Discussion:
Opening port for specific IP address
(too old to reply)
RobH
2020-12-11 13:08:14 UTC
Permalink
I am using this to open port 6053 on 192.168.0.40

sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT

Then when I do this

nmap -p T:5000-7000 192.168.0.40

Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed

Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds

It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.

Thanks
Chris Elvidge
2020-12-11 13:25:57 UTC
Permalink
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on
192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
--
Chris Elvidge
England
Chris Elvidge
2020-12-11 16:19:56 UTC
Permalink
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
It is my understanding that if nothing is listening on a port, the port
will not show as open. I may be wrong <g>.
--
Chris Elvidge
England
RobH
2020-12-11 16:23:34 UTC
Permalink
Post by Chris Elvidge
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
It is my understanding that if nothing is listening on a port, the port
will not show as open. I may be wrong <g>.
ok, yes I would agree with that, so how do actually open the port.
Chris Elvidge
2020-12-11 16:34:31 UTC
Permalink
Post by RobH
Post by Chris Elvidge
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
It is my understanding that if nothing is listening on a port, the
port will not show as open. I may be wrong <g>.
ok, yes I would agree with that, so how do actually open the port.
For example: run an httpd (apache, lighttpd, nginx) listening on port
6053. You will have a webserver on port 6053.
Or try sshd -p 6053 - you will then be able to login with ssh
192.168.0.40 -p 6053
What do you actually want on port 6053?
--
Chris Elvidge
England
RobH
2020-12-11 16:52:58 UTC
Permalink
ssh 192.168.0.40 -p 6053
I'm getting:
***@rob-Z97:~$ ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused

I'm about ready to give up on all this before long.
RobH
2020-12-12 11:28:45 UTC
Permalink
Post by RobH
ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused
I'm about ready to give up on all this before long.
Interestingly, or not, on 3 ubuntu machines I have, the connection to
port 6053 is refused.
The link below says it is used for X Window system, which is for bitmap
displays according to the wikipedia page.

https://www.adminsub.net/tcp-udp-port-finder/6053
Paul
2020-12-12 12:26:33 UTC
Permalink
Post by RobH
Post by RobH
ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused
I'm about ready to give up on all this before long.
Interestingly, or not, on 3 ubuntu machines I have, the connection to
port 6053 is refused.
The link below says it is used for X Window system, which is for bitmap
displays according to the wikipedia page.
https://www.adminsub.net/tcp-udp-port-finder/6053
Xorg starts at port 6000. And each succeeding DISPLAY
is on the next port. There really should be an upper limit
on how many of those (consecutive block) are defined.

https://unix.stackexchange.com/questions/333969/how-do-x-clients-know-that-they-will-need-to-connect-to-tcp-port-6000display-n

https://forums.freebsd.org/threads/xorg-and-port-6000.57117/

"Traditional X11 via 6000–6063/tcp is still a perfectly valid
approach on a private network, combined with xauth(1) (try to
avoid xhost(1), which really is a bit insecure). See also Xsecurity(7).

MIT-MAGIC-COOKIE-1 isn't anything like a strong as ssh(1), but
quite adequate for many use cases over private networks. It is
only a generally bad idea to expose 6000 to untrusted networks,
and can be a perfectly reasonable idea in other cases, as long
as you take the time to consider the risks."

Another thread mentioned that Xorg no longer listens on 6000
for some reason. Who knows what it's really doing right now :-)
Xorg is probably mining bitcoins :-)

Nobody needs DISPLAY=:63, so really such a large block is a waste.
I think I used DISPLAY=:1 or :2 or so, but that was it. I played
with XMX at one time. Hard to remember the details now.

