I need to open a port in linux to allow a connect() from another box to succeed. I have the linux box listening on port 3000 on INADDR_ANY, and a Windows box does a connect to the IP of the linux box on that same port. The Linux box refuses the connection. I think it's because all the ports are closed except for the well-known ones. I want to open just port 3000 but I can't figure out how to do it. I don't want to associate any service or executable with the connection.
Are you asking how to open a hole in the firewall? If so, what version of the kernel are you running?
Yes. I want to poke a hole in the firewall.
BTW, I don't think it's running any firewall daemon. At least I don't recall setting one up.
It's Kernel 2.4 (Redhat 7.2).
Thx.
What process is listening on your port 3000?
My app. is listening. I create the socket, do the bind, listen, select, then accept when the select passes to set up the connection. These are stream-type TCP sockets. The code works fine locally, if I have the client and server on the same Windows machine. I haven't compiled the client on the Linux box yet.
Redhat 7.2 sets up an iptables-based firewall for you automatically during installation. To open a tcp port use something like:
iptables -A INPUT -s <source-ip/wildcard> -p tcp -m tcp --dport <port-number> -j ACCEPT
See the official HOWTo from one of the iptables authors here: http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
See also: the iptables man page.
RedHat also comes with a GUI firewall configuration tool I believe.
I ported and compiled my client so they both ran on the Linux box, and I got the same error from connect() "ECONNREFUSED." I've also added an entry to /etc/services for my app and protocol/port and added a rule using ipchains. I also tried using both 127.0.0.1 and my LAN addr of the box 192.168.0.2 with the same result.
I posted my last post before I read the previous reply. I tried using iptables, and it seems to be not working on this box. I get an error message:
"...ip_tables.o: init_module: Device or resource busy" and that insmod failed on ip_tables.o. Note that ping, ssh, telnet and ftp connectoins are all accepted and work fine.
This followup might be useful for others who might be moving existing code from Windows. The IP ports issues were the least of my problems. I was porting this code from Windows. Win32 ignores the first parameter of the select() system call. I had n=1. In Linux that must be the *value* of the highest socket descriptor +1, *not* the number of sockets to be tested, or select will not return. Typically, that value would be reassigned anytime a new socket descriptor is allocated. That assumes that the system will allocate always-increasing socket descriptor values. I stuck INT_MAX in there and it works fine. It probably causes a little extra processing to traverse every possible socket descriptor value in the fd_sets, but it simplifies the code.
Thanks for the help.
Now what Language did you write this Socket w/ {PERL , C++ , etc};
Is the Program really listening? - use netstat.
What protocol is the program using - TCP , UDP?
See is you can telnet the port and get a possible socket hang - that indicates that something is listening.
Test locally on the running server before remotely /!\.