0 
$m = new Memcached(); $m->addServer('localhost', 11211);

Will port 11211 need to be open in IPTables for this to work, or is it bypassed considering it's localhost?

sudo iptables -L -n -v output

Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1155K 95M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 8817K 1451M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 183 10452 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6685 574K 30M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 122 7232 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 2649 154K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 8343K packets, 12G bytes) pkts bytes target prot opt in out source destination 6 2524 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20
Improve this question
1
  • 1
    Depends on what you already have in your iptables configuration. On most distros everything is open by default. If you post the output of 'iptables -L' on your system I can tell you more. Commented Nov 12, 2010 at 21:01

2 Answers 2

Reset to default
1

What everyone else has noted about default installs is fairly true, though most eg CentOS systems have come out of the box running a basic firewall for some time now. But even a basic firewall will normally allow all connections from localhost to localhost, as is it extremely unwise to forbid these; the oddest things can start happening. If there's a line near the top of your INPUT chain (or any chain to which INPUT delegates the bulk of its work) that says

iptables -A INPUT -i lo -j ACCEPT

or in iptables -L -n -v format, 

 840 97979 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

(never mind the first two fields, they're packet and byte counts and yours would of course be different) then you're probably OK. Another good test is to do

telnet localhost 11211

if you get 

Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1).

then you know your listener's running and the firewall's not blocking it. Failing that, give us your iptables -L -n -v and your netstat -an outputs, as the others suggest, so we can take a look.

Improve this answer
4
  • if I know that I can access MySQL via "localhost" then I should be fine.... right? Commented Nov 17, 2010 at 3:27
  • i don't see that that has much to do with the situation; mysql as a service normally runs on port 3306. the telnet test is fairly definitive, and cheap to do; why would you not do it? Commented Nov 22, 2010 at 14:19
  • The telnet test was indeed met with "connection refused"..... netstat-an is a VERY long list of items... Commented Nov 30, 2010 at 16:45
  • ok, sorry, try "netstat -an|grep 11211". Commented Nov 30, 2010 at 17:59
0

This depends on your install/distro. The base install of pretty much everything should be open. As dfranke pointed out you can list iptables entries with 'iptables -L'. I can tell you that with a base install of Ubuntu, Debian and CentOS I've not had to do anything other than just install memcached to have it run and be open.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.