[RndTbl] Trying to open port 36141:TCP for PCI Compliance test
Gilles Detillieux
grdetil at scrc.umanitoba.ca
Thu Feb 12 16:30:08 CST 2015
If a "netstat -nlp" shows nothing on that port, then it seems the issue
is that nothing is actually listening on that port. Trying to figure
out what might be blocking the port is asking the wrong question - the
port may not be blocked at all. But it doesn't look like whatever
service you think should be listening on that port is actually doing
so. You need to figure out why the service is either not starting up,
or not listening on the port you think it's supposed to be on. Check
the logs for that service, and turn up the verbosity of its output if
necessary (and possible).
On 12/02/2015 3:37 PM, Tyhr Trubiak wrote:
> I'm trying to have a site host on Red Hat 6.3 PCI compliant through
> myControlScan.
>
> The only failure I have is that port 36141:TCP is being blocked
> somehow/somewhere, and I do not know where or how to find out.
> It is blocked from other servers on the network as well as itself.
>
> # nc -zv 127.0.0.1 36141
> nc: connect to 127.0.0.1 port 36141 (tcp) failed: Connection refused
> (same result when using nc -zv localhost 36141 as well as the website
> ip address)
>
> 36141:TCP should be open according to iptables. (iptable list shown below)
>
> # netstat -lnp | grep 36141
> (shows nothing)
>
> traceroute gets to myControlScan (207.198.99.3) via default settings,
> port 80, port 80 TCP, and port 36141, BUT not 36141:TCP.
> Confused.
>
> # traceroute -p 36141 -P TCP 207.198.99.3
> traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
> 1 * * *
> 2 *^C
>
> # traceroute -p 36141 207.198.99.3
> traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
> 1 67.22.106.161 (67.22.106.161) 0.679 ms 0.734 ms 0.873 ms
> 2 66.11.145.82 (66.11.145.82) 1.965 ms 1.963 ms 1.936 ms
> 3 ae1-200.tor10.ip4.gtt.net <http://ae1-200.tor10.ip4.gtt.net>
> (77.67.79.185) 1.890 ms 1.867 ms 1.839 ms
> 4 xe-7-0-1.dal33.ip4.gtt.net <http://xe-7-0-1.dal33.ip4.gtt.net>
> (89.149.180.246) 51.948 ms 51.940 ms 51.916 ms
> 5 peer1-gw.ip4.gtt.net <http://peer1-gw.ip4.gtt.net> (77.67.71.30)
> 38.730 ms 38.730 ms 38.701 ms
>
> iptable list below:
> -----------------
> # iptables -nL
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> tcp dpt:36141
> DROP tcp -- 195.190.13.0/24 <http://195.190.13.0/24> 0.0.0.0/0
> <http://0.0.0.0/0> tcp
> DROP tcp -- 91.217.10.0/23 <http://91.217.10.0/23> 0.0.0.0/0
> <http://0.0.0.0/0> tcp
> DROP tcp -- 91.207.8.0/23 <http://91.207.8.0/23> 0.0.0.0/0
> <http://0.0.0.0/0> tcp
> DROP tcp -- 91.207.4.0/22 <http://91.207.4.0/22> 0.0.0.0/0
> <http://0.0.0.0/0> tcp
> DROP tcp -- 91.207.7.21 0.0.0.0/0 <http://0.0.0.0/0> tcp
> ACCEPT all -- 172.16.100.1 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT all -- 172.16.101.102 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT all -- 172.22.25.53 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> REJECT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> tcp dpt:111 reject-with icmp-port-unreachable
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> tcp dpt:36141
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> tcp dpt:36141
> ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 <http://0.0.0.0/0>
> tcp dpt:111
> DROP tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
> <http://0.0.0.0/0> tcp dpt:111
> --------------------------------------------------------------------------
>
> Any thoughts or ideas?
> Thanks,
> Tyhr
>
>
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
--
Gilles R. Detillieux E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba Winnipeg, MB R3E 0J9 (Canada)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150212/0b6f4821/attachment.html>
More information about the Roundtable
mailing list