How can you test access to IRIS running on 1972 from Linux?
We're looking to create a quick and simple test to see if all firewalls are open on 1972 between a linux based web server VM and a VM running InterSystems IRIS. Does anyone have any ideas for a quick command that can be run from UNIX console that will provide confirmation that traffic is able to get to 1972 on an IRIS machine?
BTW - I don't think it makes any difference but the IRIS machine is running Windows
Product version: IRIS 2022.1
ODBC/JDBC QUERY tools connect to 1972
no Idea which runs on Linux
Another idea:
Just to see that the port is open and you are on IRIS you may try to access
over ODBC/JDBC gateway any table in %SYS
or use IRIS Native API for ObjectScript
Thanks for the ideas @Robert Cemper , but I was looking for something dead-simple at the UNIX level, and nc does the trick :)
Use netcat, it will tell you if the port is open, if not then it's may be because superserver is not ready
This is what we needed. Thank you.
Thanks @Guillaume Rongier ! That works great. FYI ... we can see the request attempt on the IRIS side with a Description = "%Service_SuperServer login failure", noting the IP Address of your Linux web server, and Event Data which mentions "Error message: ERROR #949: Unable to get full header of message within timeout"
For those that use Interoperability/HealthConnect, nc/netcat is also an excellent tool for verifying that remote ports are accessible for HL7 MLLP, HTTP or other protocols that require a TCP socket client connection.
And while this thread is specifically for Unix/Linux, there's a Windows PowerShell analogue named Test-NetConnection (alias tnc) that provides a subset of nc's features.
One option would just be a straight telnet session (swap 10.10.10.10 with the IP address of your system):
telnet 10.10.10.10 1972
If the port is closed, you should get the error: "telnet: Unable to connect to remote host: Connection refused" - but if successful you should get the "Connected to 10.10.10.10" you'll know it's open. To exit, type <CTRL>] for a telnet prompt, then type 'quit'.
Hope this helps!
Thanks! I confirmed that this will work on older Linux machines, but it won't work for our example as RHEL 9 removes Telnet from the distribution since it is unencrypted (at least that is what I was told). But for people UNIX machines which have Telnet installed it looks like this is a great option!
deleted
This is what I historically would have done but telnet no longer exists. RHEL 8 deprecated all of the insecure communications tools like telnet and ftp, and RHEL 9 removes them. So, no telnet. While this would have been an option on RHEL 7, lack of a modern OpenSSL library on RHEL 7 makes it unsuitable for our needs.
I have tool for it, but it requires full authorization
https://github.com/caretdev/iscctl
thank for the additional idea!
Cool! Do you want to publish it on OEX? Please?
as an alternative you could use to standard traceroute
traceroute -n -T -m 5 -q 1 -p 80 hostname.local
-p portnumber
-T use TCP syn for connects
-m max TTL to test
If it succeeds it will return all IPs if the IP is not reachable it will only report *.
If the port is blocked it will return somethink like
1 192.168.1.198 0.411 ms !X
Where !X means admin prohibited.
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue