I am trying to set up a dev environment and I have Ubuntu server (10.16.1.92) and a CentOS VM (10.16.3.235) on this. On the CentOS I have a program running on port 5433. Now my problem is that I am unable to telnet this port from another Windows server whereas I can telnet port 22 from Windows.
How can I enable port 5433 to be telnet(ed) from windows?
I am a developer and dont have much knowledge about resolving this issue.
I am giving below o/p of commands from CentOS VM:
[root@localhost ~]# netstat -apnt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1745/sshd
tcp 0 0 0.0.0.0:5433 0.0.0.0:* LISTEN 2354/vertica
tcp 0 0 :::5433 :::* LISTEN 2354/vertica
[root@localhost ~]# nmap -v -sV 10.16.3.235 -p 5433
..short o/p..
PORT STATE SERVICE VERSION
5433/tcp open pyrrho?
[root@localhost ~]# ss -aln
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 128 :::22 :::*
0 128 *:22 *:*
0 128 :::5433 :::*
0 128 *:5433 *:*
Probably the iptables firewall. You have to add a rule for port 5433 (port 22 is open in the default configuration).
First have a look at the file /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 19102 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Now find a nice spot somewhere in between the existing accept rules
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5433 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 19102 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
thanks @hergp will do the same and post the result.
@RudiC: I am not getting any error in Unix/CentOS side (and my application is also running fine on this box) but when i try to telnet port 5433 on this machine from a Windows box I am getting "Connection Refused" error.
btw, port 22 is ssh - telnet connects on port 23.
I'm surprised you can telnet to port 22 - I'd expect a "connection refused" (or similar) here as well. In your netstat listing you have the program "vertica" listening on port 5433. Are you sure it accepts telnet connections?
Did you try a telnet localhost 5433 on the unix side?
thanks a ton @hergp adding the lines and restarting the iptables resolved the issue @RudiC: now I am able to telnet 5433 from localhost as well as Windows machine.
Thanks a lot guys
