Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
iptables open port [SOLVED]
iptables open port [SOLVED]
Hi,
Opening a new port through iptables no longer opens the port. Assuming this probably has somethng to do with iptables merely being a front end now for nftables.
The port is open when running iptables -L, but it is not actually open...
This is a Debain 10 system that was upgraded from Debain 9. Only ever used iptables.
Opening a new port through iptables no longer opens the port. Assuming this probably has somethng to do with iptables merely being a front end now for nftables.
The port is open when running iptables -L, but it is not actually open...
This is a Debain 10 system that was upgraded from Debain 9. Only ever used iptables.
Last edited by schnappi on 2020-01-19 15:23, edited 1 time in total.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: iptables open port
If a tree falls in the forest and no-one is there to hear it...
How do you know it's not 'open' (and how do you define 'open')..
How do you know it's not 'open' (and how do you define 'open')..
AdrianTM wrote:There's no hacker in my grandma...
Re: iptables open port
Online port tests at multiple sites, program internal firewall checker saying port closed, no incoming TCP connections on the port, installed multiple programs on the server using different ports to rule out that the program was the issue. Tried setting iptables to allow all connections by default and ports were still closed.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: iptables open port
OK, how about some specifics.
What program, what port, network layout, current firewall rules (default is none).
What program, what port, network layout, current firewall rules (default is none).
AdrianTM wrote:There's no hacker in my grandma...
Re: iptables open port
If there is no service listening on your specific port, it isn't considered open..
Re: iptables open port
The program isn’t the issue as tried multiple programs on multiple ports.
But, Syncthing on 22000 is not open after
sudo iptables -A INPUT -p tcp –dport 22000 -j ACCEPT
or
sudo iptables -P INPUT ACCEPT
However, iptables -L lists port 22000 as open.
But, Syncthing on 22000 is not open after
sudo iptables -A INPUT -p tcp –dport 22000 -j ACCEPT
or
sudo iptables -P INPUT ACCEPT
However, iptables -L lists port 22000 as open.
Re: iptables open port
Please post entire output of:schnappi wrote:The program isn’t the issue as tried multiple programs on multiple ports.
But, Syncthing on 22000 is not open after
sudo iptables -A INPUT -p tcp –dport 22000 -j ACCEPT
or
sudo iptables -P INPUT ACCEPT
However, iptables -L lists port 22000 as open.
Code: Select all
iptables -L
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: iptables open port
Iptables never opened ports. It is just a packet filter.schnappi wrote:Opening a new port through iptables no longer opens the port.
"Port closed" usually means that nothing listens on the port at that IP address unless you have rules with the REJECT target. Not an iptables issue.schnappi wrote: Online port tests at multiple sites, program internal firewall checker saying port closed
No. It lists iptables rules, not open ports.schnappi wrote:However, iptables -L lists port 22000 as open.
Post the output of "iptables-save" instead. It is more complete, compact and easier to read.Chrisdb wrote:iptables -L
Re: iptables open port
Honestly, there are posts about semantics. While the responses are appreciated the point is the correct steps have been taken to open ports, and the ports are closed.
If anyone has suggestions unrelated to semantics please feel free to let me know.
To further the point. This server runs a webserver. When port 80 and 443 are closed in iptables port 80 and 443 remain open. Same thing if close 53. Nameserver still responds.
If anyone has suggestions unrelated to semantics please feel free to let me know.
To further the point. This server runs a webserver. When port 80 and 443 are closed in iptables port 80 and 443 remain open. Same thing if close 53. Nameserver still responds.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: iptables open port
Assume makes an ass out of u & me but you could tryschnappi wrote:Assuming this probably has somethng to do with iptables merely being a front end now for nftables.
Code: Select all
# update-alternatives --config iptables
deadbang
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: iptables open port
From the available evidence it would appear to be user error.schnappi wrote:If anyone has suggestions unrelated to semantics please feel free to let me know.
AdrianTM wrote:There's no hacker in my grandma...
Re: iptables open port
Always thought highly of Debian. But, this forum gives the Arch community competition.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: iptables open port
Thanks! We do tryschnappi wrote:this forum gives the Arch community competition
deadbang
Re: iptables open port
@Head_on_a_Stick I know you agree...
Anywho, there was no user error. The server had been up for a few years. No restart after Debian 10 upgrade either. Restarting resolved without any changes.
Anywho, there was no user error. The server had been up for a few years. No restart after Debian 10 upgrade either. Restarting resolved without any changes.
-
- Posts: 5
- Joined: 2020-01-20 08:53
Re: iptables open port [SOLVED]
Hi, I have same issue:
I use tomcat 9.0.3 with this configs:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="mystore2" keystorePass="PWD"
clientAuth="false" sslProtocol="TLS"/>
and this listners:
org.apache.catalina.startup.VersionLoggerListener
org.apache.catalina.core.JreMemoryLeakPreventionListener
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
org.apache.catalina.core.ThreadLocalLeakPreventionListener
when I try connect from browser it throw ERR_CONNECTION_REFUSED
I try open 8443 port by:
iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
ufw allow https
But when I check remotely port closed even though result of ufw status:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8080 ALLOW Anywhere
8443 ALLOW Anywhere
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
netstat -tulpn | grep LISTEN:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 622/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 684/mysqld
tcp6 0 0 :::22 :::* LISTEN 622/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 618/java
tcp6 0 0 :::8080 :::* LISTEN 618/java
I use tomcat 9.0.3 with this configs:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="mystore2" keystorePass="PWD"
clientAuth="false" sslProtocol="TLS"/>
and this listners:
org.apache.catalina.startup.VersionLoggerListener
org.apache.catalina.core.JreMemoryLeakPreventionListener
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
org.apache.catalina.core.ThreadLocalLeakPreventionListener
when I try connect from browser it throw ERR_CONNECTION_REFUSED
I try open 8443 port by:
iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
ufw allow https
But when I check remotely port closed even though result of ufw status:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8080 ALLOW Anywhere
8443 ALLOW Anywhere
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
netstat -tulpn | grep LISTEN:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 622/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 684/mysqld
tcp6 0 0 :::22 :::* LISTEN 622/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 618/java
tcp6 0 0 :::8080 :::* LISTEN 618/java
Re: iptables open port [SOLVED]
Please open another thread and post results of:Kirill_code wrote:Hi, I have same issue:
I use tomcat 9.0.3 with this configs:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="mystore2" keystorePass="PWD"
clientAuth="false" sslProtocol="TLS"/>
and this listners:
org.apache.catalina.startup.VersionLoggerListener
org.apache.catalina.core.JreMemoryLeakPreventionListener
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
org.apache.catalina.core.ThreadLocalLeakPreventionListener
when I try connect from browser it throw ERR_CONNECTION_REFUSED
I try open 8443 port by:
iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
ufw allow https
But when I check remotely port closed even though result of ufw status:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8080 ALLOW Anywhere
8443 ALLOW Anywhere
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
netstat -tulpn | grep LISTEN:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 622/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 684/mysqld
tcp6 0 0 :::22 :::* LISTEN 622/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 618/java
tcp6 0 0 :::8080 :::* LISTEN 618/java
Code: Select all
netstat -tulpn
lsof -i
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: iptables open port [SOLVED]
As noted by p.H above, iptables cannot open or close ports, it can only allow or deny access to them.Kirill_code wrote: I try open 8443 port by:But when I check remotely port closed even though result of ufw statusCode: Select all
iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT ufw allow https
deadbang