I have two servers. The program on the first needs to communicate with the second on port 2194.
I know its not working, because when I do:
root@server1 [~]# telnet myserver2.com 2194
Trying 123.123.123.98...
telnet: connect to address 123.123.123.98: Connection timed out
telnet: Unable to connect to remote host: Connection timed out
server1# iptables -L -n
Chain INPUT (policy DROP)
...
...
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
...
Chain LOCALINPUT (1 references)
target prot opt source destination
...
Chain LOCALOUTPUT (1 references)
target prot opt source destination
...
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
To allow outgoing connections from server1 to server2 on TCP port 2194, use this on server1:
To allow incoming connections from server1 to server2 on TCP port 2194, use this on server2:
Just a few pointers
Is the service you are running listening only on localhost? Run
If you see a line like
0.0.0.0:2194then you are ok. If you see127.0.0.1:2194then you are listening only on local connections (or:::2194and::1:2194respectively for IPv6 addresses, shown astcp6lines).What are the current iptables rules?
Is the policy DROP/REJECT (if it isn't it should be, for all chains)? Is there a specific rule for the port you need?
If it is a firewall issue, then a either modifying the offending rule or adding a rule like
should do the trick (untested)
=== EDIT ===
To test network issue a good tool is
tcpdump. Run it on both servers while trying to connect and see where the packets are going. e.g. on server 1 run:and on server 2 run:
Then try to connect. You should see all TCP packets dumped on the screen, from the source and destination. With this info you should be able to pinpoint where is the issue.