[SOLVED] - Some Ports Open | Some Ports Closed ?

[jmacdougca]

I do not understand why port 143 is not showing as open on portchecker.co 24.109.184.150 yet port 7689, 80 and 443 are showing as open.

I see port 143 is enabled in firewalld

Code: Select all

[Neptune@orcacomputers ~]$ sudo firewall-cmd --zone=public --add-port=143/tcp
[sudo] password for Neptune: 
Warning: ALREADY_ENABLED: '143:tcp' already in 'public'
success
[Neptune@orcacomputers ~]$ sudo firewall-cmd --permanent --zone=public --add-port=143/tcp
Warning: ALREADY_ENABLED: 143:tcp
success

I see the 143 and imap service

Code: Select all

[Neptune@orcacomputers ~]$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0 enp9s0 virbr0
  services: http https imap imaps ssh vnc-server
  ports: 7689/tcp 80/tcp 443/tcp 143/tcp 993/tcp

I stop and start NetworkManager but ports still not open. I have called the ISP they confirm they are not blocking anything as the ISP device is in bridge mode. What am I not seeing?

[Whoever]

Do you have any process listening on port 143?

What happens if you run:

Code: Select all

netstat -avpn | grep 143

[jmacdougca]

No services listening on port 143 as per;

Code: Select all

[Neptune@orcacomputers ~]$ sudo netstat -avpn | grep 143
[sudo] password for Neptune: 
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
unix  3      [ ]         STREAM     CONNECTED     31438    3697/gsd-print-noti  
unix  3      [ ]         STREAM     CONNECTED     31431    3648/gvfs-gphoto2-v  
unix  3      [ ]         STREAM     CONNECTED     41434    1/systemd            /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     31432    3324/dbus-daemon     @/tmp/dbus-8lHyxlvKjM
unix  3      [ ]         STREAM     CONNECTED     31430    3648/gvfs-gphoto2-v  
unix  3      [ ]         STREAM     CONNECTED     41435    1/systemd            /run/systemd/journal/stdout
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

I see 7689 ssh is listening.

Code: Select all

[Neptune@orcacomputers ~]$ sudo netstat -avpn | grep 7689
tcp        0      0 0.0.0.0:7689            0.0.0.0:*               LISTEN      2017/sshd 

[jlehtone]

Note: 'ss' replaces 'netstat'.

Code: Select all

sudo ss -tlpn | grep 143

Options 't' for TCP, 'l' for listening, 'n' for numeric ports, and 'p' for name(s) of process(es). The 'p' does nothing, if ss is run as regular user.

The ss output is more compact, if not to "terminal": ss -tulpn | cat

[jmacdougca]

Code: Select all

[Neptune@orcacomputers ~]$ sudo ss -tlpn | cat 143
cat: 143: No such file or directory

So no process using socket. So the process has to use the socket before the port will show as listening even though the port shows in

Code: Select all

firewall-cmd --list-all

?

[jlehtone]

For netstat/ss, definitely. External scanners ... no idea.

[TrevorH]

When firewall-cmd tells you that '143:tcp' already in 'public' it is because you already have (correctly) the imap service enabled which includes that port. You should always use the service definition rather than the port as the service can include other things necessary to make it function.

[Whoever]

No services listening on port 143 as per;

Code: Select all

[Neptune@orcacomputers ~]$ sudo netstat -avpn | grep 143
[sudo] password for Neptune: 
netstat: no support for `AF INET (sctp)' on this system.
netstat: no support for `AF INET (sctp)' on this system.
unix  3      [ ]         STREAM     CONNECTED     31438    3697/gsd-print-noti  
unix  3      [ ]         STREAM     CONNECTED     31431    3648/gvfs-gphoto2-v  
unix  3      [ ]         STREAM     CONNECTED     41434    1/systemd            /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     31432    3324/dbus-daemon     @/tmp/dbus-8lHyxlvKjM
unix  3      [ ]         STREAM     CONNECTED     31430    3648/gvfs-gphoto2-v  
unix  3      [ ]         STREAM     CONNECTED     41435    1/systemd            /run/systemd/journal/stdout
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.

I see 7689 ssh is listening.

Code: Select all

[Neptune@orcacomputers ~]$ sudo netstat -avpn | grep 7689
tcp        0      0 0.0.0.0:7689            0.0.0.0:*               LISTEN      2017/sshd 

Without anything listening on port 143, it's not going to show as open.