Infrastructure
  1. Infrastructure
  2. INFRA-4729

Some tcp ports of the James jails server have been closed

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Fix Version/s: Initial Clearing
    • Component/s: None
    • Labels:
      None

      Description

      Hello
      We use our james jails server for:

      1.- James Hupa (webmail) demoing which requires the port 80 being available from Internet, and also it needs to access to the Internet (ports 25, 143, 465, 993).
      2.- James Server tests, which needs that smtp, jmx, pop, and imap ports being opened.

      It seems that there were recently changes which made those ports not being available any more.

      Could you revert those changes or open those ports:

      Internet -> james : 80, 443, 25, 110, 143, 465, 993, 9999
      james -> Intenet: 80, 443, 25, 110, 143, 465, 993

      Thanks


        Activity

        Hide
        Manuel Carrasco Moñino added a comment -
        Yes it works all right.

        Thanks
        - Manolo
        Show
        Manuel Carrasco Moñino added a comment - Yes it works all right. Thanks - Manolo
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> never mind last question -- try now please, should be fixed
        Show
        #asfinfra IRC Bot added a comment - <danielsh> never mind last question -- try now please, should be fixed
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> what user does jetty run as?
        Show
        #asfinfra IRC Bot added a comment - <danielsh> what user does jetty run as?
        Hide
        Manuel Carrasco Moñino added a comment -
        It seems everything works now, but there is a new issue related with the closed ports.

        For some reason jetty takes so long to start: more than 1 minute instead of a couple of seconds like it used to take.

        This delay makes our integration test take so long than it makes impossible to run them.

        I have not investigated about what jetty does before start listening, but what I have seen is that it tries to connect over itself via an high tcp port.

        Before starting jetty the netstat -an command reports [1], while jetty was starting the same command reports [2], and after 2 minutes jetty starts listenning and the output is [3]. The listening port in [2] is different each time but it seems a random number over 1024.

        If I try to connect via telnet from the jails server to any port of itself (apart from the list you opened) the connection never opens nor is refused because of firewalling filtering and the timeout lasts a couple of minutes.

        I think this could be fixed either opening connections from the jail to ports greater than 1024, or opening all outgoing connections, or refusing instead of dropping them.

        Thanks
        - Manolo

        --------------- [1] ---------------
        [manolo@james ~]$ netstat -an
        netstat: kvm not available: /dev/mem: No such file or directory
        Active Internet connections (including servers)
        Proto Recv-Q Send-Q Local Address Foreign Address (state)
        tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED
        tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED
        tcp4 0 0 140.211.11.81.25 *.* LISTEN
        tcp4 0 0 140.211.11.81.22 *.* LISTEN

        --------------- [2] ---------------
        [manolo@james ~]$ netstat -an
        netstat: kvm not available: /dev/mem: No such file or directory
        Active Internet connections (including servers)
        Proto Recv-Q Send-Q Local Address Foreign Address (state)
        tcp4 0 0 140.211.11.81.58987 140.211.11.81.30270 SYN_SENT
        tcp4 0 0 140.211.11.81.30270 *.* LISTEN
        tcp4 0 0 *.* *.* CLOSED
        tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED
        tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED
        tcp4 0 0 140.211.11.81.25 *.* LISTEN
        tcp4 0 0 140.211.11.81.22 *.* LISTEN

        --------------- [3] ---------------
        [manolo@james ~]$ netstat -an
        netstat: kvm not available: /dev/mem: No such file or directory
        Active Internet connections (including servers)
        Proto Recv-Q Send-Q Local Address Foreign Address (state)
        tcp4 0 0 140.211.11.81.80 *.* LISTEN
        tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED
        tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED
        tcp4 0 0 140.211.11.81.25 *.* LISTEN
        tcp4 0 0 140.211.11.81.22 *.* LISTEN


        Show
        Manuel Carrasco Moñino added a comment - It seems everything works now, but there is a new issue related with the closed ports. For some reason jetty takes so long to start: more than 1 minute instead of a couple of seconds like it used to take. This delay makes our integration test take so long than it makes impossible to run them. I have not investigated about what jetty does before start listening, but what I have seen is that it tries to connect over itself via an high tcp port. Before starting jetty the netstat -an command reports [1], while jetty was starting the same command reports [2], and after 2 minutes jetty starts listenning and the output is [3]. The listening port in [2] is different each time but it seems a random number over 1024. If I try to connect via telnet from the jails server to any port of itself (apart from the list you opened) the connection never opens nor is refused because of firewalling filtering and the timeout lasts a couple of minutes. I think this could be fixed either opening connections from the jail to ports greater than 1024, or opening all outgoing connections, or refusing instead of dropping them. Thanks - Manolo --------------- [1] --------------- [ manolo@james ~]$ netstat -an netstat: kvm not available: /dev/mem: No such file or directory Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED tcp4 0 0 140.211.11.81.25 *.* LISTEN tcp4 0 0 140.211.11.81.22 *.* LISTEN --------------- [2] --------------- [ manolo@james ~]$ netstat -an netstat: kvm not available: /dev/mem: No such file or directory Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 140.211.11.81.58987 140.211.11.81.30270 SYN_SENT tcp4 0 0 140.211.11.81.30270 *.* LISTEN tcp4 0 0 *.* *.* CLOSED tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED tcp4 0 0 140.211.11.81.25 *.* LISTEN tcp4 0 0 140.211.11.81.22 *.* LISTEN --------------- [3] --------------- [ manolo@james ~]$ netstat -an netstat: kvm not available: /dev/mem: No such file or directory Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 140.211.11.81.80 *.* LISTEN tcp4 0 160 140.211.11.81.22 188.78.182.215.53275 ESTABLISHED tcp4 0 0 140.211.11.81.22 188.78.182.215.52633 ESTABLISHED tcp4 0 0 140.211.11.81.25 *.* LISTEN tcp4 0 0 140.211.11.81.22 *.* LISTEN
        Hide
        #asfinfra IRC Bot added a comment -
        <danielsh> all done. I threw in 995 too. reopen if you need anything else
        Show
        #asfinfra IRC Bot added a comment - <danielsh> all done. I threw in 995 too. reopen if you need anything else

          People

          • Assignee:
            Unassigned
            Reporter:
            Manuel Carrasco Moñino
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development