How to open ports?

Is this a serious question? You want us to guess which firewall you are using, which protocol you mean, and in which direction the port needs to be opened?
 
Which of the three default firewalls that come with FreeBSD, none of which use /home, do you mean?
 
Port 2222 isn't normally used for web (http) services. I know of two hosting companies that use it for SFTP/SSH access, and I don't think that your browser will work for that.

Also run # kldstat and see if you have pf.ko or ipfw.ko loaded. If not, you're probably not running a firewall on your machine unless you customized and recompiled the kernel already.
 
See if something is actually listening on port 2222, using [cmd=]netstat -an | grep 2222[/cmd] or [cmd=]sockstat -L4p 2222[/cmd].
 
Please, RTFM before you kill yourself...

Provided you were capable enough to install a kernel with the following:

Code:
options         IPFILTER                # Enable IPFilter
options         IPFILTER_LOG            # ... and IPFilter logging


You could use vi to edit /etc/ipf.rules with:

Code:
pass in log quick from any to any keep state

Or you could use something more definitive like:

Code:
pass in quick on em0 proto tcp from any to any port = 2222 flags S/SA keep state

provided your network interface is "em0".

I'd recommend taking the time to google as much as you can about what you're trying to accomplish, otherwise you won't really learn anything aside of how to let someone else do it for you.

Good Luck.
 
Hi,

After:
tcptraceroute myhost 3000

Selected device lo0, address 10.0.xx.xx, port 34863 for outgoing packets
Code:
Tracing the path to myhost (10.0.xx.xx) on TCP port 3000, 30 hops max
 1  * 10.0.xx.xx [closed] -3007.990 ms *

sudo kldstat
Id Refs Address            Size     Name
 1    3 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82219000 2c0b5    vboxguest.ko
Any idea how to unblock port 3000?

Thanks.
Johan
 
Is there anything actually listening on that port? If there is no service listening on that port the port will always be closed.
 
Is there anything actually listening on that port? If there is no service listening on that port the port will always be closed.
Hi SirDice,

Thanks for reaching out.
Code:
[git@myhost ~]$ tcptraceroute myhost 3000

Selected device lo0, address 10.0.xx.xx, port 60726 for outgoing packets
Tracing the path to myhost (10.0.xx.xx) on TCP port 3000, 30 hops max
 1  * 10.0.xx.xx [closed] -3036.291 ms *

[git@myhost ~]$ sudo kldstat

Id Refs Address            Size     Name
 1    3 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82219000 2c0b5    vboxguest.ko

[git@myhost ~]$ ps -aux | grep gitea
root   667   0.0  0.1  10468  2152  -  Is   19:56     0:00.00 daemon: gitea[669] (daemon)
git    669   0.0  1.0  60104 42068  -  I    19:56     0:02.50 /usr/local/sbin/gitea web
git   1738   0.0  0.0    412   328  0  R+   01:39     0:00.00 grep gitea

[git@myhost ~]$ netstat -an | grep 3000
tcp4       0      0 127.0.0.1.3000         *.*                    LISTEN

[git@myhost ~]$ sockstat -L4p 3000
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS   

[git@myhost ~]$ sudo service gitea status
gitea is running as pid 669.


I'm successful at:
[git@myhost ~]$ lynx myhost:3000

but not
[client@otherhost ~]$ lynx myhost:3000

:-(

btw this otherhost is the host os from where i ssh to the guest box, it's on a sierra macos box
also i'm able to google.com from the guest box.
Code:
[git@myhost ~]$ ping -c 1 www.google.com

PING www.google.com (74.125.204.147): 56 data bytes
64 bytes from 74.125.204.147: icmp_seq=0 ttl=39 time=71.088 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 71.088/71.088/71.088/0.000 ms
 
The fact that vboxguest.ko exists in the kldstat output leads me to believe that you are running this inside VirtualBox. If true, you will either have to set VirtualBox networking to "bridged" or set up port forwarding in the VirtualBox guest settings. This is probably a NAT issue, not a firewall issue.
 
The fact that vboxguest.ko exists in the kldstat output leads me to believe that you are running this inside VirtualBox. If true, you will either have to set VirtualBox networking to "bridged" or set up port forwarding in the VirtualBox guest settings. This is probably a NAT issue, not a firewall issue.
Hi Herrbischoff,

Yes, myhost is a guest virtualbox,
I'm already using bridged setup, and it can connect to google.com on port 80.
Could you point me the way to troubleshoot it?

Best Regards,
Johan
 

Attachments

  • bridged.png
    bridged.png
    150.7 KB · Views: 942
If it's already bridged, the guest should have received an IP address from your network. This should expose all running services on this IP, as kldstat shows you're not running a firewall. Therefore the basic setup appears to be correct. Try using the IP address instead of the hostname to find out if it's a DNS lookup issue. Also, try if you can telnet to the guest:

Code:
telnet your.guest.ip.address 3000
 
If it's already bridged, the guest should have received an IP address from your network. This should expose all running services on this IP, as kldstat shows you're not running a firewall. Therefore the basic setup appears to be correct. Try using the IP address instead of the hostname to find out if it's a DNS lookup issue. Also, try if you can telnet to the guest:

Code:
telnet your.guest.ip.address 3000

Here's the output:
Code:
client@otherhost:~$ telnet myhost 3000
Trying 10.0.xx.xx...
telnet: connect to address 10.0.xx.xx: Connection refused
telnet: Unable to connect to remote host
------------------------------------------------------------------------------------------------------------- 10:42:26
client@otherhost:~$ telnet myhost 22
Trying 10.0.xx.xx...
Connected to myhost.
Escape character is '^]'.
You are not welcome to use sshd from otherhost.
Connection closed by foreign host.
------------------------------------------------------------------------------------------------------------- 10:42:35
 
Looking again at the netstat output you posted, I suspect the service you are running on port 3000 is binding to 127.0.0.1 (localhost). You will have to configure it to bind to 0.0.0.0 (entire IPv4 address pool) or the guests' IP address to make it externally accessible.
 
Looking again at the netstat output you posted, I suspect the service you are running on port 3000 is binding to 127.0.0.1 (localhost). You will have to configure it to bind to 0.0.0.0 (entire IPv4 address pool) or the guests' IP address to make it externally accessible.
Hi herrbischoff,

Thanks for the clue,
So I changed the app.ini so that it would not use 127.0.0.1 but rather 0.0.0.0
and it's workiing now.
 
Back
Top