[plug] Unable to open the application port in CentOS 5.8

Anuerin Diaz Sat, 20 Oct 2012 03:16:25 -0700

Hi,

   I have 2 virtualized CentOS machines (lpdza1 and lpdza2) where I am
setting up clustered WebLogic nodes.  The current problem I have is that I
cannot make the port 7028 in lpdza1 accept external connections.
Connection from within lpdza1 works but I need lpdza2 to be able to access
the admin port (7028).  I have tried alternately disabling iptables and
ip6tables, as well as flushing and stopping them to no avail. I have also
tried configuring and disabling them from the desktop GUI
(Administration->Securtiy and Firewall settings,
Administration->Services->restart). I have tried accessing from other
virtual machines (Ubuntu, WindowsXP) to isolate that it is not a problem on
the second machine (lpdza2).


  What am I missing? Below is the sequence of commands I executed which is
based from http://wiki.centos.org/HowTos/Network/IPTables.

======================

[root@lpdza1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@lpdza1 ~]# netstat -an | grep 7028
tcp        0      0 ::ffff:127.0.0.1:7028       :::*
LISTEN

[root@lpdza1 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination


[root@lpdza1 ~]# iptables -P INPUT ACCEPT
[root@lpdza1 ~]# iptables -F
[root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT
[root@lpdza1 ~]# iptables -P INPUT DROP
[root@lpdza1 ~]# iptables -P FORWARD DROP
[root@lpdza1 ~]# iptables -P OUTPUT ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED
-j ACCEPT

[root@lpdza1 ~]# /sbin/service iptables save
[root@lpdza1 ~]# /sbin/service iptables reload
[root@lpdza1 ~]# /sbin/service iptables start

[root@lpdza1 ~]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
  468 35641 ACCEPT     tcp  --  any    any     anywhere
anywhere            tcp dpt:ssh
   13   708 ACCEPT     tcp  --  any    any     anywhere
anywhere            tcp dpt:7028
   22  1299 ACCEPT     all  --  lo     any     anywhere
anywhere
  733  124K ACCEPT     all  --  eth0   any     anywhere
anywhere
    0     0 ACCEPT     all  --  any    any     anywhere
anywhere            state NEW,RELATED,ESTABLISHED

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 1094 packets, 168K bytes)
 pkts bytes target     prot opt in     out     source
destination


[root@lpdza1 ~]# ip6tables -P INPUT ACCEPT
[root@lpdza1 ~]# ip6tables -F
[root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 7028 -j ACCEPT
[root@lpdza1 ~]# ip6tables -P INPUT DROP
[root@lpdza1 ~]# ip6tables -P FORWARD DROP
[root@lpdza1 ~]# ip6tables -P OUTPUT ACCEPT
[root@lpdza1 ~]# ip6tables -A INPUT -i lo -j ACCEPT
[root@lpdza1 ~]# ip6tables -A INPUT -i eth0 -j ACCEPT
[root@lpdza1 ~]# ip6tables -A INPUT -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

[root@lpdza1 ~]# /sbin/service ip6tables save
[root@lpdza1 ~]# /sbin/service ip6tables reload
[root@lpdza1 ~]# /sbin/service ip6tables start

[root@lpdza1 ~]# iptables -P INPUT ACCEPT
[root@lpdza1 ~]# iptables -F
[root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT
[root@lpdza1 ~]# iptables -P INPUT DROP
[root@lpdza1 ~]# iptables -P FORWARD DROP
[root@lpdza1 ~]# iptables -P OUTPUT ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT
[root@lpdza1 ~]# iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED
-j ACCEPT

[root@lpdza1 ~]# /sbin/service iptables save
[root@lpdza1 ~]# /sbin/service iptables reload
[root@lpdza1 ~]# /sbin/service iptables start


# test from first CentOS machine

[root@lpdza1 ~]# nc -zv -w 2 lpdza1 22
Connection to lpdza1 22 port [tcp/ssh] succeeded!
[root@lpdza1 ~]# nc -zv -w 2 lpdza1 7028
Connection to lpdza1 7028 port [tcp/*] succeeded!

#switch to second CentOS machine
[adiaz@lpdza2 ~]$ ping -c 1 lpdza1
PING lpdza1 (192.168.122.185) 56(84) bytes of data.
64 bytes from lpdza1 (192.168.122.185): icmp_seq=1 ttl=64 time=0.567 ms

[adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 22
Connection to lpdza1 22 port [tcp/ssh] succeeded!
[adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 7028
nc: connect to lpdza1 port 7028 (tcp) failed: Connection refused

======================

  Any pointers is very much appreciated. Thank you.

ciao!

-- 
"Programming, an artform that fights back"

Anuerin G. Diaz
Registered Linux User #246176
http://ramfree17.net/capsule , when you absolutely have nothing else better
to do

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

[plug] Unable to open the application port in CentOS 5.8

Reply via email to