Unable to open port 30000

[datona]

Has anyone had problems with opening port 30000 to be used with Canada Post's shipping module?
I have the following in my csf.conf file but the port is not opened:

TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,7630,30000"
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,143,443,587,873,2086,2087,2089,2703,3306,7630,19638,30000"
TCP6_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,7630,30000"
TCP6_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703,7630,30000"

[marcele]

Did you restart the firewall with csf -r ? We don't have any issues with Canada post. Also you don't need to add it to UDP only TCP is required.

Check to see if its opened:
# csf --status | grep 30000

[datona]

Yes, I did restart CSF afterwards.
When I ran that command, this is what I got:
csf --status | grep 30000
38 3 180 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:30000
64 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:30000

But when I attempt to perform a port check on 30000, I get closed.

[datona]

I am wondering if there would be a conflict due to passive FTP

[marcele]

I am wondering if there would be a conflict due to passive FTP

Sorry what is the output for?
# csf --grep 30000

[datona]

csf --grep 30000

Chain num pkts bytes target prot opt in out source destination
INPUT 38 7 364 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:30000:35000

OUTPUT 64 2 120 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:30000:35000


ip6tables:

Chain num pkts bytes target prot opt in out source destination
INPUT 28 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpts:30000:35000

OUTPUT 52 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpts:30000:35000

[marcele]

The ports are open correctly on the firewall. See if you can connect manually using openssl:
# openssl s_client -connect sellonline.canadapost.ca:30000

You should get a CONNECTED(00000003) if it is working correctly.

[datona]

Yes, when I run that command, I get the following:

# openssl s_client -connect sellonline.canadapost.ca:30000
CONNECTED(00000003)
140116112373576:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

[marcele]

Then your issue has nothing to do with the firewall. You wouldn't be able to connect if the port was getting blocked. The firewall is working correctly.