Firewall ports are open, but not when trying to reach them[solved]

Discussion in 'Installation/Configuration' started by jjsjjs, Nov 21, 2021 at 1:14 PM.

Tags:
  1. jjsjjs

    jjsjjs Member

    Hi,
    I've opened a few ports which I need.
    When checking, the seem open:
    Code:
    17178/tcp                  ALLOW IN    Anywhere
    17179/tcp                  ALLOW IN    Anywhere
    17180/tcp                  ALLOW IN    Anywhere
    17181/tcp                  ALLOW IN    Anywhere
    17178/udp                  ALLOW IN    Anywhere
    17179/udp                  ALLOW IN    Anywhere
    17180/udp                  ALLOW IN    Anywhere
    17181/udp                  ALLOW IN    Anywhere
    
    as it does not work, i've checked with an port checker online, and also with telnet, the ports seems to be closed.
    Where should I look to solve this?

    Thanks very much.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Perhaps they are blocked in a network router or firewall. Check your own if you have one, and you could contact the company which hosts your server next.
     
  3. jjsjjs

    jjsjjs Member

    In my router they are not blocked.
    I will send Strato an email.
    Thanks!
     
  4. jjsjjs

    jjsjjs Member

    Called with Strato today. They say they don't block any ports on self managed VPS.
    When checked in terminal ufw, says the ports are allowed from anywhere.
    nmap does not show the needed ports at all.
    The site https://www.yougetsignal.com/tools/open-ports/ shows the ports closed.
    What can I do next?
    Thanks for any help.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. jjsjjs

    jjsjjs Member

    Yes sorry, here it is
    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    
    [INFO] uptime:  09:43:30 up 3 days, 18:01,  1 user,  load average: 0,01, 0,03, 0
    ,05
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          2,0Gi       696Mi       738Mi        92Mi       612Mi       1,2Gi
    Swap:            0B          0B          0B
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.7p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.31-1~deb10u1
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 21125)
    [INFO] I found the following mail server(s):
            Postfix (PID 325)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 352)
    [INFO] I found the following imap server(s):
            Dovecot (PID 352)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 8215)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [anywhere]:25           (325/master)
    [localhost]:953         (378/named)
    [localhost]:9050                (474/tor)
    [anywhere]:443          (21125/apache2)
    [anywhere]:993          (352/dovecot)
    [anywhere]:995          (352/dovecot)
    [localhost]:10023               (411/postgrey)
    [localhost]:10024               (30239/amavisd-new)
    [localhost]:10025               (325/master)
    [localhost]:10026               (30239/amavisd-new)
    [localhost]:10027               (325/master)
    [anywhere]:587          (325/master)
    [localhost]:11211               (342/memcached)
    [anywhere]:110          (352/dovecot)
    [anywhere]:143          (352/dovecot)
    [anywhere]:8080         (21125/apache2)
    [anywhere]:80           (21125/apache2)
    [anywhere]:8081         (21125/apache2)
    [anywhere]:465          (325/master)
    [anywhere]:21           (8215/pure-ftpd)
    ***.***.***.***:53              (378/named)
    [localhost]:53          (378/named)
    [anywhere]:22           (391/sshd)
    *:*:*:*::*:25           (325/master)
    *:*:*:*::*:953          (378/named)
    *:*:*:*::*:993          (352/dovecot)
    *:*:*:*::*:995          (352/dovecot)
    *:*:*:*::*:10023                (411/postgrey)
    *:*:*:*::*:3306         (469/mysqld)
    *:*:*:*::*:587          (325/master)
    [localhost]10           (352/dovecot)
    [localhost]43           (352/dovecot)
    *:*:*:*::*:465          (325/master)
    *:*:*:*::*:21           (8215/pure-ftpd)
    *:*:*:*::*:53           (378/named)
    *:*:*:*::*:22           (391/sshd)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    f2b-dovecot  tcp  --  [anywhere]/0            [anywhere]/0            multiport
    dports 110,995,143,993,587,465,4190
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dp
    orts 22
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multi
    port dports 25
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0
    
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-dovecot (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-postfix-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0
       udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0
       udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0
       tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0
       tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0
       udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0
       udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0
       ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3
    /min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3
    /min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELA
    TED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELA
    TED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctsta
    te INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVA
    LID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 d
    pt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:535
    3
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELA
    TED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3
    /min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVA
    LID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3
    /min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE mat
    ch dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE mat
    ch dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE mat
    ch dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit
    : avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dp
    orts 40110:40210
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1717
    8
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1717
    9
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1718
    0
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1718
    1
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1717
    8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1717
    9
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1718
    0
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1718
    1
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1717
    8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1717
    8
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1717
    9
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1717
    9
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1718
    0
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1718
    0
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:1718
    1
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1718
    1
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3
    /min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with
    icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination
    
    Code:
    No LSB modules are available.
    Distributor ID: Debian
    Description:    Debian GNU/Linux 10 (buster)
    Release:        10
    Codename:       buster
    
    Code:
    PHP 7.3.31-1~deb10u1 (cli) (built: Oct 24 2021 15:18:08) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.3.31, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.3.31-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies
    
    Thanks.
     
    Last edited: Nov 22, 2021 at 6:19 PM
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That clearly shows the ports are allowed in iptables, so the ufw configuration is working. It also shows you have nothing listening on those ports, so any test connections or traffic must fail at this time; your issue likely isn't a firewall blocking the traffic. Go ahead and start whatever service(s) you have which should be running there and test again.
     
    Last edited: Nov 22, 2021 at 6:35 PM
  8. jjsjjs

    jjsjjs Member

    Thanks Jesse. It's a java server started with this command
    Code:
    nohup  /home/user/jdk-11.0.12+7/bin/java -jar /home/user/app/jRDC.jar > nohup.out &
    which looks like it started ok
    Worked great on the Raspbery, it looks like everything what runned ok there, I have trouble with on VPS (except the email due to port 25 on the raspberry)
    Did not expect for this that it has actually to listen to check if the port is open. Thanks I will check.
     
  9. jjsjjs

    jjsjjs Member

    Yes indeed it works now.
    Strange, before I could use the whole string as in the previous post and it would start.
    Now I have to cd to the java bin folder and then use nohup java -jar etcetera. Else it says can't execute binary.

    At least a step further into the puzzle.
     

Share This Page