[RndTbl] Trying to open port 36141:TCP for PCI Compliance test

Gilles Detillieux grdetil at scrc.umanitoba.ca
Thu Feb 12 16:30:08 CST 2015


If a "netstat -nlp" shows nothing on that port, then it seems the issue 
is that nothing is actually listening on that port.  Trying to figure 
out what might be blocking the port is asking the wrong question - the 
port may not be blocked at all.  But it doesn't look like whatever 
service you think should be listening on that port is actually doing 
so.  You need to figure out why the service is either not starting up, 
or not listening on the port you think it's supposed to be on.  Check 
the logs for that service, and turn up the verbosity of its output if 
necessary (and possible).

On 12/02/2015 3:37 PM, Tyhr Trubiak wrote:
> I'm trying to have a site host on Red Hat 6.3 PCI compliant through 
> myControlScan.
>
> The only failure I have is that port 36141:TCP is being blocked 
> somehow/somewhere, and I do not know where or how to find out.
> It is blocked from other servers on the network as well as itself.
>
> # nc -zv 127.0.0.1 36141
> nc: connect to 127.0.0.1 port 36141 (tcp) failed: Connection refused
> (same result when using nc -zv localhost 36141 as well as the website 
> ip address)
>
> 36141:TCP should be open according to iptables. (iptable list shown below)
>
> # netstat -lnp | grep 36141
> (shows nothing)
>
> traceroute gets to myControlScan (207.198.99.3) via default settings, 
> port 80, port 80 TCP, and port 36141, BUT not 36141:TCP.
> Confused.
>
> # traceroute -p 36141 -P TCP 207.198.99.3
> traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
>  1  * * *
>  2  *^C
>
> # traceroute -p 36141 207.198.99.3
> traceroute to 207.198.99.3 (207.198.99.3), 30 hops max, 60 byte packets
>  1  67.22.106.161 (67.22.106.161)  0.679 ms  0.734 ms  0.873 ms
>  2  66.11.145.82 (66.11.145.82)  1.965 ms  1.963 ms  1.936 ms
>  3 ae1-200.tor10.ip4.gtt.net <http://ae1-200.tor10.ip4.gtt.net> 
> (77.67.79.185)  1.890 ms  1.867 ms  1.839 ms
>  4 xe-7-0-1.dal33.ip4.gtt.net <http://xe-7-0-1.dal33.ip4.gtt.net> 
> (89.149.180.246)  51.948 ms  51.940 ms  51.916 ms
>  5 peer1-gw.ip4.gtt.net <http://peer1-gw.ip4.gtt.net> (77.67.71.30) 
>  38.730 ms  38.730 ms  38.701 ms
>
> iptable list below:
> -----------------
> # iptables -nL
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp dpt:36141
> DROP       tcp  -- 195.190.13.0/24 <http://195.190.13.0/24> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp
> DROP       tcp  -- 91.217.10.0/23 <http://91.217.10.0/23> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp
> DROP       tcp  -- 91.207.8.0/23 <http://91.207.8.0/23> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp
> DROP       tcp  -- 91.207.4.0/22 <http://91.207.4.0/22> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp
> DROP       tcp  --  91.207.7.21 0.0.0.0/0 <http://0.0.0.0/0>           tcp
> ACCEPT     all  --  172.16.100.1 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT     all  --  172.16.101.102 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT     all  --  172.22.25.53 0.0.0.0/0 <http://0.0.0.0/0>
> ACCEPT     tcp  --  127.0.0.1 0.0.0.0/0 <http://0.0.0.0/0>           
> tcp dpt:111
> ACCEPT     tcp  --  10.200.139.34 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> ACCEPT     tcp  --  10.200.139.35 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> ACCEPT     tcp  --  172.16.1.164 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> REJECT     tcp  -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp dpt:111 reject-with icmp-port-unreachable
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp dpt:36141
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp dpt:36141
> ACCEPT     tcp  --  127.0.0.1 0.0.0.0/0 <http://0.0.0.0/0>           
> tcp dpt:111
> ACCEPT     tcp  --  10.200.139.34 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> ACCEPT     tcp  --  10.200.139.35 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> ACCEPT     tcp  --  172.16.1.164 0.0.0.0/0 <http://0.0.0.0/0>         
>   tcp dpt:111
> DROP       tcp  -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 
> <http://0.0.0.0/0>           tcp dpt:111
> --------------------------------------------------------------------------
>
> Any thoughts or ideas?
> Thanks,
> Tyhr
>
>
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable

-- 
Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150212/0b6f4821/attachment.html>


More information about the Roundtable mailing list