Bazaar (bzr) port (4155) is open or closed?

vichor · 08-16-2012, 05:10 AM

Hi all,

I have a small bazaar (bzr) server at home, just for fun. In my LAN, I can with no problem download/upload branches from/to the server.

Yesterday I decided to open the port to be able to access the repository from my office, so I changed my router configuration to open the port and checked my server's iptables and so on. Even I created a script to email me my public IP when changed (and this works!

).

Well, my knowledge on networking is quite limited, so I just used the router's web to open the port (in fact, I already opened it when I created the server months ago, but I didn't remember this), and used Firestarter on the server to set up its iptables.

Checking with nmap, the port is reported as open in my server if using the local IP (192.168.blahblah), but reported as closed when using public IP.

Besides, if I try a bzr command, it works using the local IP address, but again it does not work with the public IP.

Testing also telnet over port 4155 (bzr's default) does not work with public IP.

But, when checking port availability through this web, it is reported as open.

So, the port is actually open or closed? I assume the answer is "closed. In this case, which is the problem and how may I fix it?

Thanks!!

frankbell · 08-16-2012, 08:09 PM

The first question that comes to me is this: Is port forwarding configured in the router to forward incoming calls on that port to the bzr server?

vichor · 08-17-2012, 01:08 AM

I think I configured the port forwarding in the router. I assigned the port 4155 to the server's address using the NAT configuration web interface of the router. Anyway, I will double check this this afternoon at home.

vichor · 08-17-2012, 01:56 PM

OK I have checked the router's iptables and filtering about 4155 port I see this:

Chain USERFORWARD (1 references)
target prot opt source destination
...
ACCEPT udp -- anywhere 192.168.1.111 udp dpt:4155
ACCEPT tcp -- anywhere 192.168.1.111 tcp dpt:4155
...

There is no other rule regarding the 4155 port.

Is this a proper port forwarding?
Of course, 192.168.1.111 is the address of the server.

vichor · 08-18-2012, 02:55 PM

More details about the router's iptables:

Code:

# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 4466 packets, 305K bytes)
 pkts bytes target     prot opt in     out     source               destination     
...
    0     0 DNAT       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4155 to:192.168.1.111 
    0     0 DNAT       udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:4155 to:192.168.1.111

So the prerouting chain is there. And checking the Forward rule:

Code:

# iptables -nvL
Chain FORWARD (policy ACCEPT 120K packets, 13M bytes)
 pkts bytes target     prot opt in     out     source               destination         
...
 168K  207M USERFORWARD  all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
...
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           

Chain USERFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
...
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            192.168.1.111       udp dpt:4155 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            192.168.1.111       tcp dpt:4155 
...

It seems that the port forwarding is there :S

Do the order of the rules have something to do? Is it possible for a previous rule to be forbidding the connection?