• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3792
  • Last Modified:

how to check open port in linux

how can i check if port 514 is open and listening in CentOS
0
ammadeyy2020
Asked:
ammadeyy2020
  • 13
  • 11
  • 2
  • +3
1 Solution
 
http:// thevpn.guruCommented:
netstat -an | grep 514

to check if listening

print

iptables -nL

to check if open

you can also try telnet yourserver 514
from the internet to check if a tcp port is open
0
 
fosiul01Commented:
Hello BoSS "shakoush2001!!!

do what shakoush2001 said, on top of that

telnet your pc ip  514

if it does telnet that mean its opend if not then its not opended
0
 
fosiul01Commented:
sorry about telnet solution, Shakoush2001 already  mentioned that


just little bit add

cat /etc/services | grep xxx (xxx = port number)

lsof -i -n -P|grep 631

ref :http://www.planetmy.com/blog/how-to-check-which-port-is-listern-or-open-on-linux/
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
ammadeyy2020Author Commented:
telnet, it says cannot connect

login as: root
root@192.168.10.10's password:
Last login: Thu Feb 12 13:54:35 2009 from 192.168.100.80
[root@gateway ~]# netstat -an | grep 514
tcp        0      0 127.0.0.1:39357             127.0.0.1:51413             ESTABLISHED
tcp        0      0 127.0.0.1:51413             127.0.0.1:39357             ESTABLISHED
[root@gateway ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x12/0x12 state NEW reject-with tcp-reset
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
DROP       all  --  127.0.0.0/8          0.0.0.0/0
DROP       all  --  169.254.0.0/16       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:1875
ACCEPT     udp  --  0.0.0.0/0            202.1.195.131       udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpts:1024:65535 state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:68 dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:68 dpt:67

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain drop-lan (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
[root@gateway ~]#
0
 
fosiul01Commented:

look at this one

DROP       all  --  0.0.0.0/0            0.0.0.0/0
so anything will come from 0.0.0.0 will be drop

but here you are accepting udp comming from 0.0.0.0  

ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514
also anything after drop all rules will be droped

and also the rules looks wrong
delete
ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514

