Need help opening TCP port and now Webmin

I’m trying to open TCP port 1090.

I tried using > Webmin > Networking > Firewalld to add a rule to open port 1090

After reboot, it looks likes UDP/1090 is open, but not TCP/1090

root@love:~# netstat -tunlp | grep 1090
udp 0 0 172.93.48.229:1090 0.0.0.0:* 1567/lokinet

I then tried a firewalld-cmd:

root@love:~# firewall-cmd --zone=public --add-port=1090/tcp --permanent
Warning: ALREADY_ENABLED: 1090:tcp
success

root@love:~# firewall-cmd --reload
Error: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT

Reboot. → still no change.

On a different note (maybe a bug?) just FYI:
I just updated webmin and now Webmin > Networking > Firewalld is stuck on the notice that the Firewalld server needs to be started. I keep up clicking the green button to start Firewalld, but it doesn’t ever progress from there.

Now, I’m not sure if firewalld is totally messed up:

root@love:~# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-05-02 11:07:00 PDT; 37min ago
Docs: man:firewalld(1)
Main PID: 400 (firewalld)
Tasks: 2 (limit: 4915)
Memory: 40.8M
CGroup: /system.slice/firewalld.service
└─400 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

May 02 11:06:56 love.radhify.com systemd[1]: Starting firewalld - dynamic firewall daemon…
May 02 11:07:00 love.radhify.com systemd[1]: Started firewalld - dynamic firewall daemon.
May 02 11:20:05 love.radhify.com firewalld[400]: WARNING: ALREADY_ENABLED: 1090:tcp
May 02 11:20:17 love.radhify.com firewalld[400]: ERROR: ‘/usr/sbin/iptables-restore -w -n’ failed: iptables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
May 02 11:20:17 love.radhify.com firewalld[400]: ERROR: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
May 02 11:20:17 love.radhify.com firewalld[400]: ERROR: ‘/usr/sbin/iptables-restore -w -n’ failed: iptables-restore v1.8.2 (nf_tables): Chain already exists
May 02 11:20:17 love.radhify.com firewalld[400]: ERROR: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables): Chain already exists
May 02 11:20:17 love.radhify.com firewalld[400]: WARNING: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables): Chain already exists
May 02 11:20:17 love.radhify.com firewalld[400]: ERROR: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
root@love:~#

Does anyone have any troubleshooting suggestions on what I need to do to open TCP port 1090?

SYSTEM INFORMATION
OS type and version Debian 10
Virtualmin version 7.0-4

Hi, you shouldn’t open anything below port 1025 the golden rule as those ports below that port are special for system and services

1090 is above 1024, and that’s not really a golden rule, it’s a permissions thing in UNIX going back decades.

Users are not allowed to bind to ports up to 1024 in order to prevent them from squatting on important system services, and were (by default) allowed to start things on high ports because nothing important ran there. That’s a historic convention, and the system administration has always been able to decide what goes on low ports.

Whether an administrator decides to open low ports (or high ports) is entirely up to them.

1 Like

I believe the default firewall we setup already opens the high ports, by default. So, the answer to how to open port 1090 is “do nothing, it’s already open”.

In your case, it kinda looks like one of two things is happening:

  1. What you think the service is doing with port 1090 is not actually what it is doing.
  2. The service is not actually starting.

“Open” port does not mean “listening” port. An open firewall port with no service listening on that port does literally nothing.

@Joe crap I ain’t had my glasses on…seen totally different number. No explanation need it at least for me. Well thanks for letting me know that I was wrong :+1:t2:

1 Like

I’m not sure how to determine if the service is actually doing what it’s supposed to be doing.

In terms of starting, this is the output for the service:

root@love:~# systemctl status lokinet-router
● lokinet-router.service - LokiNET: Anonymous Network layer thingydoo, router
Loaded: loaded (/lib/systemd/system/lokinet-router.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-05-02 11:08:14 PDT; 3h 29min ago
Main PID: 547 (lokinet)
Status: “v0.9.8 snode | known/svc/clients: 1742/27/0 | 0 active paths | block 1049927”
Tasks: 11 (limit: 4915)
Memory: 85.9M
CGroup: /system.slice/lokinet-router.service
└─547 /usr/bin/lokinet -r /var/lib/lokinet/router/lokinet.ini

May 02 14:36:45 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:36:46.721 GMT [+3h29m42.431s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:36:56 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:36:57.020 GMT [+3h29m52.730s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:01 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:02.150 GMT [+3h29m57.860s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:07 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:08.687 GMT [+3h30m04.397s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:16 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:17.679 GMT [+3h30m13.389s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:16 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:17.679 GMT [+3h30m13.389s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:23 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:24.382 GMT [+3h30m20.092s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:31 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:32.181 GMT [+3h30m27.891s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:31 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:32.181 GMT [+3h30m27.891s] …/llarp/router/outbound_session_maker.cpp:63 Session establish
May 02 14:37:46 love.radhify.com lokinet-router[547]: [WRN] 2022-05-02 21:37:47.194 GMT [+3h30m42.904s] …/llarp/router/outbound_session_maker.cpp:63 Session establish

root@love:~#