Firewall Not Opening Ports

Discussion in 'Installation/Configuration' started by rbartz, Nov 10, 2012.

  1. rbartz

    rbartz New Member

    I am having a problem opening ports 1935 and 5080 for media streaming.

    I used The Perfect Server - CentOS 6.3 x86_64 setup, and after a few blips all the normal stuff is running right. (Found out again that phpMyAdmin is not the same as phpmyadmin!)

    Anyway, after setting ispconfig3 to open those two ports, I get this with iptables -L -n
    ===================================================
    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- 0.0.0.0/0 127.0.0.0/8
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    DROP all -- 224.0.0.0/4 0.0.0.0/0
    PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
    PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
    PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
    PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
    PUB_IN all -- 0.0.0.0/0 0.0.0.0/0
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
    PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
    PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
    PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0
    PUB_OUT all -- 0.0.0.0/0 0.0.0.0/0

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain PAROLE (19 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain PUB_IN (5 references)
    target prot opt source destination
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:81
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5080
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
    PAROLE tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306
    DROP icmp -- 0.0.0.0/0 0.0.0.0/0
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    Chain PUB_OUT (5 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain fail2ban-Dovecot (0 references)
    target prot opt source destination

    Chain fail2ban-SMTP (0 references)
    target prot opt source destination
    RETURN all -- 0.0.0.0/0 0.0.0.0/0

    Chain fail2ban-SSH (0 references)
    target prot opt source destination
    RETURN all -- 0.0.0.0/0 0.0.0.0/0
    ===============================================
    Looks like the ports are set right there.

    However, with Nmap I get this:
    ==================================================
    #nmap -sS 127.0.0.1

    Starting Nmap 5.51 ( http://nmap.org ) at 2012-11-09 16:19 MST
    Nmap scan report for 69-64-65-69.phx.dedicated.codero.com (127.0.0.1)
    Host is up (0.0000050s latency).
    Not shown: 983 closed ports
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    110/tcp open pop3
    111/tcp open rpcbind
    143/tcp open imap
    443/tcp open https
    631/tcp open ipp
    993/tcp open imaps
    995/tcp open pop3s
    3306/tcp open mysql
    8080/tcp open http-proxy
    8081/tcp open blackice-icecap
    10001/tcp open scp-config
    10025/tcp open unknown

    Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
    ==================================================
    telnet localhost 5080 says connection refused. The ports are not open...

    Any ideas? Thanks!

    Richard
     
  2. rbartz

    rbartz New Member

    Found The Problem

    After thinking about this a bit, I realized Nmap will not show a port open unless something is there to answer.......

    The problem was with the red5 server script, the base directory was not right so it was creating the pid file but not actually starting from the /etc/init.d/red5 script.

    Fixed the script and all was good.

    Sorry to bother you guys!

    Richard
     

Share This Page