Paul
RobH
2020-12-12 12:48:44 UTC
Permalink
Post by Paul
Post by RobH
Post by RobH
ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused
I'm about ready to give up on all this before long.
Interestingly, or not, on 3 ubuntu machines I have, the connection to
port 6053 is refused.
The link below says it is used for X Window system, which is for
bitmap displays according to the wikipedia page.
https://www.adminsub.net/tcp-udp-port-finder/6053
Xorg starts at port 6000. And each succeeding DISPLAY
is on the next port. There really should be an upper limit
on how many of those (consecutive block) are defined.
https://unix.stackexchange.com/questions/333969/how-do-x-clients-know-that-they-will-need-to-connect-to-tcp-port-6000display-n
https://forums.freebsd.org/threads/xorg-and-port-6000.57117/
   "Traditional X11 via 6000–6063/tcp is still a perfectly valid
    approach on a private network, combined with xauth(1) (try to
    avoid xhost(1), which really is a bit insecure). See also
Xsecurity(7).
    MIT-MAGIC-COOKIE-1 isn't anything like a strong as ssh(1), but
    quite adequate for many use cases over private networks. It is
    only a generally bad idea to expose 6000 to untrusted networks,
    and can be a perfectly reasonable idea in other cases, as long
    as you take the time to consider the risks."
Another thread mentioned that Xorg no longer listens on 6000
for some reason. Who knows what it's really doing right now :-)
Xorg is probably mining bitcoins :-)
Nobody needs DISPLAY=:63, so really such a large block is a waste.
I think I used DISPLAY=:1 or :2 or so, but that was it. I played
with XMX at one time. Hard to remember the details now.
   Paul
s
Thanks for that, and there are no X11 ports is not open on the same 3
ubuntu systems I have.

Is there something to install or whatever to show open x11 ports.
Paul
2020-12-13 12:39:08 UTC
Permalink
Post by RobH
Post by Paul
Post by RobH
Post by RobH
ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused
I'm about ready to give up on all this before long.
Interestingly, or not, on 3 ubuntu machines I have, the connection to
port 6053 is refused.
The link below says it is used for X Window system, which is for
bitmap displays according to the wikipedia page.
https://www.adminsub.net/tcp-udp-port-finder/6053
Xorg starts at port 6000. And each succeeding DISPLAY
is on the next port. There really should be an upper limit
on how many of those (consecutive block) are defined.
https://unix.stackexchange.com/questions/333969/how-do-x-clients-know-that-they-will-need-to-connect-to-tcp-port-6000display-n
https://forums.freebsd.org/threads/xorg-and-port-6000.57117/
"Traditional X11 via 6000–6063/tcp is still a perfectly valid
approach on a private network, combined with xauth(1) (try to
avoid xhost(1), which really is a bit insecure). See also Xsecurity(7).
MIT-MAGIC-COOKIE-1 isn't anything like a strong as ssh(1), but
quite adequate for many use cases over private networks. It is
only a generally bad idea to expose 6000 to untrusted networks,
and can be a perfectly reasonable idea in other cases, as long
as you take the time to consider the risks."
Another thread mentioned that Xorg no longer listens on 6000
for some reason. Who knows what it's really doing right now :-)
Xorg is probably mining bitcoins :-)
Nobody needs DISPLAY=:63, so really such a large block is a waste.
I think I used DISPLAY=:1 or :2 or so, but that was it. I played
with XMX at one time. Hard to remember the details now.
Paul
s
Thanks for that, and there are no X11 ports is not open on the same 3
ubuntu systems I have.
Is there something to install or whatever to show open x11 ports.
You could use a "port scanner" on your LAN.

https://www.binarytides.com/top-port-scanners-on-ubuntu-linux/

Port scanning from the Internet side (WAN), tells you
mostly about what your router looks like. If a port
is port-forwarded by the router, then such a port might
be visible to a WAN scan.

Routers have anti-scan and anti-hammer behaviors. If your
router has an SMTP log it sends to one of your machines,
you will sometimes see a message in the log that a
"suspicious pattern" was seen, and the router discarded
N of the packets as a result. This in fact prevents
Gibsons Shields-Up from doing valid scans, at least
it did at some point in the past.

Whereas individual computers may not have the same anti-features
that your router has got. The router can't stop all suspicious
stuff (Google 1E100 scanning you), but it does enough stuff to
invalidate stealth scans done from the outside. The scan must
be slowed down, the port scan order randomized, to "lull the
router back to sleep".

