If a "netstat -nlp" shows nothing on that port, then it seems the issue is that nothing is actually listening on that port. Trying to figure out what might be blocking the port is asking the wrong question - the port may not be blocked at all. But it doesn't look like whatever service you think should be listening on that port is actually doing so. You need to figure out why the service is either not starting up, or not listening on the port you think it's supposed to be on. Check the logs for that service, and turn up the verbosity of its output if necessary (and possible).

On 12/02/2015 3:37 PM, Tyhr Trubiak wrote:

I'm trying to have a site host on Red Hat 6.3 PCI compliant through myControlScan.

The only failure I have is that port 36141:TCP is being blocked somehow/somewhere, and I do not know where or how to find out.

It is blocked from other servers on the network as well as itself.

# nc -zv 127.0.0.1 36141

nc: connect to 127.0.0.1 port 36141 (tcp) failed: Connection refused

(same result when using nc -zv localhost 36141 as well as the website ip address)

36141:TCP should be open according to iptables. (iptable list shown below)

# netstat -lnp | grep 36141

(shows nothing)

traceroute gets to myControlScan (207.198.99.3) via default settings, port 80, port 80 TCP, and port 36141, BUT not 36141:TCP.

Confused.

# traceroute -p 36141 -P TCP 207.198.99.3

traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets

1 * * *

2 *^C

# traceroute -p 36141 207.198.99.3

traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets

1 67.22.106.161 (67.22.106.161) 0.679 ms 0.734 ms 0.873 ms

2 66.11.145.82 (66.11.145.82) 1.965 ms 1.963 ms 1.936 ms

3 ae1-200.tor10.ip4.gtt.net (77.67.79.185) 1.890 ms 1.867 ms 1.839 ms

4 xe-7-0-1.dal33.ip4.gtt.net (89.149.180.246) 51.948 ms 51.940 ms 51.916 ms

5 peer1-gw.ip4.gtt.net (77.67.71.30) 38.730 ms 38.730 ms 38.701 ms

iptable list below:

-----------------

# iptables -nL

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141

DROP tcp -- 195.190.13.0/24 0.0.0.0/0 tcp

DROP tcp -- 91.217.10.0/23 0.0.0.0/0 tcp

DROP tcp -- 91.207.8.0/23 0.0.0.0/0 tcp

DROP tcp -- 91.207.4.0/22 0.0.0.0/0 tcp

DROP tcp -- 91.207.7.21 0.0.0.0/0 tcp

ACCEPT all -- 172.16.100.1 0.0.0.0/0

ACCEPT all -- 172.16.101.102 0.0.0.0/0

ACCEPT all -- 172.22.25.53 0.0.0.0/0

ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 tcp dpt:111

REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:36141

ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 10.200.139.34 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 10.200.139.35 0.0.0.0/0 tcp dpt:111

ACCEPT tcp -- 172.16.1.164 0.0.0.0/0 tcp dpt:111

DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111

--------------------------------------------------------------------------

Any thoughts or ideas?

Thanks,

Tyhr
_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable

-- 
Gilles R. Detillieux              E-mail: <grdetil@scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)