add add this way, if you want to allow udp port 514 to accept from anywhere

iptables -A INPUT -p udp --dport 514 -j ACCEPT
0
 
ammadeyy2020Author Commented:
login as: root
root@192.168.10.10's password:
Last login: Thu Feb 12 13:54:35 2009 from 192.168.100.80
[root@gateway ~]# netstat -an | grep 514
tcp        0      0 127.0.0.1:39357             127.0.0.1:51413             ESTABLISHED
tcp        0      0 127.0.0.1:51413             127.0.0.1:39357             ESTABLISHED
[root@gateway ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x12/0x12 state NEW reject-with tcp-reset
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
DROP       all  --  127.0.0.0/8          0.0.0.0/0
DROP       all  --  169.254.0.0/16       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:1875
ACCEPT     udp  --  0.0.0.0/0            202.1.195.131       udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpts:1024:65535 state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:68 dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:68 dpt:67
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:110
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:25
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:1875
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain drop-lan (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
[root@gateway ~]# cat /etc/services | grep 514
shell           514/tcp         cmd             # no passwords used
syslog          514/udp
[root@gateway ~]# lsof -i -n -P | grep 514
squid       806        squid   13u  IPv4 297341940       TCP 127.0.0.1:39357->127.0.0.1:51413 (ESTABLISHED)
squid_lda  7625        squid    0u  IPv4 297341941       TCP 127.0.0.1:51413->127.0.0.1:39357 (ESTABLISHED)
squid_lda  7625        squid    1u  IPv4 297341941       TCP 127.0.0.1:51413->127.0.0.1:39357 (ESTABLISHED)
kolabd    31037         root    4u  IPv4     51411       TCP 127.0.0.1:9999 (LISTEN)
kolabd    31037         root    5u  IPv4     51412       TCP 127.0.0.1:9999->127.0.0.1:45073 (ESTABLISHED)
[root@gateway ~]# lsof -i -n -P | grep 631
[root@gateway ~]# lsof -i -n -P|grep 514
squid       806        squid   13u  IPv4 297341940       TCP 127.0.0.1:39357->127.0.0.1:51413 (ESTABLISHED)
squid_lda  7625        squid    0u  IPv4 297341941       TCP 127.0.0.1:51413->127.0.0.1:39357 (ESTABLISHED)
squid_lda  7625        squid    1u  IPv4 297341941       TCP 127.0.0.1:51413->127.0.0.1:39357 (ESTABLISHED)
kolabd    31037         root    4u  IPv4     51411       TCP 127.0.0.1:9999 (LISTEN)
kolabd    31037         root    5u  IPv4     51412       TCP 127.0.0.1:9999->127.0.0.1:45073 (ESTABLISHED)
[root@gateway ~]# iptables -A INPUT -p udp -dport 514 -j ACCEPT
Bad argument `514'
Try `iptables -h' or 'iptables --help' for more information.
[root@gateway ~]# iptables -A INPUT -p udp --dport 514 -j ACCEPT
[root@gateway ~]# netstat -an | grep 514
tcp        0      0 127.0.0.1:39357             127.0.0.1:51413             ESTABLISHED
tcp        0      0 127.0.0.1:51413             127.0.0.1:39357             ESTABLISHED
[root@gateway ~]# ipables -nL
-bash: ipables: command not found
[root@gateway ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  202.99.11.99         0.0.0.0/0
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x12/0x12 state NEW reject-with tcp-reset
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
DROP       all  --  127.0.0.0/8          0.0.0.0/0
DROP       all  --  169.254.0.0/16       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpt:1875
ACCEPT     udp  --  0.0.0.0/0            202.1.195.131       udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            202.1.195.131       tcp dpts:1024:65535 state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  202.99.11.99         0.0.0.0/0
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  117.103.192.49       0.0.0.0/0
DROP       all  --  61.185.21.61         0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:68 dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:68 dpt:67
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:110
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:25
ACCEPT     tcp  --  202.1.195.131        0.0.0.0/0           tcp spt:1875
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain drop-lan (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
[root@gateway ~]#
0
 
fosiul01Commented:
1.do you want what service should use 514 ??

if that services does not run then 514 would not be open anyway

2. does this service requeire both tcp and udp or just udp ??

2 , i am guessig the service is runing which suppose to run on port 514

now from iptables rules

DROP       all  --  0.0.0.0/0            0.0.0.0/0   - Delte this line
ACCEPT     udp  --  0.0.0.0/0            127.0.0.1           udp dpt:514
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514


go to /etc/sysconfig/
vi iptables
delete
DROP       all  --  0.0.0.0/0            0.0.0.0/0   - Delte this line

then Save iptables
then restart iptables
0
 
ammadeyy2020Author Commented:
514 i want to use for syslog
where i can connect a software and download logs from linux machine
0
 
fosiul01Commented:
also :

do you have nmap installed ?? if not, yum install nmap
then run this command

nmap -sS -O 127.0.0.1

it will show you all open port

but from this one
[root@gateway ~]# cat /etc/services | grep 514
shell           514/tcp         cmd             # no passwords used
syslog          514/udp

its seems 514 is running for syslog

anyway: have you change the iptables as i said
thats should open port for 514
0
 
Hugh FraserConsultantCommented:
Syslog uses UDP port 514. After making the firewall changes to open this port, you will probably need to change syslog to have it accept messages from a network interface; for standard syslog, add the "-r" option to the command line. Normally, it does not listen to network ports for messages.

0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Your first problem is that you don't have anything LISTENING on port 514. Open all the firewall ports you want, if nothing is listening on that port, nothing happens when the data is received.

How cal I tell this?

From you:
login as: root
root@192.168.10.10's password:
Last login: Thu Feb 12 13:54:35 2009 from 192.168.100.80
[root@gateway ~]# netstat -an | grep 514
tcp        0      0 127.0.0.1:39357             127.0.0.1:51413             ESTABLISHED
tcp        0      0 127.0.0.1:51413             127.0.0.1:39357             ESTABLISHED

There are no processes listening on port 514 (port 51413 doesn't count!)

Just what are you planning to use this port for?