Paul
RobH
2020-12-13 17:16:10 UTC
Permalink
Post by Paul
Post by RobH
Post by Paul
Post by RobH
Post by RobH
ssh 192.168.0.40 -p 6053
ssh: connect to host 192.168.0.40 port 6053: Connection refused
I'm about ready to give up on all this before long.
Interestingly, or not, on 3 ubuntu machines I have, the connection
to port 6053 is refused.
The link below says it is used for X Window system, which is for
bitmap displays according to the wikipedia page.
https://www.adminsub.net/tcp-udp-port-finder/6053
Xorg starts at port 6000. And each succeeding DISPLAY
is on the next port. There really should be an upper limit
on how many of those (consecutive block) are defined.
https://unix.stackexchange.com/questions/333969/how-do-x-clients-know-that-they-will-need-to-connect-to-tcp-port-6000display-n
https://forums.freebsd.org/threads/xorg-and-port-6000.57117/
    "Traditional X11 via 6000–6063/tcp is still a perfectly valid
     approach on a private network, combined with xauth(1) (try to
     avoid xhost(1), which really is a bit insecure). See also
Xsecurity(7).
     MIT-MAGIC-COOKIE-1 isn't anything like a strong as ssh(1), but
     quite adequate for many use cases over private networks. It is
     only a generally bad idea to expose 6000 to untrusted networks,
     and can be a perfectly reasonable idea in other cases, as long
     as you take the time to consider the risks."
Another thread mentioned that Xorg no longer listens on 6000
for some reason. Who knows what it's really doing right now :-)
Xorg is probably mining bitcoins :-)
Nobody needs DISPLAY=:63, so really such a large block is a waste.
I think I used DISPLAY=:1 or :2 or so, but that was it. I played
with XMX at one time. Hard to remember the details now.
    Paul
s
Thanks for that, and there are no X11 ports is not open on the same 3
ubuntu systems I have.
Is there something to install or whatever to show open x11 ports.
You could use a "port scanner" on your LAN.
https://www.binarytides.com/top-port-scanners-on-ubuntu-linux/
Port scanning from the Internet side (WAN), tells you
mostly about what your router looks like. If a port
is port-forwarded by the router, then such a port might
be visible to a WAN scan.
Routers have anti-scan and anti-hammer behaviors. If your
router has an SMTP log it sends to one of your machines,
you will sometimes see a message in the log that a
"suspicious pattern" was seen, and the router discarded
N of the packets as a result. This in fact prevents
Gibsons Shields-Up from doing valid scans, at least
it did at some point in the past.
Whereas individual computers may not have the same anti-features
that your router has got. The router can't stop all suspicious
stuff (Google 1E100 scanning you), but it does enough stuff to
invalidate stealth scans done from the outside. The scan must
be slowed down, the port scan order randomized, to "lull the
router back to sleep".
   Paul
Just to let you know, I have it solved now.
I bought a new ESP32 and flashed it with a new binary file, after that
it connected to wifi no problem.

Thanks

Jonathan N. Little
2020-12-11 20:23:24 UTC
Permalink
Post by RobH
Post by Chris Elvidge
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
It is my understanding that if nothing is listening on a port, the
port will not show as open. I may be wrong <g>.
ok, yes I would agree with that, so how do actually open the port.
Your server 192.168.0.40 will not show an open port unless you have some
service listen on that port regardless of your firewall. You can use
ncat to test this

On your server 192.168.0.40 in a terminal run command:
sudo ncat --listen 6053

Now on a client, some other system on your 192.168.0.0 network open a
terminal window and scan with ncat

sudo nmap -sT -p- 192.168.0.40

or if you just want to check that specific port

sudo nmap -sT -p6053 192.168.0.40

to terminate the service on the server, just use CTRL+C
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
RobH
2020-12-11 20:31:38 UTC
Permalink
Post by Jonathan N. Little
sudo ncat --listen 6053
OK when you say run it on the server, do you mean my NAS server or some
other PC.
Jonathan N. Little
2020-12-12 00:03:17 UTC
Permalink
Post by RobH
Post by Jonathan N. Little
sudo ncat --listen 6053
OK when you say run it on the server, do you mean my NAS server or some
other PC.
*server*, *client*, refers to the *roles* for each computer in the
scenario.

