Question

26

How to open a port?

rated 0 times [ 26] [ 0] / answers: 1 / hits: 207869 / 3 Years ago, fri, july 2, 2021, 4:59:29

I have ubuntu 12.04 and I'm not able to allow certain port in my firewall. So I basically said I will allow everything but it's still not working. Please help. nmap on this machine from other machine says:

$ nmap host_name

Not shown: 996 closed ports

PORT    STATE SERVICE

22/tcp  open  ssh

80/tcp  open  http

139/tcp open  netbios-ssn

445/tcp open  microsoft-ds

and here is nmap from the same machine

$ nmap localhost



Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-21 11:14 PST

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000080s latency).

Not shown: 991 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

25/tcp   open  smtp

53/tcp   open  domain

80/tcp   open  http

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

631/tcp  open  ipp

3306/tcp open  mysql

8000/tcp open  http-alt



Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds

I want to open port 8000 and here is the output of iptables.

# iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           



Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0  



mmoghimi@titan:~$ sudo netstat -tulpn

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      14842/mysqld    

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      982/smbd        

tcp        0      0 127.0.0.1:39346         0.0.0.0:*               LISTEN      3405/GoogleTalkPlug

tcp        0      0 127.0.0.1:50995         0.0.0.0:*               LISTEN      3405/GoogleTalkPlug

tcp        0      0 127.0.0.1:5939          0.0.0.0:*               LISTEN      2412/teamviewerd

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2429/dnsmasq    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      985/sshd        

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1267/cupsd      

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1748/exim4      

tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      2885/dropbox    

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      982/smbd        

tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      4134/python    

tcp6       0      0 :::139                  :::*                    LISTEN      982/smbd        

tcp6       0      0 :::80                   :::*                    LISTEN      1832/apache2    

tcp6       0      0 :::22                   :::*                    LISTEN      985/sshd        

tcp6       0      0 ::1:631                 :::*                    LISTEN      1267/cupsd      

tcp6       0      0 ::1:25                  :::*                    LISTEN      1748/exim4      

tcp6       0      0 :::445                  :::*                    LISTEN      982/smbd        

udp        0      0 127.0.0.1:53            0.0.0.0:*                           2429/dnsmasq    

udp        0      0 0.0.0.0:68              0.0.0.0:*                           2403/dhclient  

udp        0      0 128.54.44.214:123       0.0.0.0:*                           3430/ntpd      

udp        0      0 MYIP:123                0.0.0.0:*                           3430/ntpd      

udp        0      0 127.0.0.1:123           0.0.0.0:*                           3430/ntpd      

udp        0      0 0.0.0.0:123             0.0.0.0:*                           3430/ntpd      

udp        0      0 137.110.255.255:137     0.0.0.0:*                           2602/nmbd      

udp        0      0 MYIP:137                0.0.0.0:*                           2602/nmbd      

udp        0      0 128.54.47.255:137       0.0.0.0:*                           2602/nmbd      

udp        0      0 128.54.44.214:137       0.0.0.0:*                           2602/nmbd      

udp        0      0 0.0.0.0:137             0.0.0.0:*                           2602/nmbd      

udp        0      0 137.110.255.255:138     0.0.0.0:*                           2602/nmbd      

udp        0      0 MYIP:138                0.0.0.0:*                           2602/nmbd      

udp        0      0 128.54.47.255:138       0.0.0.0:*                           2602/nmbd      

udp        0      0 128.54.44.214:138       0.0.0.0:*                           2602/nmbd      

udp        0      0 0.0.0.0:138             0.0.0.0:*                           2602/nmbd      

udp        0      0 0.0.0.0:17500           0.0.0.0:*                           2885/dropbox    

udp        0      0 0.0.0.0:36889           0.0.0.0:*                           1356/avahi-daemon:

udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1356/avahi-daemon:

udp6       0      0 ::1:123                 :::*                                3430/ntpd      

udp6       0      0 fe80::fab1:56ff:fe9:123 :::*                                3430/ntpd      

udp6       0      0 fe80::3e77:e6ff:fe6:123 :::*                                3430/ntpd      

udp6       0      0 :::123                  :::*                                3430/ntpd      

udp6       0      0 :::33792                :::*                                1356/avahi-daemon:

udp6       0      0 :::5353                 :::*                                1356/avahi-daemon:

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

rryble

Add To Favorites

Follow

Total Points: 489

Total Questions: 121

Total Answers: 119

Location: Marshall Islands

Member since Mon, May 31, 2021

3 Years ago

answered 3 Years ago amelican · Accepted Answer

Your iptables output shows that no port is blocked.

So the question is: Is anything listening on port 8000? If nothing is listening on a port but the port is not blocked by a firewall nmap will report it as closed. From here:

closed

A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.

So the nmap report: "996 closed ports" actually say that those ports are not blocked by a firewall but no program is listening on them. nmap reports a blocked port as filtered:

filtered

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. ...

So if you put an application in listening state on port 8000 it will likely show up in the output of nmap. You can do this if you just run python3 -m http.server or python -m SimpleHTTPServer on the machine on which you are trying to open the ports, this will put a HTTP server listening on port 8000. Then run nmap again to scan the machine.

UPDATE:

Your netstat output has this line:

tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      4134/python

That means your python program is only listening on localhost (127.0.0.1), so it is only accessible from localhost, not from outside. The program has to listen on the IP of your network adapter or on the universal 0.0.0.0 IP. The problem is what I wrote above, no program is listening on the 8000 port (from the outside world) so nmap says it is closed.