I am working on a simple Node.js app. This requires a particular port to be open. For example if I want the app to listen to port (say) 5122, I will have to first open the port 5122. For this I have applied the following rule in my iptables
我正在开发一个简单的Node.js应用程序。这需要打开特定端口。例如,如果我希望应用程序监听端口(比如说5122),我将首先打开端口5122.为此,我在我的iptables中应用了以下规则
iptables -I INPUT 3 --proto tcp --dport 5122 -j ACCEPT
service iptables save
Initially this worked for me. But suddenly after some it stopped working. I now, wanted to check whether the port 5122 is really open or not. I issued the command
最初这对我有用。但突然之后,它停止了工作。我现在想检查端口5122是否真的打开。我发出了命令
nmap -sT -O localhost
I don’t see any such ports listed here. But
我没有在这里看到任何此类端口。但
sudo iptables -L shows it like this -
ACCEPT tcp -- anywhere anywhere tcp dpt:5122
ACCEPT tcp -- anywhere anywhere tcp dpt:5122
I see this line 2 times. Still confused! No idea.
我看到这条线2次。仍然困惑!不知道。
I now opened the following url http://www.yougetsignal.com/tools/open-ports/ and entered my host IP and Port and it says, Port 5122 is closed on 50.56.246.162 (which is my host IP)
我现在打开以下网址http://www.yougetsignal.com/tools/open-ports/并输入我的主机IP和端口,它说,端口5122在50.56.246.162(这是我的主机IP)上关闭
My question is how do I permanently keep a particular port open for listening.
我的问题是如何永久保持特定端口可供收听。
Any help would be highly appreciated.
任何帮助将受到高度赞赏。
1 个解决方案
#1
2
You need to start running your application (using that port number) for the port to appear as open. As soon as it starts running and successfully listening on Port 5122, a local nmap scan will list that port as being open.
您需要开始运行您的应用程序(使用该端口号),以使端口显示为打开状态。一旦它开始运行并成功侦听端口5122,本地nmap扫描就会将该端口列为打开状态。
You only need to modify firewall rules once your application works to your satisfaction and you want to allow access to it from external host(s).
一旦您的应用程序工作满意并且您希望允许从外部主机访问它,您只需要修改防火墙规则。
The output of iptables -L shows that your iptables command has successfully modified the firewall rules to allowed external access to your application. In fact, it looks like you inserted the rule twice; this doesn’t do any harm as the second rule won’t be processed.
iptables -L的输出显示您的iptables命令已成功修改防火墙规则以允许外部访问您的应用程序。事实上,看起来你插入规则两次;这不会造成任何伤害,因为第二条规则将不会被处理。
Explanation
By default, all TCP and UDP ports are closed (not in a listening state). Only when a server or similar program opens a network socket and starts “listening” to a port number will that port appear to be open.
默认情况下,所有TCP和UDP端口都关闭(不处于侦听状态)。只有当服务器或类似程序打开网络套接字并开始“监听”端口号时,该端口才会打开。
E.g., running nmap -sT localhost locally on my server shows that most ports are closed and only lists the ones that are open:
例如,在我的服务器上本地运行nmap -sT localhost表明大多数端口已关闭,只列出了打开的端口:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
3306/tcp open mysql
A firewall such as Netfilter / iptables can be used to selectively block access to ports whether they’re already open or not. In this case, those ports are considered to be filtered – though confusingly, some people and websites refer to filtered ports as being “closed” and the act of removing the firewall filter as “opening” a port.
Netfilter / iptables等防火墙可用于有选择地阻止对端口的访问,无论它们是否已打开。在这种情况下,这些端口被认为是过滤的 - 虽然令人困惑,但有些人和网站将过滤后的端口称为“已关闭”,并将防火墙过滤器移除为“打开”端口。
E.g. running nmap -sT server.name on the same server from an external host reports different results since now the packets from the remote host are being filtered by the firewall:
例如。从外部主机在同一服务器上运行nmap -sT server.name会报告不同的结果,因为现在防火墙正在过滤来自远程主机的数据包:
Interesting ports on server.name (78.47.203.133):
Not shown: 1679 filtered ports
PORT STATE SERVICE
80/tcp open http
Note that locally, ports 25 and 3306 are open but from an external perspective they are shown as being filtered.
请注意,本地端口25和3306是打开的,但从外部角度来看,它们显示为已过滤。
#1
2
You need to start running your application (using that port number) for the port to appear as open. As soon as it starts running and successfully listening on Port 5122, a local nmap scan will list that port as being open.
您需要开始运行您的应用程序(使用该端口号),以使端口显示为打开状态。一旦它开始运行并成功侦听端口5122,本地nmap扫描就会将该端口列为打开状态。
You only need to modify firewall rules once your application works to your satisfaction and you want to allow access to it from external host(s).
一旦您的应用程序工作满意并且您希望允许从外部主机访问它,您只需要修改防火墙规则。
The output of iptables -L shows that your iptables command has successfully modified the firewall rules to allowed external access to your application. In fact, it looks like you inserted the rule twice; this doesn’t do any harm as the second rule won’t be processed.
iptables -L的输出显示您的iptables命令已成功修改防火墙规则以允许外部访问您的应用程序。事实上,看起来你插入规则两次;这不会造成任何伤害,因为第二条规则将不会被处理。
Explanation
By default, all TCP and UDP ports are closed (not in a listening state). Only when a server or similar program opens a network socket and starts “listening” to a port number will that port appear to be open.
默认情况下,所有TCP和UDP端口都关闭(不处于侦听状态)。只有当服务器或类似程序打开网络套接字并开始“监听”端口号时,该端口才会打开。
E.g., running nmap -sT localhost locally on my server shows that most ports are closed and only lists the ones that are open:
例如,在我的服务器上本地运行nmap -sT localhost表明大多数端口已关闭,只列出了打开的端口:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
3306/tcp open mysql
A firewall such as Netfilter / iptables can be used to selectively block access to ports whether they’re already open or not. In this case, those ports are considered to be filtered – though confusingly, some people and websites refer to filtered ports as being “closed” and the act of removing the firewall filter as “opening” a port.
Netfilter / iptables等防火墙可用于有选择地阻止对端口的访问,无论它们是否已打开。在这种情况下,这些端口被认为是过滤的 - 虽然令人困惑,但有些人和网站将过滤后的端口称为“已关闭”,并将防火墙过滤器移除为“打开”端口。
E.g. running nmap -sT server.name on the same server from an external host reports different results since now the packets from the remote host are being filtered by the firewall:
例如。从外部主机在同一服务器上运行nmap -sT server.name会报告不同的结果,因为现在防火墙正在过滤来自远程主机的数据包:
Interesting ports on server.name (78.47.203.133):
Not shown: 1679 filtered ports
PORT STATE SERVICE
80/tcp open http
Note that locally, ports 25 and 3306 are open but from an external perspective they are shown as being filtered.
请注意,本地端口25和3306是打开的,但从外部角度来看,它们显示为已过滤。