[RndTbl] Trying to open port 36141:TCP for PCI Compliance test
Tyhr Trubiak
ttrubiak at gmail.com
Thu Feb 12 15:37:46 CST 2015
I'm trying to have a site host on Red Hat 6.3 PCI compliant through
myControlScan.
The only failure I have is that port 36141:TCP is being blocked
somehow/somewhere, and I do not know where or how to find out.
It is blocked from other servers on the network as well as itself.
# nc -zv 127.0.0.1 36141
nc: connect to 127.0.0.1 port 36141 (tcp) failed: Connection refused
(same result when using nc -zv localhost 36141 as well as the website ip
address)
36141:TCP should be open according to iptables. (iptable list shown below)
# netstat -lnp | grep 36141
(shows nothing)
traceroute gets to myControlScan (207.198.99.3) via default settings, port
80, port 80 TCP, and port 36141, BUT not 36141:TCP.
Confused.
# traceroute -p 36141 -P TCP 207.198.99.3
traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
1 * * *
2 *^C
# traceroute -p 36141 207.198.99.3
traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
1 67.22.106.161 (67.22.106.161) 0.679 ms 0.734 ms 0.873 ms
2 66.11.145.82 (66.11.145.82) 1.965 ms 1.963 ms 1.936 ms
3 ae1-200.tor10.ip4.gtt.net (77.67.79.185) 1.890 ms 1.867 ms 1.839 ms
4 xe-7-0-1.dal33.ip4.gtt.net (89.149.180.246) 51.948 ms 51.940 ms
51.916 ms
5 peer1-gw.ip4.gtt.net (77.67.71.30) 38.730 ms 38.730 ms 38.701 ms
iptable list below:
-----------------
# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141
DROP tcp -- 195.190.13.0/24 0.0.0.0/0 tcp
DROP tcp -- 91.217.10.0/23 0.0.0.0/0 tcp
DROP tcp -- 91.207.8.0/23 0.0.0.0/0 tcp
DROP tcp -- 91.207.4.0/22 0.0.0.0/0 tcp
DROP tcp -- 91.207.7.21 0.0.0.0/0 tcp
ACCEPT all -- 172.16.100.1 0.0.0.0/0
ACCEPT all -- 172.16.101.102 0.0.0.0/0
ACCEPT all -- 172.22.25.53 0.0.0.0/0
ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 tcp dpt:111
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141
ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 tcp dpt:111
ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 tcp dpt:111
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
--------------------------------------------------------------------------
Any thoughts or ideas?
Thanks,
Tyhr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150212/34e40124/attachment.html>
More information about the Roundtable
mailing list