Bug 166443

Summary:	/etc/services missing entries for (at least) port 51 and port 5353
Product:	[Fedora] Fedora	Reporter:	John Ellson <john.ellson>
Component:	setup	Assignee:	Phil Knirsch <pknirsch>
Status:	CLOSED RAWHIDE	QA Contact:	David Lawrence <dkl>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	rvokal
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-01-31 13:05:49 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description John Ellson 2005-08-21 16:02:00 UTC

Description of problem:
Some package has opened ports 51 and 5353 in /etc/sysconfig/iptables.
I wanted to know what these were, but they are not listed in /etc/services.

Version-Release number of selected component (if applicable):
setup-2.5.46-1


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:
1) All ports opened in iptables should be listed in /etc/services.
2) No port should be allowed to be open in /etc/sysconfig/iptables unless
it is listed in /etc/services.

Additional info:

Comment 1 Phil Knirsch 2006-01-24 19:50:14 UTC

I've created and hugely updated /etc/services which contains almost all know
officiall services from IANA.

It can be found here:

http://people.redhat.com/pknirsch/services

Please give it a try and tell me if it works properly now.

Thanks,

Read ya, Phil

Comment 2 John Ellson 2006-01-25 02:36:32 UTC

Thanks for this - it looks like a lot of work.

It now lists 5353 (mdns) but there is still no entry for 51 ?

Do you know if iptables consults this file?   Can I now use these service names
instead of numbers?

Comment 3 John Ellson 2006-01-25 02:47:11 UTC

ssh and ipp (instead of 22 and 631) seem to work OK, but when I changed:
  -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
to:
  -A RH-Firewall-1-INPUT -p re-mail-ck -j ACCEPT

"service iptables restart" reported:

Applying iptables firewall rules: iptables-restore v1.3.4: unknown protocol
`re-mail-ck' specified.

I tried with and without quotes.

Also it complained about "protocol" instead of "service".

Should I bugzilla these against iptables?

Comment 4 John Ellson 2006-01-25 03:14:25 UTC

According to:  http://www.iana.org/assignments/port-numbers
port 51 is:
    la-maint         51/tcp    IMP Logical Address Maintenance
    la-maint         51/udp    IMP Logical Address Maintenance

Comment 5 John Ellson 2006-01-25 03:30:34 UTC

Never mind.  -p is for a protocol from /etc/protocols, not a port from /etc/services

    -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
    -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT

work just fine.  (Makes a lot more sense too.)

There is still a service at port 51 in the IANA list that is not in yours though.

Comment 6 Phil Knirsch 2006-01-25 09:17:19 UTC

Hm, i've just checked, la-maint is in:

604: la-maint        51/tcp                          # IMP Logical Address
Maintenance
605: la-maint        51/udp                          # IMP Logical Address
Maintenance

And a test app finds them nicely:

#include <stdio.h>
#include <netdb.h>

main(int argc, char *argv[])
{
        struct servent *sv;
        int i;

        sv = getservbyname(argv[1], NULL);
        printf("%s:%d/%s\n", sv->s_name, sv->s_port, sv->s_proto);
}

[pknirsch@hamburg test]$ ./getservbyname la-maint
la-maint:13056/tcp

Read ya, Phil

Comment 7 Phil Knirsch 2006-01-31 13:05:49 UTC

Erh, of course, fixed the testcode to do a ntohs() of the s_port, then it
returns the proper and correct result.

Closing bug as RAWHIDE as i'll put the new /etc/services in the official setup
package today.

Read ya, Phil