Join Log in
Score:-1
user6269972 avatar Ubuntu

Unable to open port 443, despite apache listening, ufw open locally on machine

lv flag
user6269972

Hello fellow ubuntu lovers. I've been trying to open port 443 on my server (on a private network) for some time, but I'm stuck. It's open on ufw, and apache is listening to that port, but somehow I cannot access that port from a different machine on the same private network (both are on the same router)

Here I listed the output from the usual port troubleshooting commands. Would highly appreciate any help you can give me, thank you! :)

NOTE: I am running Ubuntu 13.04 (i know it's old, but I have a project that does not allow me to upgrade).

result of wget from within the server 192.168.0.11 443 (it's clearly connecting)

wget https://192.168.0.11 --no-check-certificate

Connecting to 192.168.0.11:443... connected.
WARNING: cannot verify 192.168.0.11's certificate, issued by ‘/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA’:
  Unable to locally verify the issuer's authority.
result of wget from machine on the same private network (clearly not connecting)

wget https://192.168.0.11 --no-check-certificate

Connecting to 192.168.0.11:443... failed: Operation timed out.
Retrying.

Result of nmap -sT 192.168.0.11 from within the server (IP of server). Clearly open.

Nmap scan report for 192.168.0.11
Host is up (0.00050s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
8009/tcp open  ajp13
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Result of nmap -sT 192.168.0.11 (from a client on the same private network) - port looks closed

Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-16 09:10 EST
Nmap scan report for 192.168.0.11
Host is up (0.0021s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
444/tcp closed snpp

Nmap done: 1 IP address (1 host up) scanned in 4.16 seconds

result of netstat -tlnp (looks like apache is bound and listening)

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1232/mysqld     
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      1207/mono       
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      2074/dnsmasq    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      993/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1061/cupsd      
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      1248/pptpd      
tcp6       0      0 :::8009                 :::*                    LISTEN      1370/java       
tcp6       0      0 :::80                   :::*                    LISTEN      27146/apache2   
tcp6       0      0 :::8080                 :::*                    LISTEN      1370/java       
tcp6       0      0 :::22                   :::*                    LISTEN      993/sshd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1061/cupsd      
tcp6       0      0 :::443                  :::*                    LISTEN      27146/apache2   
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      1370/java
Result of sudo lsof -iTCP -sTCP:LISTEN -P (looks like apache is listening)

COMMAND   PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd      993     root    3u  IPv4    8811      0t0  TCP *:22 (LISTEN)
sshd      993     root    4u  IPv6    8813      0t0  TCP *:22 (LISTEN)
cupsd    1061     root    9u  IPv6 1121403      0t0  TCP ip6-localhost:631 (LISTEN)
cupsd    1061     root   10u  IPv4 1121404      0t0  TCP localhost:631 (LISTEN)
mono     1207 dekiwiki    5u  IPv4   10961      0t0  TCP *:8081 (LISTEN)
mysqld   1232    mysql   10u  IPv4   12403      0t0  TCP localhost:3306 (LISTEN)
pptpd    1248     root    6u  IPv4   10654      0t0  TCP *:1723 (LISTEN)
java     1370   tomcat   48u  IPv6   11175      0t0  TCP *:8080 (LISTEN)
java     1370   tomcat   53u  IPv6   11179      0t0  TCP *:8009 (LISTEN)
java     1370   tomcat   72u  IPv6   14691      0t0  TCP localhost:8005 (LISTEN)
dnsmasq  2074   nobody    5u  IPv4   12631      0t0  TCP aperture:53 (LISTEN)
apache2 27146     root    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27146     root    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27151 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27151 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27152 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27152 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27153 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27153 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27154 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27154 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27155 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27155 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27158 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27158 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)

Result of ufw status:

Status: active

To                         Action      From
--                         ------      ----
443                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
444/tcp                    ALLOW       Anywhere
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere (v6)
443/tcp                    ALLOW       Anywhere (v6)
444/tcp                    ALLOW       Anywhere (v6)
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)

result of sudo iptables -L It's a big output, so I put it in pastebin (I tried sudo iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT)

https://pastebin.com/DV8A3EFF

183
0 + 0
Doug Smythies avatar
gn flag
Doug Smythies
Apache appears to only be listening for IPV6 connections, but you are trying to connect via IPV4.
1
Reply
user6269972 avatar
lv flag
user6269972
Thanks for the reply. Linux machines typically hide a dualstack IPv4+IPv6 socket behind listening on IPv6 address :: Having said that I tried 0.0.0.0:443 and it still same problem.
0
Reply
Andra avatar
tr flag
Andra
ufw log? Apache log? Wireshark?
0
Reply
Score:0
user6269972 avatar Ubuntu
lv flag
user6269972

For those who are struggling with the same problem, I changed apache to port 8443, and forwarded all 443 traffic to 8443. I still don't know why port 443 is blocked. It works now.

When I switched apache to 8443, the 8443 port became open on nmap -P. However when I switched back to 443, the 443 port did not open. So clearly there is something stopping 443 from being opened.

It is possible it has to do with my Tp-Link Archer AX-60 router. Not sure, why 443 traffic within the private network is being blocked.

0 + 0
birgersp avatar
cn flag
birgersp
How (specfically) did you forward all 443 traffic to 8443 ?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.