Not able to open tcp port in linux system

[gaurav_herein]

I am using RHEL 5

and my application is running in the system on port 11960. I need to connect to this port from application running on other system.

but the port is closed for other system

 

below are the information for my system

 

 

[root@ sysconfig]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere tcp spt:11960 state NEW,ESTABLISHED

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

 

 

[root@ sysconfig]# netstat -nap | grep 11960

tcp 0 0 127.0.0.1:11960 0.0.0.0:* LISTEN 2155/cm

 

[root@ sysconfig]# nmap -p 11960 23.x.x.x

 

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-05-29 06:45 EDT

Interesting ports on (23.x.x.x):

PORT STATE SERVICE

11960/tcp closed unknown

 

[root@ sysconfig]# nmap -p 11960 127.0.0.1

 

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-05-29 06:45 EDT

Interesting ports on localhost.localdomain (127.0.0.1):

PORT STATE SERVICE

11960/tcp open unknown

 

[root@domU-12-31-39-10-06-32 sysconfig]# tcptraceroute -p 11960 23.x.x.x

traceroute to 23.x.x.x (23.x.x.x), 30 hops max, 40 byte packets

1 ip-10-72-24-2.ec2.internal (10.72.24.2) 1.370 ms 1.322 ms 1.299 ms

2 ip-10-1-6-69.ec2.internal (10.1.6.69) 0.505 ms ip-10-1-8-69.ec2.internal (10.1.8.69) 0.501 ms 0.680 ms

3 ip-10-1-11-14.ec2.internal (10.1.11.14) 0.843 ms ip-10-1-7-14.ec2.internal (10.1.7.14) 0.833 ms ip-10-1-9-14.ec2.internal (10.1.9.14) 0.802 ms

4 216.182.224.209 (216.182.224.209) 0.785 ms 216.182.224.76 (216.182.224.76) 16.203 ms 216.182.232.48 (216.182.232.48) 0.737 ms

5 216.182.232.49 (216.182.232.49) 1.306 ms 1.285 ms 216.182.224.208 (216.182.224.208) 1.252 ms

6 23.x.x.x 2.679 ms 2.654 ms 2.629 ms

 

Firewall is off

 

tried

nc 23.x.x.x 11960

 

tried adding below when firewall was on

iptables -A INPUT -i eth0 -p tcp --sport 11960 -m state --state NEW ESTABLISHED -j ACCEPT

 

tried flushing the iptables "iptables -F"

 

can anyone suggest what should i check or what is the problem with this port.

is there anything that i need to add in /etc/services?

 

Regards,

Gaurav

[inittux]

I don't know much about iptables, haven't done anything with it yet. What I do for now is go to /etc/sysconfig . Then as root run system-config-firewall-tui . You will get a simple graphical interface where you can turn on your firewall and add a port to open in your firewall.

[Dungeon-Dave]

iptables -A INPUT -i eth0 -p tcp --sport 11960 -m state --state NEW ESTABLISHED -j ACCEPT

I think that should read --dport 11960 - you're interested in DESTINATION port, not SOURCE port.

 

(you rule is permitting incoming connections from port 11960, not connections to 11960)

 

Another test to try is: "telnet localhost 11960" on that machine - see if you get any response.

[gaurav_herein]

Thanks for your help. I was able to resolve it. The problem was /etc/hosts. Entry was not proper.

[Dungeon-Dave]

Okayyy... I'm not sure why /etc/hosts would prevent firewall rules from working, but glad to see you got it all sorted!