modify listening JAVA connection

General discussions.

Moderator: moderators

modify listening JAVA connection

Postby EddyB » Sat Nov 23, 2019 11:47 am

Hello

I've just installed subsonic on my debian.
When i run all the listening connections i get :

java 31264 pi 102u IPv4 203187 0t0 UDP *:1900
java 31264 pi 104u IPv4 203190 0t0 TCP 192.168.0.254:41443 (LISTEN)
java 31264 pi 105u IPv4 203191 0t0 UDP 192.168.0.254:46282
java 31264 pi 110u IPv4 202217 0t0 TCP 192.168.0.254:4040 (LISTEN)
java 31264 pi 111u IPv4 203237 0t0 TCP *:9412 (LISTEN)
java 31264 pi 112u IPv4 203238 0t0 TCP *:43773 (LISTEN)
java 31264 pi 113u IPv4 229724 0t0 TCP 192.168.0.254:4040->192.168.0.15:46597 (ESTABLISHED)
java 31264 pi 114u IPv4 220040 0t0 TCP 192.168.0.254:4040->192.168.0.15:46431 (ESTABLISHED)

Subsonic runs on the 4040 tcp port, I would like to disable ALL other listening connections which are useless?
But how to do it ??!!
EddyB
 
Posts: 1
Joined: Sat Nov 23, 2019 11:42 am

Re: modify listening JAVA connection

Postby acroyear » Sun Nov 24, 2019 2:15 pm

You can't (except maybe the UDP 1900 incoming, which I believe is UPNP and you can turn that off in your Settings page).

Those are internal ports that Apache and/or Jetty are using for peer-to-peer communication. They're designed for when different parts or clones of the server can sit on different machines for load balancing, but generally it is rare anybody configures things to do that outside of a major Enterprise production environment.

But even if it is all on the same machine, it still uses those networkings for the internal communication rather than trying to implement two different communication means (there's little performance gain so it isn't worth rewriting - yes, i've seen the code there years ago), and disabling them basically breaks the service.

The ports are 'random' (well, allocated from a random starting point), and usually in odd number ranges so a firewall blocks them from the outside world. So long as you have a firewall on your router and only 4040 gets to the outside, those ports can't be attacked. If using automatic port forwarding, only the 4040 is going to be opened up.
--
Joe Shelby
http://subfiresuite.com/
http://subfireplayer.net/
User avatar
acroyear
 
Posts: 655
Joined: Wed Mar 27, 2013 8:05 pm
Location: Northern, VA


Return to General

Who is online

Users browsing this forum: No registered users and 4 guests