CentOS open port 7000 [RESOLVED]

Question

I have two boxes one ubuntu v10.10 (IP: 192.168.12.128) and another centos v5.5 (IP: 192.168.12.131)

I m able to ping centos from ubuntu box and vice versa.

When I telnet UBUNTUIP using port 7000 from centos it works

when I telnet CENTOSIP using port 7000 from ubuntu I get error "Unable to connect to remote host: No route to host"

I tried to open port in centOS using command iptables -A INPUT -p tcp --dport 7000 -j ACCEPT but I'm still unable to telnet centos on this port.

The reason I want port 7000 open because I'm trying to setup a cassandra cluster.

Please let me know what I'm doing wrong here and what I can do to make it work.

Update

the output of sudo iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:afs3-fileserver

Output of netstat -putna UPDATED For centOS when cassandra is running

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:800                 0.0.0.0:*                   LISTEN      3586/rpc.statd      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      3554/portmap        
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      4592/java           
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      3812/cupsd          
tcp        0      0 192.168.12.131:7000         0.0.0.0:*                   LISTEN      4592/java           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      3835/sendmail: acce 
tcp        0      0 0.0.0.0:54650               0.0.0.0:*                   LISTEN      4592/java           
tcp        0      0 0.0.0.0:59802               0.0.0.0:*                   LISTEN      4592/java           
tcp        0      0 127.0.0.1:51116             127.0.0.1:39490             TIME_WAIT   -                   
tcp        0      0 192.168.12.131:51779        192.168.12.128:7000         ESTABLISHED 4592/java           
tcp        0      0 192.168.12.131:52929        192.168.12.128:7000         ESTABLISHED 4592/java           
tcp        0      0 :::22                       :::*                        LISTEN      3803/sshd           
udp        0      0 0.0.0.0:33161               0.0.0.0:*                               3936/avahi-daemon:  
udp        0      0 0.0.0.0:794                 0.0.0.0:*                               3586/rpc.statd      
udp        0      0 0.0.0.0:797                 0.0.0.0:*                               3586/rpc.statd      
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               3415/dhclient       
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               3936/avahi-daemon:  
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               3554/portmap        
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               3812/cupsd          
udp        0      0 :::51370                    :::*                                    3936/avahi-daemon:  
udp        0      0 :::5353                     :::*                                    3936/avahi-daemon:

UPDATED Output of netstat -putna in Ubuntu box when cassandra sunning on both box

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      865/mysqld      
tcp        0      0 0.0.0.0:40333           0.0.0.0:*               LISTEN      2019/java       
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2019/java       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1675/apache2    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      942/cupsd       
tcp        0      0 192.168.12.128:7000     0.0.0.0:*               LISTEN      2019/java       
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      881/postgres    
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1675/apache2    
tcp        0      0 0.0.0.0:53412           0.0.0.0:*               LISTEN      2019/java       
tcp        0      0 127.0.0.1:9160          0.0.0.0:*               LISTEN      2019/java       
tcp        1      0 192.168.12.128:37629    203.197.174.87:80       CLOSE_WAIT  1918/clock-applet
tcp        1      0 192.168.12.128:37630    203.197.174.87:80       CLOSE_WAIT  1918/clock-applet
tcp        0      1 192.168.12.128:49373    192.168.12.131:7000     SYN_SENT    2019/java       
tcp        0      0 192.168.12.128:7000     192.168.12.131:46356    ESTABLISHED 2019/java       
tcp        0      0 192.168.12.128:7000     192.168.12.131:56337    ESTABLISHED 2019/java       
tcp        1      0 192.168.12.128:54117    203.197.174.80:80       CLOSE_WAIT  1918/clock-applet
tcp6       0      0 ::1:631                 :::*                    LISTEN      942/cupsd       
tcp6       0      0 ::1:5432                :::*                    LISTEN      881/postgres    
udp        0      0 0.0.0.0:60819           0.0.0.0:*                           713/avahi-daemon: r
udp        0      0 0.0.0.0:68              0.0.0.0:*                           753/dhclient    
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           713/avahi-daemon: r
udp6       0      0 ::1:51637               ::1:51637               ESTABLISHED 881/postgres    
udp6       0      0 :::52390                :::*                                713/avahi-daemon: r
udp6       0      0 :::5353                 :::*                                713/avahi-daemon: r