As noted above, the LEGITIMATE use is for remote syslog... but you'll need/want to do 2 other things to make that work:
1) enable syslogd to listen on the port (typically, this is adding a -r option to the syslogd daemon when it starts -- change it at /etc/default/syslogd in most distributions).
2) enable port 514 through the firewall, but ONLY on UDP -- continue to block TCP port 514

I hope this helps....

Dan
IT4SOHO
0
 
ammadeyy2020Author Commented:
i have added
iptables -A INPUT -p udp --dport 514 -j ACCEPT

but still i am unable to telnet to port 514
what i am trying to do is to retrieve syslog from firewall to another logserver

login as: root
root@192.168.10.10's password:
Last login: Thu Mar  5 10:09:08 2009 from 192.168.100.100
[root@gateway ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  200.63.96.118        0.0.0.0/0
DROP       all  --  202.99.11.99         0.0.0.0/0
DROP       all  --  61.137.125.128       0.0.0.0/0
DROP       all  --  59.173.247.106       0.0.0.0/0
DROP       all  --  202.101.227.166      0.0.0.0/0
DROP       all  --  218.75.199.50        0.0.0.0/0
DROP       all  --  77.41.50.176         0.0.0.0/0
DROP       all  --  218.98.106.53        0.0.0.0/0
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  219.138.39.22        0.0.0.0/0
DROP       all  --  61.28.18.34          0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
DROP       all  --  21.33.101.134        0.0.0.0/0
DROP       all  --  61.139.54.94         0.0.0.0/0
DROP       all  --  60.191.104.242       0.0.0.0/0
DROP       all  --  222.180.159.141      0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x12/0x12 state NEW reject-with tcp-reset
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
DROP       all  --  127.0.0.0/8          0.0.0.0/0
DROP       all  --  169.254.0.0/16       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            x.x.x.x       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            x.x.x.x       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            x.x.x.x       tcp dpt:1875
ACCEPT     udp  --  0.0.0.0/0            x.x.x.x       udp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            x.x.x.x       tcp dpts:1024:65535 state RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  200.63.96.118        0.0.0.0/0
DROP       all  --  202.99.11.99         0.0.0.0/0
DROP       all  --  61.137.125.128       0.0.0.0/0
DROP       all  --  59.173.247.106       0.0.0.0/0
DROP       all  --  202.101.227.166      0.0.0.0/0
DROP       all  --  218.75.199.50        0.0.0.0/0
DROP       all  --  77.41.50.176         0.0.0.0/0
DROP       all  --  218.98.106.53        0.0.0.0/0
DROP       all  --  221.233.242.4        0.0.0.0/0
DROP       all  --  219.138.39.22        0.0.0.0/0
DROP       all  --  61.28.18.34          0.0.0.0/0
DROP       all  --  202.101.165.202      0.0.0.0/0
DROP       all  --  21.33.101.134        0.0.0.0/0
DROP       all  --  61.139.54.94         0.0.0.0/0
DROP       all  --  60.191.104.242       0.0.0.0/0
DROP       all  --  222.180.159.141      0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            192.168.20.20       tcp dpt:110
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:68 dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:68 dpt:67
ACCEPT     tcp  --  x.x.x.x        0.0.0.0/0           tcp spt:110
ACCEPT     tcp  --  x.x.x.x        0.0.0.0/0           tcp spt:25
ACCEPT     tcp  --  x.x.x.x        0.0.0.0/0           tcp spt:1875
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain drop-lan (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
[root@gateway ~]#
0
 
fosiul01Commented:
Hi
if you look your rules

DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514

you put Drom all first

then your 514 rules

so it would not work
you need to put
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514 Before Drom all rules

does it make sense ??
0
 
Hugh FraserConsultantCommented:
Syslog normally listens only to UDP port 514. Telnet is using TCP to connect to the port, making it unable to connect to the remote syslog server.

To test the syslog server's ability to receive syslog events, you'll a second system with syslog configured to forward messages to the remote server you're trying to test. You can then use the logger command to create and send a message.

