On a client:
[root@ahprc4 ykarant]# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1977/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN 2664/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 2302/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 2133/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 2418/master
tcp 0 0 0.0.0.0:42309 0.0.0.0:*
LISTEN 1995/rpc.statd
tcp 0 0 :::111 :::*
LISTEN 1977/rpcbind
tcp 0 0 :::22 :::*
LISTEN 2302/sshd
tcp 0 0 ::1:631 :::*
LISTEN 2133/cupsd
tcp 0 0 ::1:25 :::*
LISTEN 2418/master
tcp 0 0 :::51942 :::*
LISTEN 1995/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:*
1977/rpcbind
udp 0 0 0.0.0.0:880 0.0.0.0:*
1977/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:*
2133/cupsd
udp 0 0 192.168.122.1:123 0.0.0.0:*
2318/ntpd
udp 0 0 139.182.137.204:123 0.0.0.0:*
2318/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
2318/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
2318/ntpd
udp 0 0 0.0.0.0:899 0.0.0.0:*
1995/rpc.statd
udp 0 0 192.168.122.1:53 0.0.0.0:*
2664/dnsmasq
udp 0 0 0.0.0.0:37439 0.0.0.0:*
2110/avahi-daemon
udp 0 0 0.0.0.0:67 0.0.0.0:*
2664/dnsmasq
udp 0 0 0.0.0.0:52200 0.0.0.0:*
1995/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:*
2110/avahi-daemon
udp 0 0 :::111 :::*
1977/rpcbind
udp 0 0 :::880 :::*
1977/rpcbind
udp 0 0 fe80::6e62:6dff:fe61:55f:123 :::*
2318/ntpd
udp 0 0 ::1:123 :::*
2318/ntpd
udp 0 0 :::123 :::*
2318/ntpd
udp 0 0 :::56450 :::*
1995/rpc.statd
On the CFEngine server:
[root@antares cfengine]# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1545/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:*
LISTEN 2323/perl
tcp 0 0 192.168.122.1:53 0.0.0.0:*
LISTEN 2278/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1853/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 1694/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 2044/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:*
LISTEN 2871/sshd
tcp 0 0 0.0.0.0:5308 0.0.0.0:*
LISTEN 4468/cf-serverd
tcp 0 0 0.0.0.0:42755 0.0.0.0:*
LISTEN 1563/rpc.statd
tcp 0 0 127.0.0.1:27017 0.0.0.0:*
LISTEN 1952/mongod
tcp 0 0 :::52431 :::*
LISTEN 1563/rpc.statd
tcp 0 0 :::111 :::*
LISTEN 1545/rpcbind
tcp 0 0 :::80 :::*
LISTEN 1964/httpd
tcp 0 0 :::22 :::*
LISTEN 1853/sshd
tcp 0 0 ::1:631 :::*
LISTEN 1694/cupsd
tcp 0 0 ::1:25 :::*
LISTEN 2044/master
tcp 0 0 ::1:6010 :::*
LISTEN 2871/sshd
udp 0 0 0.0.0.0:111 0.0.0.0:*
1545/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:*
1694/cupsd
udp 0 0 192.168.122.1:123 0.0.0.0:*
1870/ntpd
udp 0 0 139.182.137.200:123 0.0.0.0:*
1870/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
1870/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
1870/ntpd
udp 0 0 0.0.0.0:891 0.0.0.0:*
1563/rpc.statd
udp 0 0 0.0.0.0:10000 0.0.0.0:*
2323/perl
udp 0 0 0.0.0.0:41255 0.0.0.0:*
1671/avahi-daemon
udp 0 0 192.168.122.1:53 0.0.0.0:*
2278/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:*
2278/dnsmasq
udp 0 0 0.0.0.0:54246 0.0.0.0:*
1563/rpc.statd
udp 0 0 0.0.0.0:872 0.0.0.0:*
1545/rpcbind
udp 0 0 0.0.0.0:5353 0.0.0.0:*
1671/avahi-daemon
udp 0 0 :::111 :::*
1545/rpcbind
udp 0 0 fe80::21a:a0ff:fee6:cc97:123 :::*
1870/ntpd
udp 0 0 ::1:123 :::*
1870/ntpd
udp 0 0 :::123 :::*
1870/ntpd
udp 0 0 :::35493 :::*
1563/rpc.statd
udp 0 0 :::872 :::*
1545/rpcbind
On 07/23/2013 01:06 PM, Eero Volotinen wrote:
What is output of netstat -tupln with root account?
Looks like daemon is not started or listening the port? Selinux?
Configuration failure?
Eero
On Tuesday, July 23, 2013, Yasha Karant wrote:
We are forced to use a university firewall service that disables
almost all port below 1024 but supposedly has higher ports, e.g.,
5308, open. As a test of this, I installed telnet and did the usual:
telnet 127.0.0.1 5308
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1 <http://127.0.0.1>: Connection
refused
as a quick test with a clear failure. Although I have disabled our
local firewall on the SL6x machine, I found a recommendation for
(obviously, as root):
iptables -A INPUT -m state --state NEW -p tcp --dport 5308 -j ACCEPT
followed by
[root@ahprc4 ykarant]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@ahprc4 ykarant]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:cfengine
Chain FORWARD (policy ACCEPT)[root@ahprc4 ykarant]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:cfengine
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but had the same telnet problem.
Port 5308 is the default for the version of CFEngine we are
attempting to use.
Note that by using local host (127.0.0.1) (loopback), I should be
avoiding any external firewall issues that apply to the 802.3
connection.
Obviously, something is misconfigured. Suggestions?
Yasha Karant
