Score:0

OHV VPS ports remain "closed" and can't be changed, why?

cn flag

I have a problem with a VPS ports config (on ovh.com). I set up Debian 10 and updated it, but when I try to configure ports I get many errors.

I found that OVH infrastructure is protected by a global firewall, but on my panel it's shown as disabled and there are no rules applied.

EXAMPLE

If I use port 22 for SSH, it's all ok, but if I change the port then I get locked out. Same goes for any port.

ANOTHER EXAMPLE:

MariaDB is installed and listening on port 3306:

MariaDB [(none)]> show variables where variable_name = 'port';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| port          | 3306  |
+---------------+-------+

Also the rules in iptables are supposed to allow al conections:

debian@vps-54c8e268:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Showed open with netstat:

debian@vps-54c8e268:~$ sudo netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State  
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN

BUT: When I test port 3306 on https://www.yougetsignal.com/tools/open-ports/, it shows Port Closed. And when I try to connect from DBeaver, it gets connection refused.

Michael Hampton avatar
cz flag
Does this answer your question? [What causes the 'Connection Refused' message?](https://serverfault.com/questions/725262/what-causes-the-connection-refused-message)
Fahed avatar
cn flag
Hi, Michael. No, I just tested but netstat shows the service is listening on port, and tcpdump shows packet are sent and replied correctly.
Michael Hampton avatar
cz flag
Your situation is covered in the linked post. It is also explained below.
Score:1
ar flag

In case of your MySQL Daemon: It's set to listen to 127.0.0.1:3306. 127.0.0.1 is the loop back interface, and not reachable externally.

This is the default configuration of MySQL, and probably what you want unless you're aware that you have to change the configuration.

This is defined with the bind-address directive in the MySQL configuration file. Set it to 0.0.0.0 to make MySQL listen on all interfaces.

Note that this is probably not a good idea. It means that any vulnerability in MySQL may lead to a loss of database. To manage the DB, use SSH tunneling:

ssh -L 3306:127.0.0.1:3306 [email protected]

This will create a secure tunnel, using SSH, to transport packages from your PC to the remote server. Connect your MySQL client to localhost:3306, and enjoy.

Fahed avatar
cn flag
Thanks, that seems to be helping with mysql port. :) But what about changing ports and ports allowed on iptables still showing closed when tested from the outside?
vidarlo avatar
ar flag
I have no idea, as you've provided no data for that scenario.
Fahed avatar
cn flag
thanks, I guess I'll re-propose my question.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.