0
 
ammadeyy2020Author Commented:
fosiul01

below firewall script
which line should i remove to go away from
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514


login as: root
root@192.168.10.10's password:
Last login: Thu Mar  5 14:11:56 2009 from 192.168.100.100
[root@gateway ~]# cd /etc/rc.d/
[root@gateway rc.d]# ls
firewall.lua  rc0.d  rc3.d  rc6.d              rc.firewall.types
init.d        rc1.d  rc4.d  rc.firewall        rc.local
rc            rc2.d  rc5.d  rc.firewall.local  rc.sysinit
[root@gateway rc.d]# vi rc.firewall

    for TABLE in filter nat mangle; do
        $IPTABLES -t $TABLE -F  # Flush all previous rules.
        $IPTABLES -t $TABLE -X  # Delete user-defined chains.
    done

    $IPTABLES -P INPUT DROP
    $IPTABLES -P OUTPUT DROP
    $IPTABLES -P FORWARD DROP

    # Allow ping for diagnostics
    $IPTABLES -A INPUT -p icmp -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p icmp -j $FW_ACCEPT

    # Open 81 and 22
    $IPTABLES -I INPUT -p tcp --dport 81 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 81 -j $FW_ACCEPT
    $IPTABLES -I INPUT -p tcp --dport 22 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 22 -j $FW_ACCEPT

    # Allow DNS requests
    $IPTABLES -A INPUT -p udp --sport domain -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p udp --dport domain -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --sport domain -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p tcp --dport domain -j $FW_ACCEPT

    # Allow DHCP to startup
    $IPTABLES -A INPUT -p udp --dport bootpc --sport bootps -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --dport bootpc --sport bootps -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p tcp --sport bootpc --dport bootps -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p udp --sport bootpc --dport bootps -j $FW_ACCEPT

    # Allow high ports
    $IPTABLES -A OUTPUT -p tcp --sport 1024:65535 -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --dport 1024:65535 \
        -m state --state ESTABLISHED,RELATED -j $FW_ACCEPT

    # Allow everything on the loopback
    $IPTABLES -A INPUT -i lo -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -o lo -j $FW_ACCEPT
}

# Run firewall
RC=0
0
 
fosiul01Commented:
good moring, sorry due to weaked didnot able to reply.
Ok you have diffrent types of firewall rule running

from the output
firewall.lua
rc.firewall.loca
 rc.firewall

which one is  your main one

it looks like you are using userdefined firewall rules
0
 
ammadeyy2020Author Commented:
how can i check the main firewall?

im using a linux firewall called "ClarkConnect" Enterprise edition
it is using its own firewall
0
 
fosiul01Commented:
I never worked on Clark Connect ,omm

the rc.firewall rule you attached, what all those rules ??

can you past here,

chkconfig --list output, to check whats running on your system
0
 
ammadeyy2020Author Commented:
login as: root
root@192.168.10.10's password:
Last login: Tue Mar 10 09:50:20 2009 from 192.168.100.100
[root@gateway ~]# chkconfig --list
mdmonitor       0:off   1:off   2:off   3:off   4:off   5:off   6:off
webconfig       0:off   1:off   2:on    3:on    4:on    5:on    6:off
snortsam        0:off   1:off   2:on    3:on    4:on    5:on    6:off
lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
dansguardian-av 0:off   1:off   2:off   3:on    4:on    5:on    6:off
system-mysqld   0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
saslauthd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
syswatch        0:off   1:off   2:on    3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
mdmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
suvad           0:off   1:off   2:on    3:on    4:on    5:on    6:off
freshclam       0:off   1:off   2:off   3:on    4:on    5:on    6:off
squid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
snort           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iscsi           0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
ldapsync        0:off   1:off   2:off   3:on    4:on    5:on    6:off
ldap            0:off   1:off   2:off   3:on    4:on    5:on    6:off
firewall        0:off   1:off   2:on    3:on    4:on    5:on    6:off
iscsid          0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
clamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@gateway ~]#
0
 
fosiul01Commented:
ok you dont have iptables running,

you have this one running

firewall        0:off   1:off   2:on    3:on    4:on    5:on    6:off

whats this firewall ??
0
 
ammadeyy2020Author Commented:
this is internet gateway firewall
login as: root
root@192.168.10.10's password:
Last login: Tue Mar 10 13:57:33 2009 from 192.168.100.100
[root@gateway ~]# cd /etc/rc.d/
[root@gateway rc.d]# ls
firewall.lua  rc0.d  rc3.d  rc6.d              rc.firewall.types
init.d        rc1.d  rc4.d  rc.firewall        rc.local
rc            rc2.d  rc5.d  rc.firewall.local  rc.sysinit
[root@gateway rc.d]# vi rc.firewall
    $IPTABLES -A OUTPUT -p icmp -j $FW_ACCEPT

