered open port 21/tcp on... (3 Replies)
Discussion started by: hezry79
3 Replies
Login or Register to Ask a Question