How can you test access to IRIS running on 1972 from Linux?

Question

Question

Ben Spead · Mar 17, 2023

#Key Question #System Administration #InterSystems IRIS

We're looking to create a quick and simple test to see if all firewalls are open on 1972 between a linux based web server VM and a VM running InterSystems IRIS. Does anyone have any ideas for a quick command that can be run from UNIX console that will provide confirmation that traffic is able to get to 1972 on an IRIS machine?

BTW - I don't think it makes any difference but the IRIS machine is running Windows

Product version: IRIS 2022.1

Discussion (19)3

Log in or sign up to continue

Guillaume Rongier · Mar 17, 2023

nc -z -v localhost 1972

Use netcat, it will tell you if the port is open, if not then it's may be because superserver is not ready

3 0

Ben Spead · Mar 17, 2023

Thanks @Guillaume Rongier ! That works great. FYI ... we can see the request attempt on the IRIS side with a Description = "%Service_SuperServer login failure", noting the IP Address of your Linux web server, and Event Data which mentions "Error message: ERROR #949: Unable to get full header of message within timeout"

0 0

Jeffrey Drumm · Mar 18, 2023

For those that use Interoperability/HealthConnect, nc/netcat is also an excellent tool for verifying that remote ports are accessible for HL7 MLLP, HTTP or other protocols that require a TCP socket client connection.

And while this thread is specifically for Unix/Linux, there's a Windows PowerShell analogue named Test-NetConnection (alias tnc) that provides a subset of nc's features.

0 0

Roger Merchberger · Mar 17, 2023

One option would just be a straight telnet session (swap 10.10.10.10 with the IP address of your system):

telnet 10.10.10.10 1972

If the port is closed, you should get the error: "telnet: Unable to connect to remote host: Connection refused" - but if successful you should get the "Connected to 10.10.10.10" you'll know it's open. To exit, type <CTRL>] for a telnet prompt, then type 'quit'.

Hope this helps!

0 0

Timo Lindenschmid · Mar 20, 2023

as an alternative you could use to standard traceroute

traceroute -n -T -m 5 -q 1 -p 80 hostname.local

-p portnumber

-T use TCP syn for connects

-m max TTL to test

If it succeeds it will return all IPs if the IP is not reachable it will only report *.
If the port is blocked it will return somethink like

1 192.168.1.198 0.411 ms !X

Where !X means admin prohibited.

1 0

score 0 · Answer 1 · 2023-03-17T10:24:35-04:00

Robert Cemper · Mar 17, 2023

ODBC/JDBC QUERY tools connect to 1972
no Idea which runs on Linux

0 0

score 0 · Answer 2 · 2023-03-17T11:35:12-04:00

Another idea:
Just to see that the port is open and you are on IRIS you may try to access
over ODBC/JDBC gateway any table in %SYS

score 0 · Answer 3 · 2023-03-17T11:51:58-04:00

Robert Cemper · Mar 17, 2023

or use IRIS Native API for ObjectScript

0 0

score 0 · Answer 4 · 2023-03-17T13:07:31-04:00

Thanks for the ideas @Robert Cemper , but I was looking for something dead-simple at the UNIX level, and nc does the trick :)

score 0 · Answer 5 · 2023-03-17T12:01:38-04:00

Rich Pieri · Mar 17, 2023

This is what we needed. Thank you.

0 0

score 0 · Answer 6 · 2024-07-09T05:41:49-04:00

Any idea how to hide these health check logs in the audit events, so only 'real' login failure attempts are shown ?

score 0 · Answer 7 · 2024-07-09T07:54:28-04:00

instead of using nc, which will not be able to send a full header, you could use my tool iscctl, which will connect, only if the server is available, and it will be logged in correctly. let me know if you would need some updates in the tool

score 0 · Answer 8 · 2023-03-17T17:20:05-04:00

Thanks! I confirmed that this will work on older Linux machines, but it won't work for our example as RHEL 9 removes Telnet from the distribution since it is unencrypted (at least that is what I was told). But for people UNIX machines which have Telnet installed it looks like this is a great option!

score 0 · Answer 9 · 2023-03-17T17:25:05-04:00

Rich Pieri · Mar 17, 2023

deleted

0 0

score 0 · Answer 10 · 2023-03-17T17:25:34-04:00

This is what I historically would have done but telnet no longer exists. RHEL 8 deprecated all of the insecure communications tools like telnet and ftp, and RHEL 9 removes them. So, no telnet. While this would have been an option on RHEL 7, lack of a modern OpenSSL library on RHEL 7 makes it unsuitable for our needs.

score 0 · Answer 11 · 2023-03-17T15:28:14-04:00

Dmitry Maslennikov · Mar 17, 2023

I have tool for it, but it requires full authorization

https://github.com/caretdev/iscctl

0 0

score 0 · Answer 12 · 2023-03-17T16:35:51-04:00

Ben Spead · Mar 17, 2023

thank for the additional idea!

0 0

score 0 · Answer 13 · 2023-03-18T03:32:44-04:00

Evgeny Shvarov · Mar 18, 2023

Cool! Do you want to publish it on OEX? Please?

0 0

score 0 · Answer 14 · 2023-04-09T08:03:52-04:00

Developer Commu... · Apr 9, 2023

💡 This question is considered a Key Question. More details here.

0 0