problem to open port 465

Issues related to configuring your network
Post Reply
lnxlnr
Posts: 4
Joined: 2018/02/07 07:07:03

problem to open port 465

Post by lnxlnr » 2018/02/08 13:31:33

Hi everybody

I need to open the smtp port 465 in centos 6.9 as output port to send recovery email of my wp website.
The below image is the setting of the Iptables.

iptables.jpg
iptables.jpg (75.34 KiB) Viewed 1361 times
Also in CSF, I have defined port 465 as the white tcp port.

but when I use command sudo lsof -i :465 -n -P , I recieve no feedbak !
Also I tried telnet mywebsite.com 460 but it seems the port is closed yet!

Can you tell me what is wrong with my setting?
Any help is appreciated.

User avatar
TrevorH
Forum Moderator
Posts: 23847
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: problem to open port 465

Post by TrevorH » 2018/02/08 14:37:13

Your firewall rules at the present time do absolutely nothing at all. Your system is wide open to anyone who cares to connect to it. The default policy on INPUT, FORWARD and OUTPUT chains is set to ACCEPT on all of them and there is no rule to reject traffic so everything is allowed.

You're also using CSF which is something we don't support and since it manages the very rules you're trying to "fix", you need to ask your questions of them.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

lnxlnr
Posts: 4
Joined: 2018/02/07 07:07:03

Re: problem to open port 465

Post by lnxlnr » 2018/02/08 15:01:37

Thanks for your promp reply.

As you said the iptables is wide open. I turned off the CSF. But the port is closed yet!

I asked the DC technicians about the port status and they said it is open on their firewall.

But I believe the problem is with their firewall. Is there any command to check (from the server side toward outside that) which network devive bans the port traffic?

Thanks again

User avatar
TrevorH
Forum Moderator
Posts: 23847
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: problem to open port 465

Post by TrevorH » 2018/02/08 15:18:24

Running telnet can be a valuable debugging tool - e.g. `telnet 1.2.3.4 465`
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

MartinR
Posts: 346
Joined: 2015/05/11 07:53:27
Location: UK

Re: problem to open port 465

Post by MartinR » 2018/02/08 15:35:36

There's also nmap (and nmap-frontend which gives you zenmap) in the base distros. Be careful though, running a portmapper can get you into trouble if you don't have the authority to do so on the network.

lnxlnr
Posts: 4
Joined: 2018/02/07 07:07:03

Re: problem to open port 465

Post by lnxlnr » 2018/02/08 16:03:53

MartinR wrote:There's also nmap (and nmap-frontend which gives you zenmap) in the base distros. Be careful though, running a portmapper can get you into trouble if you don't have the authority to do so on the network.
Thanks

I used command nmap -sA X.X.X.X it shows that all the scanned ports of the server are unfilterd ; so I can say the problem is with the DC network and not with the server !

Whoever
Posts: 1033
Joined: 2013/09/06 03:12:10

Re: problem to open port 465

Post by Whoever » 2018/02/09 03:33:30

lnxlnr wrote:Hi everybody

I need to open the smtp port 465 in centos 6.9 as output port to send recovery email of my wp website.
The below image is the setting of the Iptables.
Are you trying to send email from your server, or receive it at your server?

If trying to receive, are you sure that you have a process that is listening on port 465?

Since you have installed CSF in the past, instead of showing the contents of the file, use the command:

Code: Select all

/sbin/iptables --list -n 
to see what rules are actually in effect.

lnxlnr
Posts: 4
Joined: 2018/02/07 07:07:03

Re: problem to open port 465

Post by lnxlnr » 2018/02/09 08:18:30

Dear @Whoever

Thanks for your reply.

CSF and SELinux are disabled.

I am going to send email from the server.
The below image shows the result of running your suggested command:
iptabls2.JPG
iptabls2.JPG (12.12 KiB) Viewed 1299 times

Should I flush the CSF?

User avatar
TrevorH
Forum Moderator
Posts: 23847
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: problem to open port 465

Post by TrevorH » 2018/02/09 09:50:26

You have an iptables rule that allows port 465 *inbound* to your server. But since all your default policies are "ACCEPT" all rules are useless and ignored. Your problem is not firewall related - at least not the CentOS firewall. Check external factors (firewalls etc).
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Whoever
Posts: 1033
Joined: 2013/09/06 03:12:10

Re: problem to open port 465

Post by Whoever » 2018/02/09 15:34:16

Install tcptraceroute (note, this is NOT traceroute) and use it to discover where the packets are being rejected.

Post Reply