Join Log in
Score:0
dos4dev avatar Ubuntu

80 port Connection refused

cn flag
dos4dev

I am new to Ubuntu firewall and I have Ubuntu 20.04 server.

All ports 8080, 81 ... are externally available, but when I tried telnet IP 80 I received telnet: Unable to connect to remote host: Connection refused

ufw status verbose is:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80                         ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
22/tcp                     ALLOW IN    Anywhere                  
4000                       ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
80/tcp (Nginx HTTP)        ALLOW IN    Anywhere                  
81                         ALLOW IN    Anywhere                  
80 (v6)                    ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
4000 (v6)                  ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
80/tcp (Nginx HTTP (v6))   ALLOW IN    Anywhere (v6)             
81 (v6)                    ALLOW IN    Anywhere (v6)

Similar questions that helps me to extend my knowledge about the topic:

https://serverfault.com/questions/129086/how-to-start-stop-iptables-on-ubuntu

Port 80 connection refused

The last link guides to restart the iptables, but I hope that I have missed something else and I don't have to restart my iptables.

Please guide me what better to do in this situation, and how to receive an public access to my host with port 80.

Big thanks for the support.

288
0 + 0
Andrej Podzimek avatar
cn flag
Andrej Podzimek
Obviously, when you got a *connection refused*, the port is **not** blocked. (Also, firewall settings are called nftables these days (command: `nft`), not iptables.) Are you sure something is listening on your port `80`? When you look at `netstat -atpn`, is your port `80` in a `LISTEN` state? (Another side note would be that you should **not** need to use port `80` at all these days, port `443` should suffice. Port `80`, when in use, should only redirect to `https` on port `443` for compatibility with very old clients.)
0
Reply
dos4dev avatar
cn flag
dos4dev
Hi @AndrejPodzimek the `netstat -atpn` gives me next result `tcp6 0 0 127.0.0.1:80 :::* LISTEN 55264/java ` I use 80 for the test/learn purpose. I have to move to 443 port, but I want to understand this situation.
0
Reply
dos4dev avatar
cn flag
dos4dev
@AndrejPodzimek could you please elaborate why I able to connect to my Java server locally but not publicly?
0
Reply
dos4dev avatar
cn flag
dos4dev
I assume that I will have the same problem with 443 port `tcp6 0 0 127.0.0.1:443 :::* LISTEN 55264/java ` It's available only locally.
0
Reply
Tilman avatar
cn flag
Tilman
Regrettably you didn't give the exact command you used. I guess where you wrote `IP` you actually used an IP address. Was that address `127.0.0.1`? Because according to your `netstat` output that is the only address on which your server listens on port 80.
0
Reply
dos4dev avatar
cn flag
dos4dev
Hi @Tilman I didn't know how mask my actual IP address in the question. For telnet I used my actual IP address.
0
Reply
dos4dev avatar
cn flag
dos4dev
@AndrejPodzimek sorry for dummy question. Does it mean that I have to tune my Java application? I prefer to avoid it because I don't have much access to java application.
0
Reply
Andrej Podzimek avatar
cn flag
Andrej Podzimek
`::1` would be a `localhost`-only address. The `netstat` output shows a `tcp6` socket (i.e. dual-stack, as it should be) listening on an outdated `localhost` address from a failed 1975 experiment called IPv4, which [hurts the Internet](https://docs.google.com/document/d/1YgiM5K16mlRWwqf6DNKU3--IkmtEViyN72MADgTPcZs/). To listen on a particular interface, `bind()` (or construct) a [`ServerSocket`](https://docs.oracle.com/en/java/javase/14/docs/api/java.base/java/net/ServerSocket.html) with one of the interface’s addresses. To listen on _any_ address, `bind()` to the *wildcard* address `::`.
0
Reply
Andrej Podzimek avatar
cn flag
Andrej Podzimek
@dos4dev This depends on where the address comes from. If it is hardwired in code, you may need to modify the code. If it comes from a configuration file, then just tweak the configuration file and set (e.g.) `::` as the address to listen on. BTW, the documentation says: *If `bindAddr` is `null`, it will default accepting connections on any/all local addresses.* However, if the application always uses an address string of some sort (e.g. from a config file), then you may need to specify `::` explicitly.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.