Score:0

Unexplained port blocking

hu flag

I'm having an issue with Ubuntu 21.04, where I'm unable to access ports that are behind Port Fowarding/DNAT on my router.

I have a working port forward on my router from (Public IP):443 to 192.168.2.223:4443

I know that this works, because I have an older system that when I plug back in and configure with 192.168.2.223, I can jump on to https://(Public IP) using an external jumpbox and I can see a webpage.

However the newer system I have here refuses the connection when attempting to access it via the port forward, but I can jump on to https://192.168.2.223:4443 and voila it pops up.

I've enabled IP Forwarding, have removed apparmour, removed UFW, cleared IPTables...and have now run out of ideas. I'm sure it's something really silly and minor somewhere that I've overlooked, and I'm hoping some fresh eyes will be able to spot it and point me in the right direction.

Any help appreciated!

Extra Notes: I can see the NAT translation occur correctly, and the traffic is directed to the new Ubuntu box -- and there is nothing in the service logs on the Ubuntu server, it's like the traffic gets to the new Ubuntu system and it just disregards it.

frippe avatar
ug flag
I can't find it in your question, but have you confirmed that there is indeed no rule blocking the incoming connection on 443 and that the service you're running is listening on said port (and correct interface, if you have several)?
Ben C avatar
hu flag
Yes, I have confirmed the DNAT/Firewall works as expected on the router by using a second system that I configured with the same internal IP. The service is listening on 0.0.0.0 (and only has one NIC) and is accessible on the expected port (4443) from any client on 192.168.2.0/24. It's like Ubuntu is dropping NATted traffic or anything outside of 192.168.2.0/24 -- but I can't find where or how Ubuntu is doing it
frippe avatar
ug flag
Oops, my bad, I read your post too quickly. Thought you tried to connect to 443, which failed, while connecting to port 4443 worked
Ben C avatar
hu flag
I had to go back and re-read it to make sure, but basically old box using 192.168.2.223:4443 works externally via PAT, new Ubuntu 21.04 box using 192.168.2.223:4443 only works within 192.168.2.0/24 and gets connection refused when trying to access it externally via PAT/DNAT
frippe avatar
ug flag
The description was alright, I just didn't pay enough attention to all the details. Anyway, does it change anything if you explicitly allow incoming connections from anywhere on port 4443?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.