Join Log in
Score:1
Jordan avatar Ubuntu

Port 80 showing as filtered, but ufw allowing port 80

cn flag
Jordan

I am having trouble with apache on my Ubuntu server. It is not a local machine, I am accessing it through SSH. When I run nmap -sS 127.0.0.1 it shows this:

Not shown: 998 closed ports
PORT   STATE    SERVICE
22/tcp open     ssh
80/tcp filtered HTTP

ports.conf is setup listening to port 80 like so:

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

Its worth mentioning I also tried setting it to Listen 0.0.0.0:80

I cant seem to get port 80 to open as opposed to being set to filtered. When I run sudo ufw status verbose its saying:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

    To                         Action      From
    --                         ------      ----
    80,443/tcp                 ALLOW IN    Anywhere
    22/tcp                     ALLOW IN    Anywhere
    80,443/tcp (v6)            ALLOW IN    Anywhere (v6)
    22/tcp (v6)                ALLOW IN    Anywhere (v6)

So I don't think its a firewall issue. Running ss -tunapl shows the following:

Netid   State     Recv-Q    Send-Q              Local Address:Port       Peer Address:Port
udp     UNCONN    0         0             172.31.255.175%eth0:68              0.0.0.0:*       users:(("systemd-network",pid=19297,fd=17))
tcp     LISTEN    0         128                       0.0.0.0:22              0.0.0.0:*       users:(("sshd",pid=17786,fd=3))
tcp     LISTEN    0         128                          [::]:22                 [::]:*       users:(("sshd",pid=17786,fd=4))
tcp     LISTEN    0         128                             *:80                    *:*       users:(("apache2",pid=27990,fd=4),("apache2",p                                   id=27989,fd=4),("apache2",pid=27987,fd=4))

Also, running iptables --table filter --list --numeric shows outputs this (pastebin link).

What could be the problem?

263
1 + 0
Score:0
Doug Smythies avatar Ubuntu
gn flag
Doug Smythies

From your pastebin iptables rules listing link:

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
...

So, the first rule in the INPUT chain is port 80 DROP rule. However, your listing is missing critical network interface information, which can be obtained using this command instead: sudo iptables -xvnL.

EDIT: The new pastebin shows no network interface dependence and also shows packets taking the first DROP rule path, as expected:

Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination
     434    23648 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

So, you need to delete that rule (untested):

sudo iptables -D INPUT 1

It is not obvious as to why that rule is/was there in the first place.

0 + 2
Jordan avatar
cn flag
Jordan
I dont really understand what im looking at in here, maybe [this will help.](https://pastebin.com/fjgTzPTy) Its another pastebin of the sudo iptables -xvnL command
0
Reply
Jordan avatar
cn flag
Jordan
Deleting that rule worked, thanks so much!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.