My port 21 (ftp) is inexplicably blocked.
Important points
- Disabling ufw change nothing, port keep being blocked
- The problem is for any new port, not just 21
- I've tried to uninstall / reinstall ufw and reset iptables
telnet from local
telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 ProFTPD Server (ProFTPD Default Installation) [::ffff:127.0.0.1]
telnet from remote
telnet: Unable to connect to remote host: Connection timed out
proftpd config (unedited)
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
Port 21
Umask 022
MaxInstances 30
User nobody
Group nogroup
<Directory />
AllowOverwrite on
</Directory>
<Anonymous ~ftp>
User ftp
Group ftp
UserAlias anonymous ftp
MaxClients 10
DisplayLogin welcome.msg
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
lsof
sudo lsof -i :21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
proftpd 20611 nobody 0u IPv6 15922523 0t0 TCP *:ftp (LISTEN)
ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
21 ALLOW Anywhere
80 ALLOW Anywhere
25 ALLOW Anywhere
143 ALLOW Anywhere
993 ALLOW Anywhere
443 ALLOW Anywhere
110 ALLOW Anywhere
995 ALLOW Anywhere
nmap (remotely)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
Iptables
Chain INPUT (policy DROP 11888 packets, 618090 bytes)
pkts bytes target prot opt in out source destination
471121 37446294 f2b-wordpress-admin tcp
118 4839 ACCEPT udp
16520344 3080320177 ufw-before-logging-input all
16520344 3080320177 ufw-before-input all
307430 16096817 ufw-after-input all
268530 14088467 ufw-after-logging-input all
268530 14088467 ufw-reject-input all
268530 14088467 ufw-track-input all
0 0 ACCEPT all
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all
0 0 ACCEPT all
0 0 ufw-before-logging-forward all
0 0 ufw-before-forward all
0 0 ufw-after-forward all
0 0 ufw-after-logging-forward all
0 0 ufw-reject-forward all
0 0 ufw-track-forward all
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
16344512 4396207242 ufw-before-logging-output all
16344512 4396207242 ufw-before-output all
242395 16206787 ufw-after-output all
242395 16206787 ufw-after-logging-output all
242395 16206787 ufw-reject-output all
242395 16206787 ufw-track-output all
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
1337 564957 ACCEPT all
2531 126728 ACCEPT all
24 2100 ufw-logging-deny all
24 2100 DROP all
0 0 ACCEPT icmp
0 0 ACCEPT icmp
0 0 ACCEPT icmp
184 6296 ACCEPT icmp
0 0 ACCEPT udp
11880 617882 ufw-not-local all
0 0 ACCEPT udp
0 0 ACCEPT udp
11867 617206 ufw-user-input all
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
1337 564957 ACCEPT all
1495 6600805 ACCEPT all
7 503 ufw-user-output all
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all
0 0 ACCEPT icmp
0 0 ACCEPT icmp
0 0 ACCEPT icmp
0 0 ACCEPT icmp
0 0 ufw-user-forward all
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-skip-to-policy-input udp
0 0 ufw-skip-to-policy-input udp
11 560 ufw-skip-to-policy-input tcp
30 1544 ufw-skip-to-policy-input tcp
0 0 ufw-skip-to-policy-input udp
0 0 ufw-skip-to-policy-input udp
0 0 ufw-skip-to-policy-input all
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp
7 503 ACCEPT udp
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain f2b-wordpress-admin (1 references)
pkts bytes target prot opt in out source destination
470930 37411229 RETURN all
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
41 2104 DROP all
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
11880 617882 RETURN all
0 0 RETURN all
0 0 RETURN all
0 0 ufw-logging-deny all
0 0 DROP all
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
24 1432 ACCEPT tcp
0 0 ACCEPT udp
25 1300 ACCEPT tcp
0 0 ACCEPT udp
10 464 ACCEPT tcp
0 0 ACCEPT udp
1 52 ACCEPT tcp
0 0 ACCEPT udp
12 712 ACCEPT tcp
0 0 ACCEPT udp
0 0 ACCEPT tcp
0 0 ACCEPT udp
12 644 ACCEPT tcp
0 0 ACCEPT udp
1 52 ACCEPT tcp
0 0 ACCEPT udp
1 52 ACCEPT tcp
0 0 ACCEPT udp
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all
Edit:
tcp dump
tcpdump -ni any port 21
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
23:52:14.486431 IP ip.address.64155 > ip.address.21: Flags [S], seq 207845152, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
23:52:15.487331 IP ip.address.64155 > ip.address.21: Flags [S], seq 207845152, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
23:52:17.486879 IP ip.address.64155 > ip.address.21: Flags [S], seq 207845152, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
23:52:21.486947 IP ip.address.64155 > ip.address.21: Flags [S], seq 207845152, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
23:52:29.488538 IP ip.address.64155 > ip.address.21: Flags [S], seq 207845152, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
[ ... ]
15 packets captured
15 packets received by filter
0 packets dropped by kernel