Help with Port Stuff

[rloaderro]

Hi- This is my problem. I am trying to connect shockwave to a java app running on our ISP on port 35005. I have never had a problem before. However about ~1 year ago the company I work for upgraded their LAN from Windows -> Linux and since then I have not been able to connect with the java.

I am probably mixing the technical stuff around so I hope this makes sense.

If I open the shockwave in safari it cannot communicate with the java. The shockwave initiates the communication but the server - from the logs - never receives anything. That means the data never leaves my computer. The new sysadmin swears he has re-opened all the ports on the LAN - or proxy or firewall, whichever it is - and the confusing thing is that other computers on the network here have no problem running the shockwave and communicating with the java.

That leaves me wondering if maybe with some osx upgrade or security patch that followed sometime in the past year that has closed the port and that is the problem now. I have run network utility and of course port 35005 is not open - but why would it be, and does that necessarily mean that it wouldn't be opened when the shockwave was running?

I still am not sure whether the problem lies on my computer specifically - ie the data from the shockwave is refused _leaving_ my computer on port 35005?! - or if it's getting cut off at our LAN (firewall, proxy or whichever)?! eitherway it's not reaching the server when the shockwave is run on my computer specifically.

SO - how the heck do i test for this? how can i open ports - or force open ports via root - or otherwise know at exactly which point along the chain the data is getting stopped?! from my perspective running the shockwave it's as if the java is completely dead - no response at all, and like i said the data never even reaches the server - but on another PC in the office it works just fine!?

Please PLEASE help. This is my setup if it helps.

G4 running Mac OS X 10.3.8
DSL connection via Ethernet LAN with Proxy Server
LAN is running Debian something or other

Other than that i've opened up FTP sharing because that appears to involve ports 1024-65535 but that hasn't affected anything. Thanks again!

 

[profx]

when you connect to a service on whatever port, it does not mean that the data is flowing in or out of your machine on that port. It is simply the port on which the server is listening to at the other end. You do not need to open any ports. When a tcp connection is made a random port is selected on your machine to communicate out of. Also most firewalls only block incoming connections, you are making an outbound connection.

A simple test would be to try and open a telnet connection to the host you are trying to reach. Obviously you wont be able to get any data down, just prove that the connection CAN be made.

Open terminal (/Applications/Utilities) and type

telnet xxx.xxx.xxx.xxx 35005

Replace the xs with the ip of your server. Note the spaces above. If a connection can be made you will get somethiing like this:

Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx.
Escape character is '^]'.

this means the connection has been made.
type control+"]" to close connection then thpe exit. This will return you to the command prompt. If this works then there is a problem with the flash program

if you get something like this then you have a network problem:

Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: Operation timed out
telnet: Unable to connect to remote host

either the port is blocked or there is no server on that port.

 

[rloaderro]

Thanks for helping!

when you connect to a service on whatever port, it does not mean that the data is flowing in or out of your machine on that port. It is simply the port on which the server is listening to at the other end. You do not need to open any ports. When a tcp connection is made a random port is selected on your machine to communicate out of. Also most firewalls only block incoming connections, you are making an outbound connection.

That's exactly what I thought. There is a command in the shockwave like this:

connectToNetServer("*", "*", "xx.xx.xx.xx", 35005, "*", 1)

And since I know the java is configured to listen in on that port I guess I foolishly assumed the communication was occuring there like come kind of private line.

Anyway, I tried your suggestion. I know the ISP has disabled telnet so I used ssh - hopefully that shouldn't make a difference. I know as well I can always use ssh to login to our domain (ip) - where the java is. This for example works:

ssh xx.xx.xx.xx

However, when I tried logging specifically into port 35005:

ssh xx.xx.xx.xx -p 35005

I got:

port 35005: Connection refused

So does that mean my ISP is refusing me - coming from within our LAN?! - to access on that port or that is the LAN itself refusing my attempt to connect to another service on that port?? I guess we can assume it's not an outgoing problem from my machine from what you say - however why would our ISP be refusing me and not another computer (another of the PC's in the office) coming from basically the same ip?

Thanks again for your help so far!

 

[rloaderro]

I'm sorry - this was rather obvious

If i try connecting to *anything* be it:

ssh 1.1.1.1 -p 35005

I get:

ssh: connect to host 1.1.1.1 port 35005: Connection refused

However this is not an outgoing problem from my machine for _sure_ ?! Cause then I can start yelling at the sysadmin. I'm assuming, of course, it is possible to close ports completely - even outgoing - then...

 

[profx]

telnet is a very generic program, able to connect via tcp to any port. Traditional "telnet" runs on a specific port - port 23. Telnet should work. Your ISP may have blocked port 23, but telnetting to another port will work.

To prove my point try "telnet www.macosx.com 80", this will connect to the webserver this site is hosted on, just like your webbrowser. You should get a similar result to the one i gave in my first example.

Try it on another machine that you know works. SSH will not get the result you want as it will try an establish a secure connection - which it wont be able to do.