    # Open 81 and 22
    $IPTABLES -I INPUT -p tcp --dport 81 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 81 -j $FW_ACCEPT
    $IPTABLES -I INPUT -p tcp --dport 22 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 22 -j $FW_ACCEPT

    # Allow DNS requests
    $IPTABLES -A INPUT -p udp --sport domain -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p udp --dport domain -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --sport domain -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p tcp --dport domain -j $FW_ACCEPT

    # Allow DHCP to startup
    $IPTABLES -A INPUT -p udp --dport bootpc --sport bootps -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --dport bootpc --sport bootps -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p tcp --sport bootpc --dport bootps -j $FW_ACCEPT
    $IPTABLES -A OUTPUT -p udp --sport bootpc --dport bootps -j $FW_ACCEPT

    # Allow high ports
    $IPTABLES -A OUTPUT -p tcp --sport 1024:65535 -j $FW_ACCEPT
    $IPTABLES -A INPUT -p tcp --dport 1024:65535 \

0
 
fosiul01Commented:
omm this would be little bit of complex..

whats in your rc.firewall.local ??
0
 
ammadeyy2020Author Commented:
nothing on rc.firewall.local

login as: root
root@192.168.10.10's password:
Last login: Tue Mar 10 13:57:33 2009 from 192.168.100.100
[root@gateway ~]# cd /etc/rc.d/
[root@gateway rc.d]# ls
firewall.lua  rc0.d  rc3.d  rc6.d              rc.firewall.types
init.d        rc1.d  rc4.d  rc.firewall        rc.local
rc            rc2.d  rc5.d  rc.firewall.local  rc.sysinit
[root@gateway rc.d]# vi rc.firewall
[root@gateway rc.d]# vi rc.firewall.local
# Custom firewall rules.
# This file is executed by the firewall on stop/start/restart.
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"rc.firewall.local" 2L, 88C
0
 
fosiul01Commented:
Ok the port you are trying to open is this tcp or udp ??

can you add these under this 2 lines

$IPTABLES -I INPUT -p tcp --dport 22 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 22 -j $FW_ACCEP

Bellow one i have addess as tcp , [ change it if 514 is udp]

IPTABLES -I INPUT -p tcp --dport 514 -j $FW_ACCEPT
    $IPTABLES -I OUTPUT -p tcp --sport 514 -j $FW_ACCEP


then restart this firewall programm....
see what happended
0
 
ammadeyy2020Author Commented:
it give error
Untitled.jpg
0
 
fosiul01Commented:
You typed $ before iptables rules  ??

like this ...

$IPTABLES -I  INPUT -p  udp --dport 514 -j $FW_ACCEPT

0
 
ammadeyy2020Author Commented:
iptables -A INPUT -p udp --dport 514 -j ACCEPT  (this command does accept)
IPTABLES -I  INPUT -p  udp --dport 514 -j $FW_ACCEPT (gives error IPTABLES command not found)
0
 
fosiul01Commented:
iptables -A INPUT -p udp --dport 514 -j ACCEPT  : are you typing this command from command line is not it ??


did you add this line
$IPTABLES -I  INPUT -p  udp --dport 514 -j $FW_ACCEPT


in rc.firewall file ??

then if you restart firewall, does it give error ??
0
 
jdarwinCommented:
I feel, that your firewall will not block NMAP from scanning the ports. So, firewall shouldn't be an issue to get a list of open/closed ports.

Download nmap for Windows. Also download Zenmap graphical frontend for NMAP.

and install on your Windows PC, then run Zenmap.

You surely shall get a list of all open/closed ports, including port 514 of your server.


Plz. do accept this solution, if it worked for you.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 11
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now