I cannot communicate from a linux server on port 41002

husseing

New Member
Credits
119
Hello,

I am having trouble communicating to another server on port 41002 (on the same network and vlan). It works with all my other linux servers beside this one (I inherited). I suspect the issue is in the iptables but am a beginner with linux and hope this forum can dissect my iptable to tell me where the issue lies.

#telnet x.x.x.x 41002

Here is out iptables output

[[email protected] ~]# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1226M 77G ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
27 1642 ACCEPT all -- lo any anywhere anywhere
23M 1215M INPUT_direct all -- any any anywhere anywhere
23M 1215M INPUT_ZONES_SOURCE all -- any any anywhere anywhere
23M 1215M INPUT_ZONES all -- any any anywhere anywhere
2298 162K DROP all -- any any anywhere anywhere ctstate INVALID
23M 1214M REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 FORWARD_direct all -- any any anywhere anywhere
0 0 FORWARD_IN_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_IN_ZONES all -- any any anywhere anywhere
0 0 FORWARD_OUT_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_OUT_ZONES all -- any any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere ctstate INVALID
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 1767M packets, 120G bytes)
pkts bytes target prot opt in out source destination
79136 7179K ACCEPT all -- any lo anywhere anywhere
1767M 120G OUTPUT_direct all -- any any anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- eno16780032 any anywhere anywhere [goto]
0 0 FWDI_public all -- + any anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination

Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- any eno16780032 anywhere anywhere [goto]
0 0 FWDO_public all -- any + anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination

Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination

Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- any any anywhere anywhere
0 0 FWDI_public_deny all -- any any anywhere anywhere
0 0 FWDI_public_allow all -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere

Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination

Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination

Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination

Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- any any anywhere anywhere
0 0 FWDO_public_deny all -- any any anywhere anywhere
0 0 FWDO_public_allow all -- any any anywhere anywhere

Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination

Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination

Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination

Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
23M 1215M IN_public all -- eno16780032 any anywhere anywhere [goto]
0 0 IN_public all -- + any anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination

Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination

Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
23M 1215M IN_public_log all -- any any anywhere anywhere
23M 1215M IN_public_deny all -- any any anywhere anywhere
23M 1215M IN_public_allow all -- any any anywhere anywhere
26 1706 ACCEPT icmp -- any any anywhere anywhere

Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
2655 131K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
12625 651K ACCEPT tcp -- any any anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
24 1176 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination

Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination

Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
[[email protected] ~]#
 


f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
Is this the firewall of the host you are trying to connect to or trying to connect from?
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
Try stopping iptables and then connecting to that system you are trying to connect to. Does it work then?
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
Do you know if you are running iptables or firewalld?
systemctl stop iptables --> stop iptables
systemctl start iptables --> start iptables

If you are running firewalld, replace iptables with firewalld.
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
if I disable it what rules will it default to?
will I lose connectivity via ssh.
There will be no rules if you stop iptables or firewalld. I just want to see if you are able to connect to that other system on port 41002 when the firewall is stopped. That way you will know for sure if it's the firewall that's in the way or not. If it still doesn't work than it's not the firewall and a waste of time to even look at the firewall configuration, if it is then you can start the firewall again and we can try to see how far we can get ;)
 

husseing

New Member
Credits
119
I found out it was actually using firewalld and I stopped it and tested still did not work
Next
I replaced the firewall config from another working centos box and still did not work
Next
I ran a tcpdump-here is the output

