Socket connection to port fails despite port open / listening !

Socket connection to port fails despite port open / listening !

Post by Jack » Fri, 21 Dec 2007 01:33:01



Hi all,

I have opened port 5129 on 2 linux machines (CENTOS) and they are
listening - 1 machine accepts socket connections from a third windows
machine (all on same network) and the 1 doesnt !!  What can I check ?

1- I ran this to verify ports:
open(PRTCP,'/proc/net/tcp');while(<PRTCP>){
chomp;next if/^\s*$/;s/^\s*//;s/\s*$//;next

$p[1]}=$_[7];}foreach(sort{$a<=>$b}keys%h){
print$_,"\t",[getpwuid($h{$_})]->[0],"\n"};

RESULT: 5129 jack

2- "netstat -tap" shows its listening :
tcp        0      0 *:51295
*:*                         LIST
EN      7379/jacksprogram

3- iptables:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -
j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5129
-j ACCEPT
COMMIT

 
 
 

Socket connection to port fails despite port open / listening !

Post by Jack » Fri, 21 Dec 2007 01:35:32



> Hi all,

> I have opened port 5129 on 2 linux machines (CENTOS) and they are
> listening - 1 machine accepts socket connections from a third windows
> machine (all on same network) and the 1 doesnt !!  What can I check ?

> 1- I ran this to verify ports:
> open(PRTCP,'/proc/net/tcp');while(<PRTCP>){
> chomp;next if/^\s*$/;s/^\s*//;s/\s*$//;next

> $p[1]}=$_[7];}foreach(sort{$a<=>$b}keys%h){
> print$_,"\t",[getpwuid($h{$_})]->[0],"\n"};

> RESULT: 5129 jack

> 2- "netstat -tap" shows its listening :
> tcp        0      0 *:51295
> *:*                         LIST
> EN      7379/jacksprogram

> 3- iptables:
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -
> j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5129
> -j ACCEPT
> COMMIT

typocorrection to above, its port 5129, not 51295 - What else can I
check ? A firewall config ? Something blocking TCP packets ?  :
2- "netstat -tap" shows its listening :
tcp        0      0 *:5129
*:*                         LIST
EN      7379/jacksprogram

 
 
 

Socket connection to port fails despite port open / listening !

Post by Pascal Hambour » Fri, 21 Dec 2007 01:46:31


Hello,

Jack a crit :

Quote:

> I have opened port 5129 on 2 linux machines (CENTOS) and they are
> listening - 1 machine accepts socket connections from a third windows
> machine (all on same network) and the 1 doesnt !!  What can I check ?
[...]
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5129
> -j ACCEPT

The rule that accepts TCP connections on port 5129 is after the rule
that rejects everything, so it is useless.