FreeBSD List / Display Open Ports With sockstat Command

Posted on in Categories FreeBSD, Hardware, Howto, Monitoring, Networking last updated February 8, 2008

You can use traditional netstat / lsof command to lists open Internet or UNIX domain sockets on FreeBSD. FreeBSD comes with a simple and easy to use command called sockstat.
The -4 option only displays IPv4 sockets.

The -6 option only displays IPv6 sockets.

The -c option only displays connected sockets.

The -l option only displays listening sockets (open port).

For example, display IPv4 related open ports, enter:
# sockstat -4 -l
Output:

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     sendmail   653   3  tcp4   127.0.0.1:25          *:*
root     sshd       647   3  tcp4   10.20.110.2:22        *:*
root     ntpd       616   4  udp4   *:123                 *:*

Here the equivalent of netstat:
$ netstat -nat | grep LISTEN
For information read sockstat command man page:
$ man sockstat

Linux Iptables open Bittorrent tcp ports 6881 to 6889

Posted on in Categories CentOS, Debian Linux, Howto, Iptables, Linux, Linux desktop, Networking, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Ubuntu Linux last updated January 8, 2008

I already wrote about Linux command line bittorrent client. However, I received few more queries regarding firewall issues. Basically you need to open ports using iptables.

Bittorrent client by default uses tcp 6881 to 6889 ports only. In order to work with Bittorrent client you need to open these ports on firewall. Remember, if you are behind a firewall (hardware or software) you need to enable port forwarding to internal systems.

Scenario # 1: Windows or Linux desktop behind router firewall

Internet ->     Hardware Router    -> Your Linux Desktop
          with port forwarding          Client
              enabled

You have router (ADSL/DSL/Cable modem+router) and you have already enabled port forwarding on router (open web browser > Open router web admin interface > Find port forwarding > Enable port forwarding for bittorent protocol). You also need to open port using following iptables rules on Linux desktop (open TCP port 6881 to 6999):

iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 6881:6999 -j ACCEPT

Here is a complete sample firewall script:

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#allow bittorent incomming client request
iptables -A INPUT -p tcp --destination-port 6881:6999 -j ACCEPT

#Uncomment below to allow sshd incoming client request
#iptables -A INPUT -p tcp -dport 22 -j ACCEPT

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

Scenario # 2

Internet -> Linux computer Router  ->  Your Linux Desktop
         with port forwarding      OR Windows XP client
         enabled using IPTABLES       IP:192.168.1.2
           IP:192.168.1.254

Here you are using a Linux as software firewall and iptables as your NAT (firewall) for internal network (192.168.1.2). You need to enable port forwarding to a internal Linux desktop (may be Windows XP desktop) for BitTorrent client system. Add following two line of code to your existing NAT firewall script.

iptables -t nat -A PREROUTING -p tcp --dport 6881:6889
-j DNAT --to-destination 192.168.1.2

iptables -A FORWARD -s 192.168.1.2 -p tcp --dport 6881:6889
-j ACCEPT

Related: Linux Command line BitTorrent client