Output of telnet localhost 7000 after stopping iptables service

Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused

The above is output because cassandra just wont start trying to find seed node(ubuntu box), the error is "connection refused" whereas error from ubuntu telnet is "No route to host"

UPDATE

I was able to resolve the issue it was - port blocked by firewall The problem became more so a problem if you add a person like me who has absolutely no knowledge of port bindings (When a port can be accessed - only when some application is listening for it @dyasny, it helped me diagnose and learn few fundamentals) and linux os.

Thanks to you all for helping me.

Sudesh

Can you post the output of `iptables-save`? here or in pastebin.com — pepoluan, Mar 23 '11 at 13:40
Can you please post your current iptables rules on the CentOS box using `sudo iptables --list` — matt, Mar 22 '11 at 16:35

score 3 · Accepted Answer · answered Mar 22 '11 at 17:11

3

The default rule in CentOS isn't INPUT, it's RH-Firewall-1-INPUT

Enter the following rule into /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7000 -j ACCEPT

Then, restart iptables via /etc/init.d/iptables restart

answered Mar 22 '11 at 17:11

Joe

1,765
15
23

Even after doing above i was getting same error with telnet – Sudesh Mar 23 '11 at 04:48
@Sudesh: -A appends the rule to the end of the chain so will come after the REJECt. Use -I instead. – user9517 Mar 24 '11 at 18:37
The above line worked when i added it above "-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited". That is the last line in config file dont know why it did not worked if added after it. I would love to know if i m thinking is right that the last command had to do something – Sudesh Mar 25 '11 at 06:00
@Sudesh: The 1st rule that is matched is the one that is acted upon. In your ruleset, the catchall REJECT is before the ACCEPT. The REJECT rule is acted upon and iptables stops processing rules so the ACCEPT never gets acted upon. – user9517 Mar 25 '11 at 09:04

score 0 · Answer 2 · answered Mar 22 '11 at 16:41

0

try to disable iptables, for the test iptables -F or service iptables stop
make sure the service is running service $servicename status
make sure the service is listening on the right port netstat -putna
telnet locally telnet localhost 7000

answered Mar 22 '11 at 16:41

dyasny

18,482
6
48
63

even after stopping iptables service i was not able to telnet from ubuntu to centos, not even on default port – Sudesh Mar 23 '11 at 04:58
look at the netstat output - no application is listening on port 7000. If nothing is listening, there is nothing you can connect to – dyasny Mar 23 '11 at 15:17
Yes you are right, i cant get why when i telnet from local machine i get error message "connection refused" whereas error from ubuntu telnet is "No route to host", Cassandra uses 7000 for cluster communication, 9160 for clients (Thrift), and 8080 for JMX. I suspect the issue is that cassandra somehow unable to communicate using these ports. Is there a way to check a certain port is accessible from outside the box. – Sudesh Mar 23 '11 at 18:30
again, looking at your netstat, THERE IS NO APPLICATION LISTENING ON PORT 7000. There is no way to connect to an application that is not running or not maintaining a socket. Make sure your application is running, that is has the socket open, and that you know the port number, and then try again. – dyasny Mar 24 '11 at 09:01
i updated netstat -putna output when cassandra was running on both boxes, sorry for previous mistake you can guess i m a noob to this world. I tried to telnet when cassandra was runing still to no avail – Sudesh Mar 24 '11 at 18:17
One more update i was able to run cassandra cluster successfully only after executing command "iptables -X" on centos that means firewall is blocking, i believe now we have zeroed into the problem we can solve it – Sudesh Mar 24 '11 at 18:38

CentOS open port 7000 [RESOLVED]

2 Answers2