Score:2

Centos7 machine refusing connection to port

fm flag

I'm trying to make sure that the machine is accepting tcp connections on port 8245, however I am unable to connect.

When I try from an external machine: telnet myhostname.com 8245

I get:

Unable to connect to remote host: Connection refused

I have already added the port on the host machine via firewall-cmd:

sudo firewall-cmd --zone=public --add-port=8245/tcp --permanent
sudo firewall-cmd --reload

And confirmed with:

sudo firewall-cmd --list-ports

8245/tcp 80/tcp 443/tcp

And: sudo iptables -L

Chain IN_public_allow (1 references)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere tcp dpt:8245 ctstate NEW,UNTRACKED

I'm having no issues making telnet connections to ports 80 and 443, so I'm not sure what I'm doing wrong.

Score:2
cn flag

Your service that is listening on port 8245 is probably not listening on all addresses, maybe only localhost. You can confirm by running netstat -l on the Centos server and checking for the local address with port 8245 and state LISTEN.

Dr.Tautology avatar
fm flag
The reason I want this port opened is because I'm having an issue with my noip dynamic update client service that is running. I read that the client uses 80, 443 and 8245. When I look at netstat there is nothing listening on all three of those ports. I thought using telnet is just supposed to tell you if a port is open and doesn't necessarily indicate that a service is actively listening on that port?
Adam avatar
cn flag
telnet will try to connect to whatever is running on the port, if nothing is actually listening on that port then you will get the connection refused message even if the firewall is allowing the incoming connection. As for your dynamic DNS client, that would use an outgoing connection so it doesn't matter what incoming ports are allowed. Check your `iptables -L` OUTPUT chain to see what the default policy is, and if only certain ports are allowed.
Dr.Tautology avatar
fm flag
Thank you, I'm still learning. Here is what my output chain is: ACCEPT all -- anywhere anywhere OUTPUT_direct all -- anywhere anywhere Does this mean that all outbound traffic is being allowed?
Dr.Tautology avatar
fm flag
I'm also confused because netstat doesn't show anything listening on port 80, but I'm still able to telnet to it.
in flag
`I read that the client uses 80, 443 and 8245` Chances are that the client uses these ports on outbound connections. If that is the case it won't listen on that ports. There is no need for a dyndns client to listen on a port.
Adam avatar
cn flag
If you want to check that your centos server can connect to the no-ip server ports then you want to run telnet from the centos server. You can test port 8245 by running `telnet dynupdate.no-ip.com 8245` from your server. I think you were using telnet backwards before :) You want to run it from your own server, not to it.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.