 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 23 Jul 2013 14:05:18 -0700 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On a client:
[root@ahprc4 ykarant]# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1977/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN 2664/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 2302/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 2133/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 2418/master
tcp 0 0 0.0.0.0:42309 0.0.0.0:*
LISTEN 1995/rpc.statd
tcp 0 0 :::111 :::*
LISTEN 1977/rpcbind
tcp 0 0 :::22 :::*
LISTEN 2302/sshd
tcp 0 0 ::1:631 :::*
LISTEN 2133/cupsd
tcp 0 0 ::1:25 :::*
LISTEN 2418/master
tcp 0 0 :::51942 :::*
LISTEN 1995/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:*
1977/rpcbind
udp 0 0 0.0.0.0:880 0.0.0.0:*
1977/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:*
2133/cupsd
udp 0 0 192.168.122.1:123 0.0.0.0:*
2318/ntpd
udp 0 0 139.182.137.204:123 0.0.0.0:*
2318/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
2318/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
2318/ntpd
udp 0 0 0.0.0.0:899 0.0.0.0:*
1995/rpc.statd
udp 0 0 192.168.122.1:53 0.0.0.0:*
2664/dnsmasq
udp 0 0 0.0.0.0:37439 0.0.0.0:*
2110/avahi-daemon
udp 0 0 0.0.0.0:67 0.0.0.0:*
2664/dnsmasq
udp 0 0 0.0.0.0:52200 0.0.0.0:*
1995/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:*
2110/avahi-daemon
udp 0 0 :::111 :::*
1977/rpcbind
udp 0 0 :::880 :::*
1977/rpcbind
udp 0 0 fe80::6e62:6dff:fe61:55f:123 :::*
2318/ntpd
udp 0 0 ::1:123 :::*
2318/ntpd
udp 0 0 :::123 :::*
2318/ntpd
udp 0 0 :::56450 :::*
1995/rpc.statd
On the CFEngine server:
[root@antares cfengine]# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1545/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:*
LISTEN 2323/perl
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN 2278/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1853/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 1694/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 2044/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:*
LISTEN 2871/sshd
tcp 0 0 0.0.0.0:5308 0.0.0.0:*
LISTEN 4468/cf-serverd
tcp 0 0 0.0.0.0:42755 0.0.0.0:*
LISTEN 1563/rpc.statd
tcp 0 0 127.0.0.1:27017 0.0.0.0:*
LISTEN 1952/mongod
tcp 0 0 :::52431 :::*
LISTEN 1563/rpc.statd
tcp 0 0 :::111 :::*
LISTEN 1545/rpcbind
tcp 0 0 :::80 :::*
LISTEN 1964/httpd
tcp 0 0 :::22 :::*
LISTEN 1853/sshd
tcp 0 0 ::1:631 :::*
LISTEN 1694/cupsd
tcp 0 0 ::1:25 :::*
LISTEN 2044/master
tcp 0 0 ::1:6010 :::*
LISTEN 2871/sshd
udp 0 0 0.0.0.0:111 0.0.0.0:*
1545/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:*
1694/cupsd
udp 0 0 192.168.122.1:123 0.0.0.0:*
1870/ntpd
udp 0 0 139.182.137.200:123 0.0.0.0:*
1870/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
1870/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
1870/ntpd
udp 0 0 0.0.0.0:891 0.0.0.0:*
1563/rpc.statd
udp 0 0 0.0.0.0:10000 0.0.0.0:*
2323/perl
udp 0 0 0.0.0.0:41255 0.0.0.0:*
1671/avahi-daemon
udp 0 0 192.168.122.1:53 0.0.0.0:*
2278/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:*
2278/dnsmasq
udp 0 0 0.0.0.0:54246 0.0.0.0:*
1563/rpc.statd
udp 0 0 0.0.0.0:872 0.0.0.0:*
1545/rpcbind
udp 0 0 0.0.0.0:5353 0.0.0.0:*
1671/avahi-daemon
udp 0 0 :::111 :::*
1545/rpcbind
udp 0 0 fe80::21a:a0ff:fee6:cc97:123 :::*
1870/ntpd
udp 0 0 ::1:123 :::*
1870/ntpd
udp 0 0 :::123 :::*
1870/ntpd
udp 0 0 :::35493 :::*
1563/rpc.statd
udp 0 0 :::872 :::*
1545/rpcbind
On 07/23/2013 01:06 PM, Eero Volotinen wrote:
> What is output of netstat -tupln with root account?
>
> Looks like daemon is not started or listening the port? Selinux?
> Configuration failure?
>
> Eero
>
> On Tuesday, July 23, 2013, Yasha Karant wrote:
>
> We are forced to use a university firewall service that disables
> almost all port below 1024 but supposedly has higher ports, e.g.,
> 5308, open. As a test of this, I installed telnet and did the usual:
>
> telnet 127.0.0.1 5308
> Trying 127.0.0.1...
> telnet: connect to address 127.0.0.1 <http://127.0.0.1>: Connection
> refused
>
> as a quick test with a clear failure. Although I have disabled our
> local firewall on the SL6x machine, I found a recommendation for
> (obviously, as root):
>
> iptables -A INPUT -m state --state NEW -p tcp --dport 5308 -j ACCEPT
>
> followed by
>
> [root@ahprc4 ykarant]# service iptables restart
> iptables: Flushing firewall rules: [ OK ]
> iptables: Setting chains to policy ACCEPT: filter [ OK ]
> iptables: Unloading modules: [ OK ]
> [root@ahprc4 ykarant]# iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere state
> NEW tcp dpt:cfengine
>
> Chain FORWARD (policy ACCEPT)[root@ahprc4 ykarant]# iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere state
> NEW tcp dpt:cfengine
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> but had the same telnet problem.
>
> Port 5308 is the default for the version of CFEngine we are
> attempting to use.
>
> Note that by using local host (127.0.0.1) (loopback), I should be
> avoiding any external firewall issues that apply to the 802.3
> connection.
>
> Obviously, something is misconfigured. Suggestions?
>
> Yasha Karant
>
|
|
|
