arcadin
26-02-2007, 04:34
Like a lot of folks I also had the dreaded
Data unavailable.
TCPQueryPort may not be open.
error message for *any* reporting script which I tried to install. After a lot of mucking around I found that this error was caused by having selinux enabled.
All my other tests passed:
1. https://www.grc.com/port_51234.htm showed the port as OPEN;
2. I could telnet in to "telnet www.myservername.com 51234" do a "sel 8767" and see players online, I could also do a "cl" and get a full listing of all channels. I could do this from on the server itself and from remote systems;
3. I checked with http://ts2test.planetteamspeak.com and the tests passsed;
4. I disabled my firewall to see if I'd set up my firewall incorrectly;
I found the problem by looking in my selinux audit log file, for Fedora Core this is located at /var/log/audit/audit.log and the message I was getting was:
type=AVC msg=audit(1172458674.735:7921): avc: denied { name_connect } for pid=19176 comm="httpd" dest=51234 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1172458674.735:7921): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d4e60 a2=12accfc a3=81d95ae4 items=0 ppid=1895 pid=19176 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Then I ran "setenforce 0" as root, this temporarily disabled selinux until the next reboot. A few minutes later and I could see the channel lists and who was online! Huzzah!
I don't recommend that you run with selinux disabled, so to make this change permanent issue the following command as root:
"semanage port -a -t http_port_t -p tcp 51234"
then reenable selinux by running "setenforce 1"
If new selinux policy files are released and added to your server then the above setting will be retained.
Arc.
Data unavailable.
TCPQueryPort may not be open.
error message for *any* reporting script which I tried to install. After a lot of mucking around I found that this error was caused by having selinux enabled.
All my other tests passed:
1. https://www.grc.com/port_51234.htm showed the port as OPEN;
2. I could telnet in to "telnet www.myservername.com 51234" do a "sel 8767" and see players online, I could also do a "cl" and get a full listing of all channels. I could do this from on the server itself and from remote systems;
3. I checked with http://ts2test.planetteamspeak.com and the tests passsed;
4. I disabled my firewall to see if I'd set up my firewall incorrectly;
I found the problem by looking in my selinux audit log file, for Fedora Core this is located at /var/log/audit/audit.log and the message I was getting was:
type=AVC msg=audit(1172458674.735:7921): avc: denied { name_connect } for pid=19176 comm="httpd" dest=51234 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1172458674.735:7921): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d4e60 a2=12accfc a3=81d95ae4 items=0 ppid=1895 pid=19176 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Then I ran "setenforce 0" as root, this temporarily disabled selinux until the next reboot. A few minutes later and I could see the channel lists and who was online! Huzzah!
I don't recommend that you run with selinux disabled, so to make this change permanent issue the following command as root:
"semanage port -a -t http_port_t -p tcp 51234"
then reenable selinux by running "setenforce 1"
If new selinux policy files are released and added to your server then the above setting will be retained.
Arc.