[[email protected] ~]# sudo tcpdump -i any -c20 -nn host 10.111.13.165
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
09:54:48.921861 IP 10.111.13.165.65314 > 10.111.12.64.10051: Flags [SEW], seq 91107236, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:54:48.921903 IP 10.111.12.64 > 10.111.13.165: ICMP host 10.111.12.64 unreachable - admin prohibited, length 60
09:54:49.475683 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239066143 ecr 0,nop,wscale 7], length 0
09:54:50.477411 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239067145 ecr 0,nop,wscale 7], length 0
09:54:52.484435 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239069152 ecr 0,nop,wscale 7], length 0
09:54:56.492397 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239073160 ecr 0,nop,wscale 7], length 0
09:54:59.647478 IP 10.111.12.64.35686 > 10.111.13.165.41002: Flags , seq 1970819896, win 29200, options [mss 1460,sackOK,TS val 1239076315 ecr 0,nop,wscale 7], length 0
09:55:00.649438 IP 10.111.12.64.35686 > 10.111.13.165.41002: Flags , seq 1970819896, win 29200, options [mss 1460,sackOK,TS val 1239077317 ecr 0,nop,wscale 7], length 0
09:55:02.652414 IP 10.111.12.64.35686 > 10.111.13.165.41002: Flags , seq 1970819896, win 29200, options [mss 1460,sackOK,TS val 1239079320 ecr 0,nop,wscale 7], length 0
09:55:03.241577 ARP, Request who-has 10.111.12.99 tell 10.111.13.165, length 46
09:55:03.242335 ARP, Request who-has 10.111.13.165 tell 10.111.12.99, length 46
09:55:04.516437 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239081184 ecr 0,nop,wscale 7], length 0
09:55:06.660423 IP 10.111.12.64.35686 > 10.111.13.165.41002: Flags , seq 1970819896, win 29200, options [mss 1460,sackOK,TS val 1239083328 ecr 0,nop,wscale 7], length 0
09:55:14.713035 IP 10.111.12.64.44970 > 10.111.13.165.41002: Flags , seq 3613147522, win 29200, options [mss 1460,sackOK,TS val 1239091380 ecr 0,nop,wscale 7], length 0
09:55:15.714386 IP 10.111.12.64.44970 > 10.111.13.165.41002: Flags , seq 3613147522, win 29200, options [mss 1460,sackOK,TS val 1239092382 ecr 0,nop,wscale 7], length 0
09:55:17.716404 IP 10.111.12.64.44970 > 10.111.13.165.41002: Flags , seq 3613147522, win 29200, options [mss 1460,sackOK,TS val 1239094384 ecr 0,nop,wscale 7], length 0
09:55:20.548406 IP 10.111.12.64.57544 > 10.111.13.165.41002: Flags , seq 675335071, win 29200, options [mss 1460,sackOK,TS val 1239097216 ecr 0,nop,wscale 7], length 0
09:55:21.724390 IP 10.111.12.64.44970 > 10.111.13.165.41002: Flags , seq 3613147522, win 29200, options [mss 1460,sackOK,TS val 1239098392 ecr 0,nop,wscale 7], length 0
09:55:48.247282 ARP, Request who-has 10.111.15.201 tell 10.111.13.165, length 46
09:55:48.279534 ARP, Request who-has 10.111.12.64 tell 10.111.13.165, length 46
20 packets captured
21 packets received by filter
0 packets dropped by kernel

It is a zabbix server
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
If you stopped firewalld and it still did not work the local firewall from the machine you are trying to connect is not the problem.
[[email protected] ~]# sudo tcpdump -i any -c20 -nn host 10.111.13.165
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
09:54:48.921861 IP 10.111.13.165.65314 > 10.111.12.64.10051: Flags [SEW], seq 91107236, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:54:48.921903 IP 10.111.12.64 > 10.111.13.165: ICMP host 10.111.12.64 unreachable - admin prohibited,
Is 10.111.12.64 the host your are trying to connect from and 10.111.12.65 to host you are trying to connect to? Kind of looks like the destination host is rejecting the host your are trying to connect from, at least the icmp. I would have a look at the firewall of the destination host, I'm kind of getting the idea the problem lies there.
 

husseing

New Member
Credits
119
the source is 10.111.12.64 and destination is 10.111.13.165. The destination is a windows server. See attachment for windows firewall rule. The connection works for all my other linux boxes.

Where can I check outbound allowed ports on the linux server?
Capture.PNG
 

f33dm3bits

Gold Member
Gold Supporter
Credits
7,721
Strange, you mentioned earlier that when you stop firewalld that you are not able to connect to the that other host either. When you stop firewalld all firewall rules are cleared so if there were rules for blocking outgoing connections those would be cleared too. Can you try stopping firewalld again and try connecting with telnet on an open port on one of the other linux machines on to another open port on the machine you are actually wanting to connect to? What Linux distribution is the system your are trying to connect from?
 


Staff online

Members online


Top