4

I have disabled selinux in /etc/sysconfig/selinux:

SELINUX=disabled

rebooted and disabled both firewalld and iptables services. 

# sestatus
SELinux status:                 disabled

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead) 

# ufw status
Status: inactive

I still can't access the server using a specific port:

# nc -v 10.0.12.3 8887
nc: connect to 10.0.12.3 port 8887 (tcp) failed: Connection refused

I can ping the server and ssh to it.

I have tried opening ports using iptables and firewalld and haven't managed to make it work. The last option remaining is to disable the firewall completely and even that doesn't work.

the ports that are being listened on are:

# netstat -plnt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1031/rpcbind        
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1843/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1392/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1391/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1756/master         
tcp        0      0 0.0.0.0:6010            0.0.0.0:*               LISTEN      1892/sshd: jmalapra 
tcp        0      0 0.0.0.0:6011            0.0.0.0:*               LISTEN      2461/sshd: jmalapra 
tcp6       0      0 :::111                  :::*                    LISTEN      1031/rpcbind        
tcp6       0      0 :::22                   :::*                    LISTEN      1392/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1391/cupsd          
tcp6       0      0 :::6010                 :::*                    LISTEN      1892/sshd: jmalapra 
tcp6       0      0 :::6011                 :::*                    LISTEN      2461/sshd: jmalapra
Jacques MALAPRADE
  • 143
  • 1
  • 1
  • 5
  • 1
    The server can only show a connection is accepted if a program listens on the port. In this case Jupyter notebook needed to listen on port 8887 for nc to show that the port was open. – Jacques MALAPRADE Jul 05 '18 at 09:18

1 Answers1

2

Use netstat or ss to verify that a service is listening on the ip/port in question.

edit now that you verified that the service in question is running, reset your box' security measures:

# Restore SELinux
sed -i -e 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/sysconfig/selinux
touch /.autorelabel
reboot

# Firewall exception
firewall-cmd --zone=public --add-port=8887/tcp --permanent 
firewall-cmd --reload

# Remove superfluous packages
yum remove -y iptables-services ufw
Community
  • 1
fuero
  • 9,413
  • 1
  • 35
  • 40
  • I added the output of `netstat -plnt` in the original post. It seems like it isn't listening on that port. How can I get this port to be listened to without requiring the firewall? Or, do I need the firewall? – Jacques MALAPRADE Jul 05 '18 at 08:37
  • I had to first run the application, in this case jupyter notebook on the server which listens on port 8887 for nc to show that it port is open. – Jacques MALAPRADE Jul 05 '18 at 09:17
  • Now you should reactivate the firewall and properly open the port through it. firewall-cmd --zone=public --add-port=8887/tcp --permanent ;firewall-cmd --reload – Overmind Jul 05 '18 at 11:18