Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is silly. I am going mad trying to get a port open to incoming connections. Yesterday it worked, but today every checker reports "port closed". I have spent half a day struggling, and in desperation am here asking for help.
I have Xubuntu 16.10 and access the internet through a Zyxel router provided by my ISP, using a static LAN IP address. Ubuntu policy is to block all ports by default, but I have used ufw to open all ports in both directions, and rely on the firewall in my router, which is where I have set up port forwarding for the port in question. This was working just yesterday - but not today. So I went into the router again and disabled the firewall completely. Now, the router firewall is disabled, allowing all traffic in both directions, and the Ubuntu firewall is enabled, but configured to allow traffic in both directions on all ports (yes, I know it's dangerous, I am only testing like this). But still every port checker I have tried shows that this port, and every other port I checked, are all firmly closed.
I am totally at a loss what to try next, and am here seeking suggestions. Anyone?
See if this thread helps in dealing with ufw: https://ubuntuforums.org/showthread.php?t=833844. If not, do you know enough about iptables to work directly with it? In effect UFW is a front end for iptables which is a front end for the actual kernel module that does the work of the firewall. You can list the rules in the filter and nat tables and then follow an imaginary packet through to see what happens or doesn't happen, but you have to know how iptables works.
I know very little about IPtables. I just want to turn off the firewall in Ubuntu totally and let everything through. In the old days, when I used to use Slackware, there was no firewall unless I set one up. But Ubuntu is firewalled somehow by default. I don't want a firewall on my computer, as I have one already in the router and neither want nor need another. So how can I get rid of all firewalling in Ubuntu and leave it up to the router?
Ahh, slightly different from what I understood from your original post. Turning off the firewall on your computer is simple. First, through the GUI disable ufw or through the command line: 'sudo ufw disable'. Then, through the command line: sudo iptables -L. There should be no rules other than the policy for each chain. If there are rules in any chain, sudo iptables -F . Then the following three commands:
If there are any other chains shown in the listing, sudo iptables -X <chan name> fpr each of them.
You probably ought to at least check the nat table (sudo iptables -t nat -L) to make sure it is clean and if not flush its chains and set the default policies to ACCEPT. Just to be on the safe side do the same with the mangle table (-t mangle).
This is a lot more than you probably HAVE to do since all the tables are probably clean after disabling ufw, but this way you KNOW there is nothing unless you at some point installed another firewall, which I doubt.
So ufw seems to still be around. I don't understand what any of this means.
Anyway, I tried the port check again and it is still closed
It shouldn't have to be this complicated...
And for goodness sakes, yesterday it was working!
It looks like you have no operational firewall, at least in the filter table. You might check the nat and mangle tables just to be sure (iptables -t nat -L and iptables -t mangle -L). Then for simplicity's sake go through and delete all the ufw chains in the filter table: sudo iptables -X ufw-track-output, etc. One command for each chain. They are doing nothing except cluttering your listing. Once iptables shows a clean listing and policies of ACCEPT then you have no firewall operating on your computer. Your problem then would appear to be with your router. Removing or shutting off the firewall on the router is not going to help with port forwarding, in fact it will prevent it. Somewhere in your configuration of the router (usually a browser page of some sort) should be a port forwarding section which will require the input port the packet will arrive on, the ip of the computer you want it sent to and the port on that computer to send it to.
As for 'chains' in iptables they are simply groups of rules. In the filter table (the main table, for example) a packet arrives at one of the permanent chains (INPUT, FORWARD or OUTPUT) and moves from top down through each rule. If no rule applies, then the policy for that chain is executed. If it matches a rule, then the rule is executed. A rule can be a terminating rule (DROP, REJECT or ACCEPT) or it can send the packet to another chain (group of rules). If the packet does not match a terminating rule there then it comes back and continues down the chain. Of course it it does match a terminating rule in any chain it is traversing the rule is executed and the processing of that packet stops. In the filter table only the INPUT, FORWARD and OUTPUT chains have policies that are executed if no rules are matched. This is a simplification but should give you some idea of how it works. Consider it a series of sieves moving from large to small.
All this means nothing to me.
I feel like a blind woman in a coal-cellar looking for a black cat that isn't there!
So - the router. Yes, I set up port forwarding there. I do know how to do it. I have set the firewall security to "low", which is says is the setting which allows port forwarding rules to be implemented. I have done all this stuff so many times to get p2p networks running and never had this kind of trouble before. If the router is busted there is nothing I can do about it because it's not mine, it is provided by the ISP. If it connects to the internet it is working, as far as they are concerned. But yesterday it was working. I had open ports. Today I don't, and nothing else changed.
AFAIK ubuntu doesnt come with a configured firewall, it has no firewall rules.
Since your iptables rules doesn't show any rules , which means all traffic is allowed, If I were you , I would look into the router more carefully, since port forwarding is the router's job.
If you still think its a firewall issue , uninstall ufw :
AFAIK ubuntu doesnt come with a configured firewall, it has no firewall rules.
True, but it comes set up with all ports closed to incoming connections. If you want to change that, you have to change the rules (I guess they are iptables rules) and the way I was told to do that is to use gufw. I did that, turned on the firewall and set the policies for both outgoing and incoming traffic (all ports) to "allow". That worked, and I could forward ports from the router. Just yesterday I needed to forward two additional ports, so I used the router interface to do that, tested the result, and found that they were both open, as desired. Today I needed to make a couple of changes to the port numbers forwarded, and after I did that they were all closed, and nothing I could do succeeded in opening them again.
I can't do anything about the router because it belongs to the ISP and is configured for my account. If it didn't work I could ask for a new one, but it does work, as it connects me to the internet. But as it still works well in all other respects it is unlikely that just the port-forwarding bit would have gone wrong, don't you think?
If all ports on your computer are open then the problem is likely not your computer. You might run nmap to do a test on your computer to to be sure - run it against the specific ports you are interested in. So, that indicates the problem probably lies with the firewall on your router. I have no idea how it operates, but it sounds to me as if either there is something wrong with the port forwarding instructions or even though you have told it for forward the port(s) there is something else that is telling it to close them. You say the forwarding instructions are correct so that leaves the latter. All I can suggest is that you go through the firewall setup with a fine toothed comb and see if there is something in there that tells it to close the port(s) or a range of ports including the ones you are interested in. If that fails, it is probably time to call your ISP and have their people see if they can figure it out.
This is very strange! Last night I decided to try downloading a torrent even though the port I use was still closed. I was surprised to see many incoming connections from peers, so I ran the port scanner again, and now it showed the port to be open. After the download had completed I closed the application, and checked the port again, and it now showed as closed. I don't understand this at all. In the past, whenever I had a port forwarded from a router, any port scanner would see it as open, whether any application was binding to that port or not. But now it seems that it appears to be closed to any port scanner unless and until an application has bound to it. Is this possible? If so, how does it happen? Can anyone enlighten me? I think I have been barking up the wrong tree altogether, and seeing a problem where in fact none existed!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.