how to open port in linux

justbow · September 23, 2011, 5:28am

hi experts,

I'm using Linux Centos kernel 2.6
Here is the print out of some my port :

tcp        0      0 127.0.0.1:10080             0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:10081             0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:10082             0.0.0.0:*                   LISTEN      
tcp        0      0 ::1:10080                   :::*                        LISTEN      
tcp        0      0 ::1:10081                   :::*                        LISTEN      
tcp        0      0 ::1:10082                   :::*                        LISTEN

Actually i want the port can be access from the other machine. I try to configure the iptables below : but still have failed when implemented :

[root@localhost ~]# cat /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10079 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10081 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10082 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10083 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10084 -j ACCEPT
-A RH-Firewall-1-INPUT -m state .state NEW -m tcp -p tcp --dport 10089 -j ACCEPT

[root@localhost ~]# /etc/init.d/iptables restart
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: mangle filter nat [  OK  ]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed
[FAILED]

I'm trying to access the port from other machine still failed.

[~]$ telnet 74.82.162.xx 10080
Trying 74.82.162.xx...

telnet: Unable to connect to remote host: Connection timed out

Anybody can help me?
Thanks.

pludi · September 23, 2011, 6:02am

Problem #1: your rules are incorrect, and the init-script even tells you that if you care to read the output.

Problem #2: whatever service you're running on port 10080, it's only listening to the loopback addresses 127.0.0.1 and ::1, and thus can't ever be reached from any other machine, no matter what you change in your firewall rules.

admin_xor · September 23, 2011, 7:31pm

What are you running on port 10080?

You need to check the service that's opening port 10080. It should listen on your outgoing IP (IP address of the interface that's connected to other machines) which is not happening according to the netstat result. That's because iptables is not loading correctly.

The iptable rules that you have mentioned have syntax error. It should be

-m state --state NEW

First flush the rules:

iptables -F

Then, correct the syntax and reload iptables.

If you have nmap installed, you can run a check on the opened ports both from the local machine and from the client machine to see if the port has opened up successfully or not.

You can get the same result by running the following commands on the server:

lsof -i -n -P

or

netstat -tulpn

Let us know if this helps.

justbow · September 29, 2011, 3:35am

Hello again experts,

Actually that one is from vps, i do http port forwarding to my vps via ssh.

Code : lsof -i -n -P

COMMAND     PID     USER   FD   TYPE    DEVICE SIZE NODE NAME
sshd      32362  root    3u  IPv6 672415055       TCP 74.82.162.xx:22->129.192.196.xx:35465 (ESTABLISHED)
sshd      32362  root    8u  IPv4 672415599       TCP 127.0.0.1:10080 (LISTEN)
sshd      32362  root    9u  IPv6 672415600       TCP [::1]:10080 (LISTEN)
sshd      32362  root   10u  IPv4 672415670       TCP 127.0.0.1:10081 (LISTEN)
sshd      32362  root   11u  IPv6 672415671       TCP [::1]:10081 (LISTEN)
sshd      32362  root   12u  IPv4 672415675       TCP 127.0.0.1:10082 (LISTEN)
sshd      32362  root   13u  IPv6 672415676       TCP [::1]:10082 (LISTEN)
sshd      32362  root   14u  IPv4 672415680       TCP 127.0.0.1:8080 (LISTEN)
sshd      32362  root   15u  IPv6 672415681       TCP [::1]:8080 (LISTEN)

Code : netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   

tcp        0      0 127.0.0.1:10080             0.0.0.0:*                   LISTEN      32362/1              
tcp        0      0 127.0.0.1:10081             0.0.0.0:*                   LISTEN      32362/1             
tcp        0      0 127.0.0.1:10082             0.0.0.0:*                   LISTEN      32362/1             
tcp        0      0 :::22                       :::*                        LISTEN      23687/sshd          
tcp        0      0 ::1:10080                   :::*                        LISTEN      32362/1             
tcp        0      0 ::1:10081                   :::*                        LISTEN      32362/1             
tcp        0      0 ::1:10082                   :::*                        LISTEN      32362/1

I have edit the iptables :

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10081 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10082 -j ACCEPT

but still failed when apply the configuration.

If the case like this. Is there any possibility to open the port. so the port accessable from other server?

Thanks.

pludi · September 29, 2011, 4:15am

Ok, without focusing on iptables too much, lets first clear up what you want to do. HTTP forwarding via SSH? How exactly? Do you run your SSH client with dynamic forwarding?