FC5 - iptables driving me nuts...>

Psy_Ops · #1 11th April 2006, 08:56 PM

Hi guys,

Im trying to install Zope which is a Web Based Process Work Flow engine which uses port 8080, i.e. I should be able to go into firefox and connect to it using: http://127.0.0.1:8080/manage
but when I do that, it said it cant find the page.... apache is up as I can happily connect to 127.0.0.1.
I tried telnet 127.0.0.1 8080 and it says connection refused, which made me look into my iptable config... and as you would expect since I cant connect, port 8080 is closed:

[scoobsky@localhost ~]$ nmap 127.0.0.1 -v -p 8080

Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-04-11 20:49 BST
Machine 127.0.0.1 MIGHT actually be listening on probe port 80
DNS resolution of 0 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 0, CN: 0]
Initiating Connect() Scan against localhost.localdomain (127.0.0.1) [1 port] at 20:49
The Connect() Scan took 0.00s to scan 1 total ports.
Host localhost.localdomain (127.0.0.1) appears to be up ... good.
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
8080/tcp closed http-proxy

now I've tried numerous iptables commands in order to open up port 8080, the most basic of which being:
/sbin/iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
and save my iptables using iptables-save..... which confirm the previous command by displaying my
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
rule and then showed COMMIT at the end of it... but to no avail, port 8080 is still blocked...
out of desperation, I downloaded guardog and tried to open up the port on 8080.. but to no avail, it's still closed... then I went wild and (for testing purposes!) and disabled the firewall both from guardog and the "Security Level and Firewal" application under System/Application... and with both firewalls down... I still cant connect to my page in explorer and tellnet still refuses the connection to 127.0.0.1 on port 8080 (although telnet 127.0.0.1 connects me).

Any ideas would be greatly appreciated!!

Thanks in advance!

M.

Brian1 · #2 11th April 2006, 10:11 PM

I doubt it is the firewall that is the issue. Using your localhost address of 127.0.0.1 is not defined in IPtables. I would say there is a configuration issue in ZOPE or it is not running. Check dmesg when you startup Zope. If all firewalls and SELinux is off then it must be Zope issue.

Brian1

pparks1 · #3 11th April 2006, 10:38 PM

You can verify that iptables is NOT running with

service iptables stop

Psy_Ops · #4 12th April 2006, 12:37 AM

Thanks guys.... I stopped it all using the service command and checked with the GUI tools and it still shows port 8080 blocked when I run an nmap 127.0.0.1 -v -p 8080... so I'll investigat on the zope side of things and will post in here when I get it working for future reference if other people get the same prob in the future.

Thanks again for your help

M.

Zotter · #5 12th April 2006, 05:27 AM

hosts.deny ??

Psy_Ops · #6 12th April 2006, 09:00 AM

nope... hosts.deny is empty... well apart from all the comented out lines.

gotta go to work now

will try again more things later...

liro · #7 12th April 2006, 04:12 PM

Quote:

Originally Posted by Psy_Ops

Thanks guys.... I stopped it all using the service command and checked with the GUI tools and it still shows port 8080 blocked when I run an nmap 127.0.0.1 -v -p 8080... so I'll investigat on the zope side of things and will post in here when I get it working for future reference if other people get the same prob in the future.

Thanks again for your help

M.

your nmap output shows that port 8080 is closed and not blocked. closed means, port is ready to use but there is no sevice connected to it...

check /etc/services for an entry of tcp/8080 (or udp/8080). if set, deactivate it with a #....

Psy_Ops · #8 12th April 2006, 05:14 PM

good point....

[root@localhost bin]# cat /etc/services | grep 8080
webcache 8080/tcp # WWW caching service
webcache 8080/udp # WWW caching service
[root@localhost bin]#

whatever www caching is.

I did try however to change the Zope default port from 8080 to 8090 and restarted but the demond but didn't make any difference.

if I were to comment out these lines in /etc/services.... what do I need to restart for the port to be made available as it seems to be used by www caching at the moment?

Cheers,
M.

liro · #9 13th April 2006, 05:48 AM

i'm not sure what exactly to reboot. but the securest way (to be sure that works) reboot your machine after comment out.

www caching, means this port is often used for proxy servers...
i had a similar problem once, where was a port setup in /etc/services and the add-on software wasn't running till i commented out....