[SOLVED] Only able to connect on port 22

humbry · 09-26-2013, 10:55 PM

This is a little bit of a newbie post; should I post in the newbie forum?

I have a server on a shared (kvm) host, fresh install of CentOS 6.2.

I can SSH to the server using its IP address, but I cannot connect to any other port so far (notably, unless I connect from localhost).

All connections are via IP address to simplify - no need to talk about DNS issues.

I am running this:

nc -k -l 8080

There is no other software running on that port. For fun, I tried with port 25000 - same results.

I have verified the port is open in iptables

netstat shows the listener (and it goes away when I kill nc, so it seems like it should work)
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12418/nc

The hosting platform claims to not block any ports (and they are a large provider; there is little reason to think that they would).

Below are my iptables rules - very simple.

What else can I use to diagnose why the server is not accepting outside connections beside SSH?

# Generated by iptables-save v1.4.7 on Thu Sep 26 22:27:09 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:296]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
## -A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Sep 26 22:27:09 2013

smallpond · 09-26-2013, 11:09 PM

What do you mean by "can't connect"? Lack of willpower?

What error do you get? Does tcpdump show any bytes returned by the server? How are you connecting? Why are you using port 8080?

humbry · 09-26-2013, 11:18 PM

Connecting from another server far, far away using telnet:
Trying 12.34.56.78...
telnet: connect to address 12.34.56.78: Connection timed out

As noted, I also tried port 25000

This shows nothing at all:
tcpdump -nn -q -A -s 1024 -t dst port 8080

Starting to feel like there IS some kind of block being applied by the provider?

humbry · 09-27-2013, 12:26 AM

Quote:

Originally Posted by humbry

Starting to feel like there IS some kind of block being applied by the provider?

Or I could have mis-typed the IP address.

Sorry for the trouble.

itlb · 09-27-2013, 02:00 AM

I would disable iptables for troubleshooting purposes.
If you can still not nc the port then its probably your provider...

dt64 · 09-29-2013, 10:27 AM

You are saying you are able to connect to port 22 using SSH protocol. That means there is a SSH server listening.
Now, is there anything actually listening on port 8080, e.g. a web server like httpd?
Why did you try to connect to port 25000? What shold be listening there? As long as there is nothing listening at a port nothing could answer any connection attempt.