If the NAS is the computer at 192.168.0.40 and which is the computer you
want to test if the port 6053 is open then YES it is the server. It is
on that computer (the NAS) that you need to run the above command to
create a dummy service which will listen on that 6053 port so that you
can test from another computer on your LAN, the client, where you run
the command:

sudo nmap -sT -p- 192.168.0.40

to show that the port is open.
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Melzzzzz
2020-12-12 19:22:22 UTC
Permalink
Post by Chris Elvidge
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
It is my understanding that if nothing is listening on a port, the port
will not show as open. I may be wrong <g>.
You are right. Port that is not filtered will show closed, if nothing
listens to.
--
current job title: senior software engineer
skills: c++,c,rust,go,nim,haskell...

press any key to continue or any other to quit...
U ničemu ja ne uživam kao u svom statusu INVALIDA -- Zli Zec
Svi smo svedoci - oko 3 godine intenzivne propagande je dovoljno da jedan narod poludi -- Zli Zec
Na divljem zapadu i nije bilo tako puno nasilja, upravo zato jer su svi
bili naoruzani. -- Mladen Gogala
Henry Crun
2020-12-11 16:52:17 UTC
Permalink
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
this opens port 6053 for input *from* 192.168.0.40
^^^^^^
As I undertand it you want to accept input from anywhere *to* 192.168.0.40
^^^^
Post by Chris Elvidge
Post by RobH
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
--
Mike R.
Home: http://alpha.mike-r.com/
QOTD: http://alpha.mike-r.com/qotd.php
No Micro$oft products were used in the URLs above, or in preparing this message.
Recommended reading: http://www.catb.org/~esr/faqs/smart-questions.html#before
and: http://alpha.mike-r.com/jargon/T/top-post.html
Missile address: N31.7624/E34.9691
RobH
2020-12-11 16:56:27 UTC
Permalink
Post by Henry Crun
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
this opens port 6053 for input *from* 192.168.0.40
                              ^^^^^^
As I undertand it you want to accept input from anywhere *to* 192.168.0.40
The ESP32 device wants to connect to wifi using this ip address and port
number
192.168.0.4: 6053
Post by Henry Crun
                                                         ^^^^
Post by Chris Elvidge
Post by RobH
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
Henry Crun
2020-12-11 17:01:04 UTC
Permalink
Post by Henry Crun
Post by Chris Elvidge
Post by RobH
I am using this to open port 6053 on 192.168.0.40
sudo iptables -A INPUT -p tcp --dport 6053 -s 192.168.0.40 -j ACCEPT
this opens port 6053 for input *from* 192.168.0.40
                              ^^^^^^
As I undertand it you want to accept input from anywhere *to* 192.168.0.40
IGNORE!! I didn't see the "dport"
My bad.
Mike
Post by Henry Crun
                                                         ^^^^
Post by Chris Elvidge
Post by RobH
Then when I do this
nmap -p T:5000-7000 192.168.0.40
Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 13:03 GMT
Nmap scan report for 192.168.0.40
Host is up (0.0018s latency).
All 2001 scanned ports on 192.168.0.40 are closed
Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds
It says all ports are closed, so how do I open up port 6053 on 192.168.0.40.
Thanks
Do you have anything listening on 192.168.0.40:6053?
sudo netstat -tunlp
No there isn't anything listening on 192.168.0.40:6053.
--
Mike R.
Home: http://alpha.mike-r.com/
QOTD: http://alpha.mike-r.com/qotd.php
No Micro$oft products were used in the URLs above, or in preparing this message.
Recommended reading: http://www.catb.org/~esr/faqs/smart-questions.html#before
and: http://alpha.mike-r.com/jargon/T/top-post.html
Missile address: N31.7624/E34.9691
Continue reading on narkive:
Loading...