Can't open ports

Support for security such as Firewalls and securing linux
Post Reply
SirFlocki
Posts: 2
Joined: 2017/11/25 22:34:22

Can't open ports

Post by SirFlocki » 2017/11/26 19:05:42

Hello!

I'm trying to open ports on my server by using the following commands:

Code: Select all

firewall-cmd --zone=public --add-port=800/tcp --permanent
systemctl restart firewalld
Now the port seems to be open as I can see here:

Code: Select all

firewall-cmd --zone=public --list-all

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports: 900/tcp 800/tcp 1957/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="123.249.24.199" reject
        rule family="ipv4" source address="221.203.98.52" reject
        rule family="ipv4" source address="58.242.83.37" reject
        rule family="ipv4" source address="64.237.85.97" reject
However, if I use some online port checker every port I try is closed, except for one (1957).
I changed the default ssh port to 1957 to prevent bot attacks on port 22, if that information helps. I also tried to switch the ssh port to an other one. Then the new port is open, but the old one is closed, even if I can still see it open in the firewall.

I really don't know what to do anymore, and searching the web hasn't brought me any success yet. Can anyone who is a bit more experienced than me please tell me where the problem is?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't open ports

Post by TrevorH » 2017/11/26 19:51:07

For a port scanner to detect a port open, it not only needs a rule in iptables to allow it through but it also needs a application to be listening on that port behind the firewall.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

SirFlocki
Posts: 2
Joined: 2017/11/25 22:34:22

Re: Can't open ports

Post by SirFlocki » 2017/11/27 17:57:56

Well, I guess I misunderstood that then. I thought that I was missing something.
Thanks for your help!

emmatshahwa
Posts: 5
Joined: 2017/12/19 12:14:50

Re: Can't open ports

Post by emmatshahwa » 2017/12/19 12:47:26

Hi guys,

I did not understand anything. I have the same problem.
Practically, what is the solution ?

Thanks to reply

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't open ports

Post by TrevorH » 2017/12/19 12:53:48

Two things need to happen:

firewall ports need to be open
an application needs to be listening on those ports behind the firewall
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

emmatshahwa
Posts: 5
Joined: 2017/12/19 12:14:50

Re: Can't open ports

Post by emmatshahwa » 2017/12/19 13:12:38

Thanks TrevorH

Port is open
"firewall-cmd --add-port=3456/tcp --permanent
firewall-cmd --reload

My application is squid. It should listen to 3456 port as configured.
The connection still refused.

I try to telnet: telnet X.X.X.X. 3456
The output is "connection refused"

selinux : disabled

Secondly I try to switch off firewall with the commands "systemctl stop firewalld" and "systemctl disable firewalld"
Telnet still returns "connection refused"

May I forgot something ?

Please help !

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't open ports

Post by TrevorH » 2017/12/19 13:21:55

My application is squid. It should listen to 3456 port as configured.
The connection still refused.
Use something like ss -antup | grep squid as root to see if it's listening at all and on the right ip address if it is (127.0.0.1 is _not_ the right address).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

emmatshahwa
Posts: 5
Joined: 2017/12/19 12:14:50

Re: Can't open ports

Post by emmatshahwa » 2017/12/19 13:44:03

Here are all output

[root@proxycentos squid]# netstat -antup | grep squid
[root@proxycentos squid]#

[root@proxycentos squid]# cat /usr/lib/firewalld/services/squid.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>squid</short>
<description>Squid HTTP proxy server</description>
<port protocol="tcp" port="3141"/>
</service>

[root@proxycentos squid]# firewall-cmd --list-ports
3141/tcp 3128/tcp 53/tcp

[root@proxycentos squid]# firewall-cmd --list-services
dhcpv6-client ssh squid

[root@proxycentos squid]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens32
sources:
services: dhcpv6-client ssh squid
ports: 3141/tcp 3128/tcp 53/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Please advise !

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can't open ports

Post by TrevorH » 2017/12/19 14:06:55

[root@proxycentos squid]# netstat -antup | grep squid
[root@proxycentos squid]#
Your squid isn't listening at all. Check the logs for errors and fix them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

emmatshahwa
Posts: 5
Joined: 2017/12/19 12:14:50

Re: Can't open ports

Post by emmatshahwa » 2017/12/19 14:21:05

Thank you
Now everything is running.

The log messages help

Post Reply