0

I have an Ubuntu machine, and I've been trying to set up Munin on port 4949. I have it running, and I can connect to port 4949 from the local machine, but connections from external machines keep timing out. I've already set allow ^.*$ in the configuration, so it shouldn't refuse any connections.

If I run lsof I get:

deployer@rc:~$ sudo lsof | grep munin
/usr/sbin 31863       root    2w      REG              202,1     78531     189176 /var/log/munin/munin-node.log
/usr/sbin 31863       root    3r      REG              202,1      6778     591661 /usr/sbin/munin-node
/usr/sbin 31863       root    4w      REG              202,1     78531     189176 /var/log/munin/munin-node.log
/usr/sbin 31863       root    5u     IPv6           42450001       0t0        TCP *:munin (LISTEN)

I can't tell if it's a firewall issue or not. How can I tell if inbound connections are successfully reaching port 4949?

Chris B.
  • 337
  • 1
  • 8
  • 18

2 Answers2

1

Since you're on Ubuntu, you likely have ufw installed to manage your firewall. What's the output of

sudo ufw status

If you need to add a rule to allow inbound to TCP port 4949, you can do so with the following: 

sudo ufw allow proto tcp from 192.168.0.0/24 to 192.168.0.1 port 4949

You can also check to see what interfaces you're listening on with 

sudo netstat -tanp

Also, nmap is a great tool to check from another machine what ports are open, but if it's not a LAN setup you need to be careful scanning a public IP.

nedm
  • 5,630
  • 5
  • 32
  • 52
  • This is running in the cloud, so Rackspace is running the firewall. ufw is inactive. – Chris B. Jan 11 '13 at 21:12
  • Ah, I see -- what's the netstat output? How do you open or close ports, or otherwise manage the firewall? – nedm Jan 11 '13 at 21:14
  • When we need to open and close ports, we call them on the phone and put in a support request. They claim they can see packets hitting the machine, but since Munin isn't responding I don't necessarily believe them, and was trying to verify. – Chris B. Jan 11 '13 at 21:27
  • OK, so does netstat list the port? Your lsof output shows it listening on IPv6, does it have an IPv4 address assigned as well or only IPv6? – nedm Jan 11 '13 at 21:32
  • The only listing for munin in netstat is `tcp6 0 0 :::4949 :::* LISTEN 31863/munin-node` – Chris B. Jan 11 '13 at 21:38
  • Looks fine -- to check the firewall issue, can you telnet to the port from a remote system? – nedm Jan 11 '13 at 21:47
  • No. It times out. – Chris B. Jan 11 '13 at 21:48
  • Tends to sound like a firewall issue to me then. You could try running tcpdump on the host while you try to connect via telnet from the remote system, and seeing what comes through. Give that info to your hosting if nothing appears to even be hitting the server. Only other option would be that the port is being blocked on the client side. – nedm Jan 11 '13 at 22:08
0

This will show what daemons are listening on what ports.

# lsof | grep TCP | grep LISTEN

You'll want to see *:4949 to confirm that Munin is bound on all interfaces.

Joel K
  • 5,853
  • 2
  • 30
  • 34