Question
Ben Spead · Mar 17

How can you test access to IRIS running on 1972 from Linux?

We're looking to create a quick and simple test to see if all firewalls are open on 1972 between a linux based web server VM and a VM running InterSystems IRIS.  Does anyone have any ideas for a quick command that can be run from UNIX console that will provide confirmation that traffic is able to get to 1972 on an IRIS machine?

BTW - I don't think it makes any difference but the IRIS machine is running Windows

Product version: IRIS 2022.1
0
0 191
Discussion (16)4
Log in or sign up to continue

ODBC/JDBC QUERY tools connect to 1972
no Idea which runs on Linux

Another idea:
Just to see that the port is open and you are on IRIS  you may try to access
over ODBC/JDBC gateway any table in %SYS

Thanks for the ideas @Robert Cemper , but I was looking for something dead-simple at the UNIX level, and nc does the trick :)

nc -z -v localhost 1972

Use netcat, it will tell you if the port is open, if not then it's may be because superserver is not ready

This is what we needed. Thank you.

Thanks @Guillaume Rongier !  That works great.  FYI ... we can see the request attempt on the IRIS side with a Description = "%Service_SuperServer login failure", noting the IP Address of your Linux web server, and Event Data which mentions "Error message: ERROR #949: Unable to get full header of message within timeout" 

For those that use Interoperability/HealthConnect, nc/netcat is also an excellent tool for verifying that remote ports are accessible for HL7 MLLP, HTTP or other protocols that require a TCP socket client connection.

And while this thread is specifically for Unix/Linux, there's a Windows PowerShell analogue named Test-NetConnection (alias tnc) that provides a subset of nc's features.

One option would just be a straight telnet session (swap 10.10.10.10 with the IP address of your system):

telnet 10.10.10.10 1972

If the port is closed, you should get the error: "telnet: Unable to connect to remote host: Connection refused" - but if successful you should get the "Connected to 10.10.10.10" you'll know it's open. To exit, type <CTRL>] for a telnet prompt, then type 'quit'.

Hope this helps!

Thanks!  I confirmed that this will work on older Linux machines, but it won't work for our example as RHEL 9 removes Telnet from the distribution since it is unencrypted (at least that is what I was told).  But for people UNIX machines which have Telnet installed it looks like this is a great option!

This is what I historically would have done but telnet no longer exists. RHEL 8 deprecated all of the insecure communications tools like telnet and ftp, and RHEL 9 removes them. So, no telnet. While this would have been an option on RHEL 7, lack of a modern OpenSSL library on RHEL 7 makes it unsuitable for our needs.

thank for the additional idea!

Cool! Do you want to publish it on OEX? Please?

as an alternative you could use to standard traceroute 

 traceroute -n -T -m 5 -q 1 -p 80 hostname.local

-p portnumber

-T use TCP syn for connects

-m max TTL to test

If it succeeds it will return all IPs if the IP is not reachable it will only report *.
If the port is blocked it will return somethink like

 1  192.168.1.198  0.411 ms !X

Where !X means admin prohibited.