Find the answer to your Linux question:
Results 1 to 7 of 7
I am trying to setup a new dispatch system on a RHEL 5 server. I have a "basic" understanding of Linux but have been away from it for a few ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    2

    RHEL 5 - Opening ports


    I am trying to setup a new dispatch system on a RHEL 5 server. I have a "basic" understanding of Linux but have been away from it for a few years.

    The issue I am having is the program support people are telling me to open ports 9649-9750 for the dispatch app's features to use. This is what I have done:



    I went into Start > Administration > Security Level and Firewall

    At the bottom of the window that opens is a drop-down called "Other Ports"

    I clicked "+ Add" and entered 9649-9750 tcp and clicked "Apply"

    Apparently this was not successful as the new application failed on an error related to port 9650.

    I repeated the above but instead of "9649-9750" I entered "9650" thinking perhaps the way I had entered the range was invalid.

    Same error.



    What should I be doing to open these ports? Is SELinux involved in my issue? Is there some basic setting that I have simply overlooked?

    Any help would be greatly appreciated. Oh I feel like a noob all over again...

  2. #2
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    You can use IPtables to open and close ports. You should google a manual for iptables to find out how to do it but the basic structure would be something like:
    Code:
    #iptables -A INPUT -p tcp --dport 9649:9750 -j ACCEPT
    You can also write a bash script to do this for you in case you don't feel like constantly opening and closing ports.

    To verify which ports are open, run:
    Code:
    $nmap localhost
    EDIT: I just read that iptables will only accept port ranges up to 15 so you'll have to break the command up and spread it out over a few separate commands.

  3. #3
    Just Joined!
    Join Date
    Nov 2007
    Posts
    2
    Thanks for the info. I found a loooong guide here: http://iptables-tutorial.frozentux.n...-tutorial.html .

    I tried using your:

    Code:
     #iptables -A INPUT -p tcp --dport 9649:9660 -j ACCEPT
    I edited it for a smaller range hoping it would save me a ton of eyeball abuse reading the above guide. It seemed to accept it but running:

    Code:
    $nmap localmachine
    resulted in:

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2007-11-02 11:24 PDT
    Interesting ports on localhost.localdomain (127.0.0.1):
    Not shown: 1674 closed ports
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    25/tcp open smtp
    111/tcp open rpcbind
    631/tcp open ipp
    1022/tcp open unknown

    Nmap finished: 1 IP address (1 host up) scanned in 0.155 seconds


    I then tried:

    Code:
    $nmap -p 9600-9700 localhost
    To make sure it was scanning the full port range but I got:

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2007-11-02 11:26 PDT
    All 101 scanned ports on localhost.localdomain (127.0.0.1) are closed

    Nmap finished: 1 IP address (1 host up) scanned in 0.041 seconds



    So I am back to reading more to try and figure out my issues but I greatly appreciate the direction.


    Thanks.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by Thrillhouse
    I just read that iptables will only accept port ranges up to 15
    That doesn't appear to be true on my CentOS 5 box.

    Code:
    [root@fugu ~]# hostname 
    fugu.someplace.local
    
    [root@fugu ~]# iptables -I INPUT 2 -m state --state NEW -p tcp --dport 9649:9750 -j ACCEPT
    
    [root@fugu ~]# iptables -nvL
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
      487  457K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:9649:9750 
    ...
    6181  912K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0 
    ...
    Code:
    [hector ~]$ nmap -P0 -T4 fugu -p 9649-9750
    
    Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-02 13:32 CDT
    All 102 scanned ports on fugu.someplace.local (10.0.0.230) are closed
    Note they're showing as closed (not filtered). If the range hadn't worked, they'd be filtered.

  6. #5
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    See, I am not an expert on this but you're on the right track and yes, SELinux could definitely be prohibiting you in some way. Check /etc/selinux/config and see what the SELINUX variable is set to.

  7. #6
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by BenF
    So I am back to reading more to try and figure out my issues but I greatly appreciate the direction.
    Run the nmap scan from another box on the same network. Note that the ports will not appear as open unless you acutally have services listening on them.

  8. #7
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    Quote Originally Posted by anomie View Post
    That doesn't appear to be true on my CentOS 5 box.
    Hmm...that's interesting. This is where I read that.
    Up to 15 ports can be specified. It can only be used in conjunction with -p tcp or -p udp.
    EDIT: I just checked and it looks like that page was last updated in 2000 so maybe the newer versions support larger port ranges...And maybe it's time for me to get a new go-to site for iptables.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •