Join Log in
Score:0
mschoenebeck avatar Server

Connection to port times out despite it being open and listening

us flag
mschoenebeck

Contabo VPS running Ubuntu 22.04 server, there is no firewalld and no ufw running, fail2ban is installed and configured but currently stopped to figure out what's going on.

I have an nc -4 -k -l -v 173.212.xxx.xxx 1026 process running and listening on port 1026. 173.212.xxx.xxx is the public IP of the VPS and it is accessible from outside (for instance the ports 22, 80 and 443 work fine).

For some reason I cannot connect to 173.212.xxx.xxx:1026, the connection always times out. This is not the case for SSH and HTTP/HTTPS though. I am wondering why I cannot connect to other ports despite them being listened on and they show up in nmap like this:

$ sudo nmap 173.212.xxx.xxx
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-21 16:11 CET
Nmap scan report for vmdxxx.contaboserver.net (173.212.xxx.xxx)
Host is up (0.0000090s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
1026/tcp open  LSA-or-nterm      # <-- not working
8088/tcp open  radan-http        # <-- Janus WebRTC server timing out as well (what I actually try to set up)
8089/tcp open  unknown

$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      988/master          
tcp        0      0 173.212.xxx.xxx:1026    0.0.0.0:*               LISTEN      38682/nc            
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      747/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      988/master          
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      913/mysqld          
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      913/mysqld          
tcp        0      0 127.0.0.1:24            0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:4190          0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:9998          0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      988/master          
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      623/systemd-resolve 
tcp        0      0 173.212.xxx.xxx:8188    0.0.0.0:*               LISTEN      36225/janus         
tcp6       0      0 :::587                  :::*                    LISTEN      988/master          
tcp6       0      0 :::995                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::993                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::110                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::80                   :::*                    LISTEN      940/apache2         
tcp6       0      0 :::22                   :::*                    LISTEN      747/sshd: /usr/sbin 
tcp6       0      0 :::25                   :::*                    LISTEN      988/master          
tcp6       0      0 :::143                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::443                  :::*                    LISTEN      940/apache2         
tcp6       0      0 :::8089                 :::*                    LISTEN      36225/janus         
tcp6       0      0 :::8088                 :::*                    LISTEN      36225/janus         
udp        0      0 127.0.0.53:53           0.0.0.0:*                           623/systemd-resolve 
udp6       0      0 :::5002                 :::*                                36225/janus         
udp6       0      0 :::5004                 :::*                                36225/janus         
udp6       0      0 :::5102                 :::*                                36225/janus         
udp6       0      0 :::5104                 :::*                                36225/janus         
udp6       0      0 :::5106                 :::*                                36225/janus

I am able to connect to port 1026 from localhost but not from a remote host. But why? I'm obviously missing something. Does anyone have an idea why apparently all ports are blocked from outside i.e. where this could be configured? I don't remember anything other than setting up fail2ban a few years ago. I'm a network noob, btw. Thanks for taking the time! Your help is greatly appreciated.

404
0 + 5
ip
in flag
Gerald Schneider
Most probably your hoster has an additional firewall in place.
0
Reply
mschoenebeck avatar
us flag
mschoenebeck
Hey! Thanks for your reply. I don't think Contabo is blocking any ports. Didn't ask them directly but I assume that would be mentioned somewhere as it would be a pretty strong limitation. Edit: This indicates that there is no additional firewall in place: https://contabo.com/blog/first-steps-with-contabo/#a-change-your-port-in-linux
0
Reply
Zareh Kasparian avatar
us flag
Zareh Kasparian
haven't you set any configuration in "/etc/hosts.allow" or "/etc/hosts.deny" ?
0
Reply
Zareh Kasparian avatar
us flag
Zareh Kasparian
Also please check you packets through, tcpdump.
0
Reply
mschoenebeck avatar
us flag
mschoenebeck
Hey and thanks for the reply! The hosts.allow and hosts.deny files are untouched (i.e. empty).. thanks for the input, you mean tcpdump on the particular port?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.