How can you test access to IRIS running on 1972 from Linux?
We're looking to create a quick and simple test to see if all firewalls are open on 1972 between a linux based web server VM and a VM running InterSystems IRIS. Does anyone have any ideas for a quick command that can be run from UNIX console that will provide confirmation that traffic is able to get to 1972 on an IRIS machine?
BTW - I don't think it makes any difference but the IRIS machine is running Windows
Comments
ODBC/JDBC QUERY tools connect to 1972
no Idea which runs on Linux
Another idea:
Just to see that the port is open and you are on IRIS you may try to access
over ODBC/JDBC gateway any table in %SYS
Thanks for the ideas @Robert Cemper , but I was looking for something dead-simple at the UNIX level, and nc does the trick :)
nc -z -v localhost 1972Use netcat, it will tell you if the port is open, if not then it's may be because superserver is not ready
This is what we needed. Thank you.
Thanks @Guillaume Rongier ! That works great. FYI ... we can see the request attempt on the IRIS side with a Description = "%Service_SuperServer login failure", noting the IP Address of your Linux web server, and Event Data which mentions "Error message: ERROR #949: Unable to get full header of message within timeout"
Any idea how to hide these health check logs in the audit events, so only 'real' login failure attempts are shown ?
instead of using nc, which will not be able to send a full header, you could use my tool iscctl, which will connect, only if the server is available, and it will be logged in correctly. let me know if you would need some updates in the tool
For those that use Interoperability/HealthConnect, nc/netcat is also an excellent tool for verifying that remote ports are accessible for HL7 MLLP, HTTP or other protocols that require a TCP socket client connection.
And while this thread is specifically for Unix/Linux, there's a Windows PowerShell analogue named Test-NetConnection (alias tnc) that provides a subset of nc's features.
One option would just be a straight telnet session (swap 10.10.10.10 with the IP address of your system):
telnet 10.10.10.10 1972If the port is closed, you should get the error: "telnet: Unable to connect to remote host: Connection refused" - but if successful you should get the "Connected to 10.10.10.10" you'll know it's open. To exit, type <CTRL>] for a telnet prompt, then type 'quit'.
Hope this helps!
Thanks! I confirmed that this will work on older Linux machines, but it won't work for our example as RHEL 9 removes Telnet from the distribution since it is unencrypted (at least that is what I was told). But for people UNIX machines which have Telnet installed it looks like this is a great option!
deleted
This is what I historically would have done but telnet no longer exists. RHEL 8 deprecated all of the insecure communications tools like telnet and ftp, and RHEL 9 removes them. So, no telnet. While this would have been an option on RHEL 7, lack of a modern OpenSSL library on RHEL 7 makes it unsuitable for our needs.
I have tool for it, but it requires full authorization
thank for the additional idea!
Cool! Do you want to publish it on OEX? Please?
as an alternative you could use to standard traceroute
traceroute -n -T -m 5 -q 1 -p 80 hostname.local
-p portnumber
-T use TCP syn for connects
-m max TTL to test
If it succeeds it will return all IPs if the IP is not reachable it will only report *.
If the port is blocked it will return somethink like
1 192.168.1.198 0.411 ms !X
Where !X means admin prohibited.
💡 This question is considered a Key Question. More details here.